NEWS revision 0db83ad7334809a6605501e24bad55f3b652c072
d657c51f14601d0235434ffb78cf6ac0f27cc83cLennart Poetteringsystemd System and Service Manager
6936cd8926b6935364874b3701e86fe823e8c4ceLennart PoetteringCHANGES WITH 222:
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * The udev accelerometer helper was removed. The functionality
69beda1f75070b36d0562e4050cd567bf2da5a87Kay Sievers is now fully included in iio-sensor-proxy. But this means,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering older iio-sensor-proxy versions will no longer provide
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering accelerometer/orientation data with this systemd version.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Please upgrade iio-sensor-proxy to version 1.0.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Tom Gundersen, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering -- Berlin, 2015-07-XX
6936cd8926b6935364874b3701e86fe823e8c4ceLennart PoetteringCHANGES WITH 221:
69beda1f75070b36d0562e4050cd567bf2da5a87Kay Sievers * The sd-bus.h and sd-event.h APIs have now been declared
69beda1f75070b36d0562e4050cd567bf2da5a87Kay Sievers stable and have been added to the official interface of
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering libsystemd.so. sd-bus implements an alternative D-Bus client
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering library, that is relatively easy to use, very efficient and
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering supports both classic D-Bus as well as kdbus as transport
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering backend. sd-event is a generic event loop abstraction that
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering is built around Linux epoll, but adds features such as event
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek prioritization or efficient timer handling. Both APIs are good
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek choices for C programs looking for a bus and/or event loop
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering implementation that is minimal and does not have to be
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering portable to other kernels.
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek * kdbus support is no longer compile-time optional. It is now
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering always built-in. However, it can still be disabled at
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering runtime using the kdbus=0 kernel command line setting, and
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering that setting may be changed to default to off, by specifying
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek --disable-kdbus at build-time. Note though that the kernel
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering command line setting has no effect if the kdbus.ko kernel
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering module is not installed, in which case kdbus is (obviously)
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering also disabled. We encourage all downstream distributions to
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering begin testing kdbus by adding it to the kernel images in the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering development distributions, and leaving kdbus support in
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek systemd enabled.
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek * The minimal required util-linux version has been bumped to
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * Support for chkconfig (--enable-chkconfig) was removed in
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering favor of calling an abstraction tool
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering /lib/systemd/systemd-sysv-install. This needs to be
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering implemented for your distribution. See "SYSV INIT.D SCRIPTS"
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering in README for details.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * If there's a systemd unit and a SysV init script for the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering same service name, and the user executes "systemctl enable"
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering for it (or a related call), then this will now enable both
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering (or execute the related operation on both), not just the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * The libudev API documentation has been converted from gtkdoc
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering into man pages.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * gudev has been removed from the systemd tree, it is now an
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering external project.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * The systemd-cgtop tool learnt a new --raw switch to generate
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering "raw" (machine parsable) output.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * networkd's IPForwarding= .network file setting learnt the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering new setting "kernel", which ensures that networkd does not
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering change the IP forwarding sysctl from the default kernel
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * The systemd-logind bus API now exposes a new boolean
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering property "Docked" that reports whether logind considers the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering system "docked", i.e. connected to a docking station or not.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Contributions from: Alex Crawford, Andreas Pokorny, Andrei
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
68dd0956ef9d607e6ff9aea15883a2c290a33c2aTom Gundersen Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
68dd0956ef9d607e6ff9aea15883a2c290a33c2aTom Gundersen Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
68dd0956ef9d607e6ff9aea15883a2c290a33c2aTom Gundersen Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
68dd0956ef9d607e6ff9aea15883a2c290a33c2aTom Gundersen Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
68dd0956ef9d607e6ff9aea15883a2c290a33c2aTom Gundersen Fink, Zbigniew Jędrzejewski-Szmek
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering -- Berlin, 2015-06-19
6936cd8926b6935364874b3701e86fe823e8c4ceLennart PoetteringCHANGES WITH 220:
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * The gudev library has been extracted into a separate repository
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering available at: https://git.gnome.org/browse/libgudev/
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering It is now managed as part of the Gnome project. Distributions
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering are recommended to pass --disable-gudev to systemd and use
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering gudev from the Gnome project instead. gudev is still included
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering in systemd, for now. It will be removed soon, though. Please
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering also see the announcement-thread on systemd-devel:
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * systemd now exposes a CPUUsageNSec= property for each
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering service unit on the bus, that contains the overall consumed
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering CPU time of a service (the sum of what each process of the
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering service consumed). This value is only available if
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering CPUAccounting= is turned on for a service, and is then shown
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering in the "systemctl status" output.
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering * Support for configuring alternative mappings of the old SysV
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering runlevels to systemd targets has been removed. They are now
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering hardcoded in a way that runlevels 2, 3, 4 all map to
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering multi-user.target and 5 to graphical.target (which
6936cd8926b6935364874b3701e86fe823e8c4ceLennart Poettering previously was already the default behaviour).
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * The auto-mounter logic gained support for mount point
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering expiry, using a new TimeoutIdleSec= setting in .automount
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * The EFI System Partition (ESP) as mounted to /boot by
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering systemd-efi-boot-generator will now be unmounted
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering automatically after 2 minutes of not being used. This should
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering minimize the risk of ESP corruptions.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * New /etc/fstab options x-systemd.requires= and
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering x-systemd.requires-mounts-for= are now supported to express
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering additional dependencies for mounts. This is useful for
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering journalling file systems that support external journal
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering devices or overlay file systems that require underlying file
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering systems to be mounted.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd does not support direct live-upgrades (via systemctl
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering daemon-reexec) from versions older than v44 anymore. As no
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering distribution we are aware of shipped such old versions in a
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering stable release this should not be problematic.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * When systemd forks off a new per-connection service instance
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering it will now set the $REMOTE_ADDR environment variable to the
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering remote IP address, and $REMOTE_PORT environment variable to
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering the remote IP port. This behaviour is similar to the
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering corresponding environment variables defined by CGI.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-networkd gained support for uplink failure
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering detection. The BindCarrier= option allows binding interface
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering configuration dynamically to the link sense of other
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering interfaces. This is useful to achieve behaviour like in
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering network switches.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-networkd gained support for configuring the DHCP
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering client identifier to use when requesting leases.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-networkd now has a per-network UseNTP= option to
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering configure whether NTP server information acquired via DHCP
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering is passed on to services like systemd-timesyncd.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-networkd gained support for vti6 tunnels.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * Note that systemd-networkd manages the sysctl variable
70a44afee385c4afadaab9a002b3f9dd44aedf4aJan Engelhardt /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering it is configured for since v219. The variable controls IP
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering forwarding, and is a per-interface alternative to the global
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering /proc/sys/net/ipv[46]/ip_forward. This setting is
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering configurable in the IPForward= option, which defaults to
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering "no". This means if networkd is used for an interface it is
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering no longer sufficient to set the global sysctl option to turn
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering on IP forwarding! Instead, the .network file option
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering IPForward= needs to be turned on! Note that the
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering implementation of this behaviour was broken in v219 and has
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering been fixed in v220.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * Many bonding and vxlan options are now configurable in
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering systemd-networkd.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-nspawn gained a new --property= setting to set unit
b8bde11658366290521e3d03316378b482600323Jan Engelhardt properties for the container scope. This is useful for
b8bde11658366290521e3d03316378b482600323Jan Engelhardt setting resource parameters (e.g "CPUShares=500") on
b8bde11658366290521e3d03316378b482600323Jan Engelhardt containers started from the command line.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-nspawn gained a new --private-users= switch to make
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering use of user namespacing available on recent Linux kernels.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-nspawn may now be called as part of a shell pipeline
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering in which case the pipes used for stdin and stdout are passed
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering directly to the process invoked in the container, without
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering indirection via a pseudo tty.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-nspawn gained a new switch to control the UNIX
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering signal to use when killing the init process of the container
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering when shutting down.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-nspawn gained a new --overlay= switch for mounting
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering overlay file systems into the container using the new kernel
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering overlayfs support.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * When a container image is imported via systemd-importd and
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering the host file system is not btrfs, a loopback block device
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering file is created in /var/lib/machines.raw with a btrfs file
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering system inside. It is then mounted to /var/lib/machines to
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering enable btrfs features for container management. The loopback
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering file and btrfs file system is grown as needed when container
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering images are imported via systemd-importd.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-machined/systemd-importd gained support for btrfs
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering quota, to enforce container disk space limits on disk. This
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering is exposed in "machinectl set-limit".
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-importd now can import containers from local .tar,
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering .raw and .qcow2 images, and export them to .tar and .raw. It
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering can also import dkr v2 images now from the network (on top
b8bde11658366290521e3d03316378b482600323Jan Engelhardt of v1 as before).
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-importd gained support for verifying downloaded
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering images with gpg2 (previously only gpg1 was supported).
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-machined, systemd-logind, systemd: most bus calls
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering are now accessible to unprivileged processes via
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering PolicyKit. Also, systemd-logind will now allow users to kill
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering their own sessions without further privileges or
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering authorization.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * systemd-shutdownd has been removed. This service was
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering previously responsible for implementing scheduled shutdowns
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering as exposed in /usr/bin/shutdown's time parameter. This
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering functionality has now been moved into systemd-logind and is
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering accessible via a bus interface.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * "systemctl reboot" gained a new switch --firmware-setup that
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering can be used to reboot into the EFI firmware setup, if that
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering is available. systemd-logind now exposes an API on the bus
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering to trigger such reboots, in case graphical desktop UIs want
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering to cover this functionality.
b8bde11658366290521e3d03316378b482600323Jan Engelhardt * "systemctl enable", "systemctl disable" and "systemctl mask"
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering now support a new "--now" switch. If specified the units
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering that are enabled will also be started, and the ones
b8bde11658366290521e3d03316378b482600323Jan Engelhardt * The Gummiboot EFI boot loader tool has been merged into
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering systemd, and renamed to "systemd-boot". The bootctl tool has been
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering updated to support systemd-boot.
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt * An EFI kernel stub has been added that may be used to create
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt kernel EFI binaries that contain not only the actual kernel,
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering but also an initrd, boot splash, command line and OS release
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering information. This combined binary can then be signed as a
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering single image, so that the firmware can verify it all in one
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering step. systemd-boot has special support for EFI binaries created
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering like this and can extract OS release information from them
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering and show them in the boot menu. This functionality is useful
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering to implement cryptographically verified boot schemes.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * Optional support has been added to systemd-fsck to pass
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering fsck's progress report to an AF_UNIX socket in the file
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * udev will no longer create device symlinks for all block
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering devices by default. A blacklist for excluding special block
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering devices from this logic has been turned into a whitelist
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering that requires picking block devices explicitly that require
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering device symlinks.
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering * A new (currently still internal) API sd-device.h has been
51c61cda1a542c9e999bfdc6aab4a029c0ae7f5aLennart Poettering added to libsystemd. This modernized API is supposed to
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering replace libudev eventually. In fact, already much of libudev
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering is now just a wrapper around sd-device.h.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * A new hwdb database for storing metadata about pointing
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering stick devices has been added.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd-tmpfiles gained support for setting file attributes
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering similar to the "chattr" tool with new 'h' and 'H' lines.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd-journald will no longer unconditionally set the
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering btrfs NOCOW flag on new journal files. This is instead done
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering with tmpfiles snippet using the new 'h' line type. This
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering allows easy disabling of this logic, by masking the
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd-journald will now translate audit message types to
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering human readable identifiers when writing them to the
f1721625e7145977ba705e169580f2eb0002600cNis Martensen journal. This should improve readability of audit messages.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * The LUKS logic gained support for the offset= and skip=
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering options in /etc/crypttab, as previously implemented by
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * /usr/lib/os-release gained a new optional field VARIANT= for
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering distributions that support multiple variants (such as a
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering desktop edition, a server edition, ...)
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
b8bde11658366290521e3d03316378b482600323Jan Engelhardt Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
b8bde11658366290521e3d03316378b482600323Jan Engelhardt Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Michael Biebl, Michael Marineau, Michael Olbrich, Michal
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering -- Berlin, 2015-05-22
699b6b3491dc265ead79602404ad67ccdacae302Lennart PoetteringCHANGES WITH 219:
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * Introduce a new API "sd-hwdb.h" for querying the hardware
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering metadata database. With this minimal interface one can query
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering and enumerate the udev hwdb, decoupled from the old libudev
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering library. libudev's interface for this is now only a wrapper
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering around sd-hwdb. A new tool systemd-hwdb has been added to
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering interface with and update the database.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * When any of systemd's tools copies files (for example due to
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering tmpfiles' C lines) a btrfs reflink will attempted first,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering before bytewise copying is done.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd-nspawn gained a new --ephemeral switch. When
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering specified a btrfs snapshot is taken of the container's root
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering directory, and immediately removed when the container
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering terminates again. Thus, a container can be started whose
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering changes never alter the container's root directory, and are
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering lost on container termination. This switch can also be used
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering for starting a container off the root file system of the
4ef6e535e30c67d4ff34b2ca785e555dbaeac14eKay Sievers host without affecting the host OS. This switch is only
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering available on btrfs file systems.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd-nspawn gained a new --template= switch. It takes the
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering path to a container tree to use as template for the tree
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering specified via --directory=, should that directory be
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering missing. This allows instantiating containers dynamically,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering on first run. This switch is only available on btrfs file
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * When a .mount unit refers to a mount point on which multiple
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering mounts are stacked, and the .mount unit is stopped all of
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering the stacked mount points will now be unmounted until no
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering mount point remains.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * systemd now has an explicit notion of supported and
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering unsupported unit types. Jobs enqueued for unsupported unit
4ef6e535e30c67d4ff34b2ca785e555dbaeac14eKay Sievers types will now fail with an "unsupported" error code. More
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering specifically .swap, .automount and .device units are not
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering supported in containers, .busname units are not supported on
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering non-kdbus systems. .swap and .automount are also not
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering supported if their respective kernel compile time options
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * machinectl gained support for two new "copy-from" and
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering "copy-to" commands for copying files from a running
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering container to the host or vice versa.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * machinectl gained support for a new "bind" command to bind
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering mount host directories into local containers. This is
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering currently only supported for nspawn containers.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * networkd gained support for configuring bridge forwarding
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering database entries (fdb) from .network files.
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering * A new tiny daemon "systemd-importd" has been added that can
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering download container images in tar, raw, qcow2 or dkr formats,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering and make them available locally in /var/lib/machines, so
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering that they can run as nspawn containers. The daemon can GPG
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering verify the downloads (not supported for dkr, since it has no
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering provisions for verifying downloads). It will transparently
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering decompress bz2, xz, gzip compressed downloads if necessary,
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering and restore sparse files on disk. The daemon uses privilege
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering separation to ensure the actual download logic runs with
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering fewer privileges than the deamon itself. machinectl has
13b28d822462e9a0a7130ad40bed08cb380082f0Lennart Poettering gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
699b6b3491dc265ead79602404ad67ccdacae302Lennart Poettering make the functionality of importd available to the
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering user. With this in place the Fedora and Ubuntu "Cloud"
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering images can be downloaded and booted as containers unmodified
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering (the Fedora images lack the appropriate GPG signature files
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering currently, so they cannot be verified, but this will change
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering soon, hopefully). Note that downloading images is currently
67dd87c51b1ba254dc6a0eeae41762aace40addaLennart Poettering only fully supported on btrfs.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * machinectl is now able to list container images found in
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering /var/lib/machines, along with some metadata about sizes of
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering disk and similar. If the directory is located on btrfs and
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering quota is enabled, this includes quota display. A new command
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering "image-status" has been added that shows additional
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering information about images.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * machinectl is now able to clone container images
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering efficiently, if the underlying file system (btrfs) supports
ed28905eecf631916f03edd0a7dfad8b0a177990Kay Sievers it, with the new "machinectl list-images" command. It also
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering gained commands for renaming and removing images, as well as
b8bde11658366290521e3d03316378b482600323Jan Engelhardt marking them read-only or read-write (supported also on
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering legacy file systems).
ed28905eecf631916f03edd0a7dfad8b0a177990Kay Sievers * networkd gained support for collecting LLDP network
b8bde11658366290521e3d03316378b482600323Jan Engelhardt announcements, from hardware that supports this. This is
ed28905eecf631916f03edd0a7dfad8b0a177990Kay Sievers shown in networkctl output.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * systemd-run gained support for a new -t (--pty) switch for
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering invoking a binary on a pty whose input and output is
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering connected to the invoking terminal. This allows executing
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering processes as system services while interactively
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering communicating with them via the terminal. Most interestingly
949138ccc3417748b0978980e4a1c67955dd4ba4Ansgar Burchardt this is supported across container boundaries. Invoking
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering "systemd-run -t /bin/bash" is an alternative to running a
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering full login session, the difference being that the former
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering will not register a session, nor go through the PAM session
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * tmpfiles gained support for a new "v" line type for creating
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering btrfs subvolumes. If the underlying file system is a legacy
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering file system, this automatically degrades to creating a
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering normal directory. Among others /var/lib/machines is now
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering created like this at boot, should it be missing.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * The directory /var/lib/containers/ has been deprecated and
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering been replaced by /var/lib/machines. The term "machines" has
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering been used in the systemd context as generic term for both
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering VMs and containers, and hence appears more appropriate for
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering this, as the directory can also contain raw images bootable
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * systemd-nspawn when invoked with -M but without --directory=
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering or --image= is now capable of searching for the container
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering root directory, subvolume or disk image automatically, in
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering /var/lib/machines. systemd-nspawn@.service has been updated
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering to make use of this, thus allowing it to be used for raw
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering disk images, too.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * A new machines.target unit has been introduced that is
ed28905eecf631916f03edd0a7dfad8b0a177990Kay Sievers supposed to group all containers/VMs invoked as services on
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering the system. systemd-nspawn@.service has been updated to
b8bde11658366290521e3d03316378b482600323Jan Engelhardt integrate with that.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * machinectl gained a new "start" command, for invoking a
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering container as a service. "machinectl start foo" is mostly
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering equivalent to "systemctl start systemd-nspawn@foo.service",
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering but handles escaping in a nicer way.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * systemd-nspawn will now mount most of the cgroupfs tree
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering read-only into each container, with the exception of the
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering container's own subtree in the name=systemd hierarchy.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * journald now sets the special FS_NOCOW file flag for its
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering journal files. This should improve performance on btrfs, by
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering avoiding heavy fragmentation when journald's write-pattern
b8bde11658366290521e3d03316378b482600323Jan Engelhardt is used on COW file systems. It degrades btrfs' data
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering integrity guarantees for the files to the same levels as for
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering ext3/ext4 however. This should be OK though as journald does
b8bde11658366290521e3d03316378b482600323Jan Engelhardt its own data integrity checks and all its objects are
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering checksummed on disk. Also, journald should handle btrfs disk
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering full events a lot more gracefully now, by processing SIGBUS
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering errors, and not relying on fallocate() anymore.
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering * When journald detects that journal files it is writing to
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering have been deleted it will immediately start new journal
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering * systemd now provides a way to store file descriptors
b8bde11658366290521e3d03316378b482600323Jan Engelhardt per-service in PID 1.This is useful for daemons to ensure
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering that fds they require are not lost during a daemon
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering restart. The fds are passed to the deamon on the next
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt invocation in the same way socket activation fds are
ed28905eecf631916f03edd0a7dfad8b0a177990Kay Sievers passed. This is now used by journald to ensure that the
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering various sockets connected to all the system's stdout/stderr
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering are not lost when journald is restarted. File descriptors
d27893efdf652c6d85ea590fa0b7c2b88f817083Lennart Poettering may be stored in PID 1 via the sd_pid_notify_with_fds() API,
13b28d822462e9a0a7130ad40bed08cb380082f0Lennart Poettering an extension to sd_notify(). Note that a limit is enforced
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering on the number of fds a service can store in PID 1, and it
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering defaults to 0, so that no fds may be stored, unless this is
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering explicitly turned on.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * The default TERM variable to use for units connected to a
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering terminal, when no other value is explicitly is set is now
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering vt220 rather than vt102. This should be fairly safe still,
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering but allows PgUp/PgDn work.
43c71255b3db02916f4f70afa18bab196c6f4a45Lennart Poettering * The /etc/crypttab option header= as known from Debian is now
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * "loginctl user-status" and "loginctl session-status" will
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering now show the last 10 lines of log messages of the
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John user/session following the status output. Similar,
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John "machinectl status" will show the last 10 log lines
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt associated with a virtual machine or container
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John service. (Note that this is usually not the log messages
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John done in the VM/container itself, but simply what the
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt container manager logs. For nspawn this includes all console
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek output however.)
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * "loginctl session-status" without further argument will now
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek show the status of the session of the caller. Similar,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "lock-session", "unlock-session", "activate",
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "enable-linger", "disable-linger" may now be called without
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt session/user parameter in which case they apply to the
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt * An X11 session scriptlet is now shipped that uploads
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering $DISPLAY and $XAUTHORITY into the environment of the systemd
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering --user daemon if a session begins. This should improve
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering compatibility with X11 enabled applications run as systemd
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering user services.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * Generators are now subject to masking via /etc and /run, the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering same way as unit files.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * networkd .network files gained support for configuring
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt per-link IPv4/IPv6 packet forwarding as well as IPv4
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering masquerading. This is by default turned on for veth links to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering containers, as registered by systemd-nspawn. This means that
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering nspawn containers run with --network-veth will now get
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering automatic routed access to the host's networks without any
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John further configuration or setup, as long as networkd runs on
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-nspawn gained the --port= (-p) switch to expose TCP
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering or UDP posts of a container on the host. With this in place
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek it is possible to run containers with private veth links
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek (--network-veth), and have their functionality exposed on
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek the host as if their services were running directly on the
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek * systemd-nspawn's --network-veth switch now gained a short
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek version "-n", since with the changes above it is now truly
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek useful out-of-the-box. The systemd-nspawn@.service has been
dfb08b058401d56c395f4f2d20ff214d31a277e5Zbigniew Jędrzejewski-Szmek updated to make use of it too by default.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-nspawn will now maintain a per-image R/W lock, to
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt ensure that the same image is not started more than once
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering writable. (It's OK to run an image multiple times
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering simultaneously in read-only mode.)
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-nspawn's --image= option is now capable of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering dissecting and booting MBR and GPT disk images that contain
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering only a single active Linux partition. Previously it
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt supported only GPT disk images with proper GPT type
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering IDs. This allows running cloud images from major
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering distributions directly with systemd-nspawn, without
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * In addition to collecting mouse dpi data in the udev
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering hardware database, there's now support for collecting angle
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering information for mouse scroll wheels. The database is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering supposed to guarantee similar scrolling behavior on mice
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering that it knows about. There's also support for collecting
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering information about Touchpad types.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * udev's input_id built-in will now also collect touch screen
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering dimension data and attach it to probed devices.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * /etc/os-release gained support for a Distribution Privacy
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Policy link field.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * networkd gained support for creating "ipvlan", "gretap",
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "ip6gre", "ip6gretap" and "ip6tnl" network devices.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-tmpfiles gained support for "a" lines for setting
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering ACLs on files.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-nspawn will now mount /tmp in the container to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering tmpfs, automatically.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd now exposes the memory.usage_in_bytes cgroup
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers attribute and shows it for each service in the "systemctl
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering status" output, if available.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * When the user presses Ctrl-Alt-Del more than 7x within 2s an
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering immediate reboot is triggered. This useful if shutdown is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering hung and is unable to complete, to expedite the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering operation. Note that this kind of reboot will still unmount
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering all file systems, and hence should not result in fsck being
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering run on next reboot.
7e95eda5b36f4a5259e1e86989b5aee824d83d03Patrik Flykt * A .device unit for an optical block device will now be
7e95eda5b36f4a5259e1e86989b5aee824d83d03Patrik Flykt considered active only when a medium is in the drive. Also,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering mount units are now bound to their backing devices thus
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering triggering automatic unmounting when devices become
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt unavailable. With this in place systemd will now
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John automatically unmount left-over mounts when a CD-ROM is
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John ejected or an USB stick is yanked from the system.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * networkd-wait-online now has support for waiting for
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering specific interfaces only (with globbing), and for giving up
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering after a configurable timeout.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * networkd now exits when idle. It will be automatically
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering restarted as soon as interfaces show up, are removed or
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering change state. networkd will stay around as long as there is
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John at least one DHCP state machine or similar around, that keep
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * networkd may now configure IPv6 link-local addressing in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering addition to IPv4 link-local addressing.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The IPv6 "token" for use in SLAAC may now be configured for
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering each .network interface in networkd.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Routes configured with networkd may now be assigned a scope
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering in .network files.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * networkd's [Match] sections now support globbing and lists
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John of multiple space-separated matches per item.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Hoffmann, Zbigniew Jędrzejewski-Szmek
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers -- Berlin, 2015-02-16
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart PoetteringCHANGES WITH 218:
270f1624022039b370b9db311f9d33492833ad24Lennart Poettering * When querying unit file enablement status (for example via
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering "systemctl is-enabled"), a new state "indirect" is now known
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering which indicates that a unit might not be enabled itself, but
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt another unit listed in its Alias= setting might be.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * Similar to the various existing ConditionXYZ= settings for
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering units there are now matching AssertXYZ= settings. While
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering failing conditions cause a unit to be skipped, but its job
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to succeed, failing assertions declared like this will cause
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering a unit start operation and its job to fail.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * hostnamed now knows a new chassis type "embedded".
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemctl gained a new "edit" command. When used on a unit
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering file this allows extending unit files with .d/ drop-in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering configuration snippets or editing the full file (after
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering copying it from /usr/lib to /etc). This will invoke the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering user's editor (as configured with $EDITOR), and reload the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering modified configuration after editing.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * "systemctl status" now shows the suggested enablement state
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering for a unit, as declared in the (usually vendor-supplied)
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering system preset files.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * nss-myhostname will now resolve the single-label host name
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek "gateway" to the locally configured default IP routing
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek gateways, ordered by their metrics. This assigns a stable
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering name to the used gateways, regardless which ones are
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering currently configured. Note that the name will only be
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering resolved after all other name sources (if nss-myhostname is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering configured properly) and should hence not negatively impact
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt systems that use the single-label host name "gateway" in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering other contexts.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-inhibit now allows filtering by mode when listing
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Scope and service units gained a new "Delegate" boolean
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering property, which when set allows processes running inside the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering unit to further partition resources. This is primarily
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering useful for systemd user instances as well as container
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * journald will now pick up audit messages directly from
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the kernel, and log them like any other log message. The
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering audit fields are split up and fully indexed. This means that
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering journalctl in many ways is now a (nicer!) alternative to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering ausearch, the traditional audit client. Note that this
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering implements only a minimal audit client, if you want the
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering special audit modes like reboot-on-log-overflow, please use
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering the traditional auditd instead, which can be used in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering parallel to journald.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The ConditionSecurity= unit file option now understands the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering special string "audit" to check whether auditing is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * journalctl gained two new commands --vacuum-size= and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering --vacuum-time= to delete old journal files until the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering remaining ones take up no more the specified size on disk,
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt or are not older than the specified time.
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt * A new, native PPPoE library has been added to sd-network,
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek systemd's library of light-weight networking protocols. This
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek library will be used in a future version of networkd to
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek enable PPPoE communication without an external pppd daemon.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The busctl tool now understands a new "capture" verb that
c0c5af00bec95567435bdfb818c69b2b669adfedDaniel Buch works similar to "monitor", but writes a packet capture
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt trace to STDOUT that can be redirected to a file which is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering compatible with libcap's capture file format. This can then
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt be loaded in Wireshark and similar tools to inspect bus
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt communication.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The busctl tool now understands a new "tree" verb that shows
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John the object trees of a specific service on the bus, or of all
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering * The busctl tool now understands a new "introspect" verb that
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering shows all interfaces and members of objects on the bus,
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering including their signature and values. This is particularly
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering useful to get more information about bus objects shown by
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John the new "busctl tree" command.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The busctl tool now understands new verbs "call",
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt "set-property" and "get-property" for invoking bus method
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering calls, setting and getting bus object properties in a
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering * busctl gained a new --augment-creds= argument that controls
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering whether the tool shall augment credential information it
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering gets from the bus with data from /proc, in a possibly
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering * nspawn's --link-journal= switch gained two new values
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering "try-guest" and "try-host" that work like "guest" and
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering "host", but do not fail if the host has no persistent
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John journalling enabled. -j is now equivalent to
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt --link-journal=try-guest.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * macvlan network devices created by nspawn will now have
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering stable MAC addresses.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * A new SmackProcessLabel= unit setting has been added, which
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John controls the SMACK security label processes forked off by
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John the respective unit shall use.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt * If compiled with --enable-xkbcommon, systemd-localed will
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering verify x11 keymap settings by compiling the given keymap. It
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering will spew out warnings if the compilation fails. This
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt requires libxkbcommon to be installed.
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers * When a coredump is collected a larger number of metadata
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers fields is now collected and included in the journal records
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers created for it. More specifically control group membership,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering environment variables, memory maps, working directory,
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John chroot directory, /proc/$PID/status, and a list of open file
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt descriptors is now stored in the log entry.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt * The udev hwdb now contains DPI information for mice. For
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers * All systemd programs that read standalone configuration
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John files in /etc now also support a corresponding series of
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers .conf.d configuration directories in /etc/, /run/,
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers /usr/local/lib/, /usr/lib/, and (if configured with
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers --enable-split-usr) /lib/. In particular, the following
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers configuration files now have corresponding configuration
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers directories: system.conf user.conf, logind.conf,
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers journald.conf, sleep.conf, bootchart.conf, coredump.conf,
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers resolved.conf, timesyncd.conf, journal-remote.conf, and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering journal-upload.conf. Note that distributions should use the
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt configuration directories in /usr/lib/; the directories in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering /etc/ are reserved for the system administrator.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-rfkill will no longer take the rfkill device name
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering into account when storing rfkill state on disk, as the name
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering might be dynamically assigned and not stable. Instead, the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering ID_PATH udev variable combined with the rfkill type (wlan,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering bluetooth, ...) is used.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * A new service systemd-machine-id-commit.service has been
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering added. When used on systems where /etc is read-only during
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering boot, and /etc/machine-id is not initialized (but an empty
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering file), this service will copy the temporary machine ID
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering created as replacement into /etc after the system is fully
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering booted up. This is useful for systems that are freshly
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering installed with a non-initialized machine ID, but should get
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John a fixed machine ID for subsequent boots.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * networkd's .netdev files now provide a large set of
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek configuration parameters for VXLAN devices. Similar, the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering bridge port cost parameter is now configurable in .network
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering files. There's also new support for configuring IP source
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering routing. networkd .link files gained support for a new
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek OriginalName= match that is useful to match against the
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek original interface name the kernel assigned. .network files
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek may include MTU= and MACAddress= fields for altering the MTU
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering and MAC address while being connected to a specific network
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * The LUKS logic gained supported for configuring
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering UUID-specific key files. There's also new support for naming
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering LUKS device from the kernel command line, using the new
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * Timer units may now be transiently created via the bus API
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek (this was previously already available for scope and service
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek units). In addition it is now possible to create multiple
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering transient units at the same time with a single bus call. The
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "systemd-run" tool has been updated to make use of this for
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John running commands on a specified time, in at(1)-style.
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering * tmpfiles gained support for "t" lines, for assigning
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering extended attributes to files. Among other uses this may be
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering used to assign SMACK labels to files.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt Contributions from: Alin Rauta, Alison Chaiken, Andrej
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Michael Biebl, Michael Chapman, Michael Marineau, Michal
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering -- Berlin, 2014-12-10
b97610038a122ff30e60b1996369ca4b979d8b19Kay SieversCHANGES WITH 217:
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * journalctl gained the new options -t/--identifier= to match
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering on the syslog identifier (aka "tag"), as well as --utc to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering show log timestamps in the UTC timezone. journalctl now also
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers accepts -n/--lines=all to disable line capping in a pager.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * journalctl gained a new switch, --flush, that synchronously
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering flushes logs from /run/log/journal to /var/log/journal if
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering persistent storage is enabled. systemd-journal-flush.service
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering now waits until the operation is complete.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Services can notify the manager before they start a reload
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering (by sending RELOADING=1) or shutdown (by sending
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering STOPPING=1). This allows the manager to track and show the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering internal state of daemons and closes a race condition when
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the process is still running but has closed its D-Bus
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek * Services with Type=oneshot do not have to have any ExecStart
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering commands anymore.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * User units are now loaded also from
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John /run/systemd/user directory that was already previously
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering supported, but is under the control of the user.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Job timeouts (i.e. time-outs on the time a job that is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering queued stays in the run queue) can now optionally result in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering immediate reboot or power-off actions (JobTimeoutAction= and
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt JobTimeoutRebootArgument=). This is useful on ".target"
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John units, to limit the maximum time a target remains
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John undispatched in the run queue, and to trigger an emergency
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John operation in such a case. This is now used by default to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering turn off the system if boot-up (as defined by everything in
6afc95b73605833e6e966af1c466b5c08feb953fLennart Poettering basic.target) hangs and does not complete for at least
6afc95b73605833e6e966af1c466b5c08feb953fLennart Poettering 15min. Also, if power-off or reboot hang for at least 30min
70a44afee385c4afadaab9a002b3f9dd44aedf4aJan Engelhardt an immediate power-off/reboot operation is triggered. This
b8bde11658366290521e3d03316378b482600323Jan Engelhardt functionality is particularly useful to increase reliability
b8bde11658366290521e3d03316378b482600323Jan Engelhardt on embedded devices, but also on laptops which might
6afc95b73605833e6e966af1c466b5c08feb953fLennart Poettering accidentally get powered on when carried in a backpack and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering whose boot stays stuck in a hard disk encryption passphrase
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * systemd-logind can be configured to also handle lid switch
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering events even when the machine is docked or multiple displays
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering are attached (HandleLidSwitchDocked= option).
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * A helper binary and a service have been added which can be
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering used to resume from hibernation in the initramfs. A
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering generator will parse the resume= option on the kernel
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering command line to trigger resume.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John * A user console daemon systemd-consoled has been
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering added. Currently, it is a preview, and will so far open a
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering single terminal on each session of the user marked as
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Desktop=systemd-console.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Route metrics can be specified for DHCP routes added by
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering systemd-networkd.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt * The SELinux context of socket-activated services can be set
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John from the information provided by the networking stack
b8bde11658366290521e3d03316378b482600323Jan Engelhardt (SELinuxContextFromNet= option).
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Userspace firmware loading support has been removed and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the minimum supported kernel version is thus bumped to 3.7.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt * Timeout for udev workers has been increased from 1 to 3
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John minutes, but a warning will be printed after 1 minute to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering help diagnose kernel modules that take a long time to load.
210054d76cf4d294533aa09256d375e33b52569fKay Sievers * Udev rules can now remove tags on devices with TAG-="foobar".
210054d76cf4d294533aa09256d375e33b52569fKay Sievers * systemd's readahead implementation has been removed. In many
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering circumstances it didn't give expected benefits even for
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering rotational disk drives and was becoming less relevant in the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering age of SSDs. As none of the developers has been using
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering rotating media anymore, and nobody stepped up to actively
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering maintain this component of systemd it has now been removed.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Swap units can use Options= to specify discard options.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Discard options specified for swaps in /etc/fstab are now
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * Docker containers are now detected as a separate type of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering virtualization.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The Password Agent protocol gained support for queries where
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the user input is shown, useful e.g. for user names.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering systemd-ask-password gained a new --echo option to turn that
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering * The default sysctl.d/ snippets will now set:
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering This selects Fair Queuing Controlled Delay as the default
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering queuing discipline for network interfaces. fq_codel helps
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering fight the network bufferbloat problem. It is believed to be
6300b3eca9e5261b73bd7f1bb9735992b127cd80Lennart Poettering a good default with no tuning required for most workloads.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Downstream distributions may override this choice. On 10Gbit
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering servers that do not do forwarding, "fq" may perform better.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering Systems without a good clocksource should use "pfifo_fast".
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * If kdbus is enabled during build a new option BusPolicy= is
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering available for service units, that allows locking all service
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering processes into a stricter bus policy, in order to limit
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering access to various bus services, or even hide most of them
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering from the service's view entirely.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * networkctl will now show the .network and .link file
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering networkd has applied to a specific interface.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * sd-login gained a new API call sd_session_get_desktop() to
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering query which desktop environment has been selected for a
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * UNIX utmp support is now compile-time optional to support
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering legacy-free systems.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * systemctl gained two new commands "add-wants" and
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering "add-requires" for pulling in units from specific targets
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * If the word "rescue" is specified on the kernel command line
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering the system will now boot into rescue mode (aka
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering rescue.target), which was previously available only by
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering specifying "1" or "systemd.unit=rescue.target" on the kernel
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt command line. This new kernel command line option nicely
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering mirrors the already existing "emergency" kernel command line
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * New kernel command line options mount.usr=, mount.usrflags=,
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering mount.usrfstype= have been added that match root=, rootflags=,
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt rootfstype= but allow mounting a specific file system to
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * The $NOTIFY_SOCKET is now also passed to control processes of
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering services, not only the main process.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * This version reenables support for fsck's -l switch. This
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering means at least version v2.25 of util-linux is required for
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering operation, otherwise dead-locks on device nodes may
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering occur. Again: you need to update util-linux to at least
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering v2.25 when updating systemd to v217.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * The "multi-seat-x" tool has been removed from systemd, as
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering its functionality has been integrated into X servers 1.16,
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering and the tool is hence redundant. It is recommended to update
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering display managers invoking this tool to simply invoke X
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering directly from now on, again.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering message flag has been added for all of systemd's PolicyKit
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering authenticated method calls has been added. In particular
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering this now allows optional interactive authorization via
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering PolicyKit for many of PID1's privileged operations such as
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering unit file enabling and disabling.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * "udevadm hwdb --update" learnt a new switch "--usr" for
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering placing the rebuilt hardware database in /usr instead of
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering /etc. When used only hardware database entries stored in
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering /usr will be used, and any user database entries in /etc are
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering ignored. This functionality is useful for vendors to ship a
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering pre-built database on systems where local configuration is
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering unnecessary or unlikely.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * Calendar time specifications in .timer units now also
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering understand the strings "semi-annually", "quarterly" and
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering "minutely" as shortcuts (in addition to the preexisting
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering "anually", "hourly", ...).
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * systemd-tmpfiles will now correctly create files in /dev
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering at boot which are marked for creation only at boot. It is
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering recommended to always create static device nodes with 'c!'
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering and 'b!', so that they are created only at boot and not
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering overwritten at runtime.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering * When the watchdog logic is used for a service (WatchdogSec=)
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering and the watchdog timeout is hit the service will now be
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering terminated with SIGABRT (instead of just SIGTERM), in order
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering to make sure a proper coredump and backtrace is
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering generated. This ensures that hanging services will result in
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering similar coredump/backtrace behaviour as services that hit a
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering segmentation fault.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering Contributions from: Andreas Henriksson, Andrei Borzenkov,
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Herrmann, David Sommerseth, David Strauss, Emil Renner
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Michael Marineau, Michael Olbrich, Michael Scherer, Michal
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering Jędrzejewski-Szmek
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering -- Berlin, 2014-10-28
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart PoetteringCHANGES WITH 216:
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * timedated no longer reads NTP implementation unit names from
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering implementations should add a
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers to their unit files to take over and replace systemd's NTP
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers default functionality.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * systemd-sysusers gained a new line type "r" for configuring
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering which UID/GID ranges to allocate system users/groups
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering from. Lines of type "u" may now add an additional column
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering that specifies the home directory for the system user to be
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering created. Also, systemd-sysusers may now optionally read user
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering information from STDIN instead of a file. This is useful for
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers invoking it from RPM preinst scriptlets that need to create
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering users before the first RPM file is installed since these
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering files might need to be owned by them. A new
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering %sysusers_create_inline RPM macro has been introduced to do
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering just that. systemd-sysusers now updates the shadow files as
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers well as the user/group databases, which should enhance
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering compatibility with certain tools like grpck.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * A number of bus APIs of PID 1 now optionally consult
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering PolicyKit to permit access for otherwise unprivileged
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering clients under certain conditions. Note that this currently
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering doesn't support interactive authentication yet, but this is
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering expected to be added eventually, too.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * /etc/machine-info now has new fields for configuring the
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering deployment environment of the machine, as well as the
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering location of the machine. hostnamectl has been updated with
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering new command to update these fields.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * systemd-timesyncd has been updated to automatically acquire
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering NTP server information from systemd-networkd, which might
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering have been discovered via DHCP.
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering * systemd-resolved now includes a caching DNS stub resolver
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering and a complete LLMNR name resolution implementation. A new
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering NSS module "nss-resolve" has been added which can be used
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering instead of glibc's own "nss-dns" to resolve hostnames via
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering systemd-resolved. Hostnames, addresses and arbitrary RRs may
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering be resolved via systemd-resolved D-Bus APIs. In contrast to
04bf3c1a60d82791e0320381e9268f727708f776Kay Sievers the glibc internal resolver systemd-resolved is aware of
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering multi-homed system, and keeps DNS server and caches separate
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering and per-interface. Queries are sent simultaneously on all
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering interfaces that have DNS servers configured, in order to
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering properly handle VPNs and local LANs which might resolve
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering separate sets of domain names. systemd-resolved may acquire
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering DNS server information from systemd-networkd automatically,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering which in turn might have discovered them via DHCP. A tool
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering "systemd-resolve-host" has been added that may be used to
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering query the DNS logic in resolved. systemd-resolved implements
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering IDNA and automatically uses IDNA or UTF-8 encoding depending
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering on whether classic DNS or LLMNR is used as transport. In the
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering next releases we intend to add a DNSSEC and mDNS/DNS-SD
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering implementation to systemd-resolved.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * A new NSS module nss-mymachines has been added, that
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering automatically resolves the names of all local registered
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering containers to their respective IP addresses.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * A new client tool "networkctl" for systemd-networkd has been
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering added. It currently is entirely passive and will query
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering networking configuration from udev, rtnetlink and networkd,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering and present it to the user in a very friendly
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering way. Eventually, we hope to extend it to become a full
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering control utility for networkd.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering * .socket units gained a new DeferAcceptSec= setting that
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering controls the kernels' TCP_DEFER_ACCEPT sockopt for
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering TCP. Similar, support for controlling TCP keep-alive
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering settings has been added (KeepAliveTimeSec=,
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering turning off Nagle's algorithm on TCP has been added
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * logind learned a new session type "web", for use in projects
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering like Cockpit which register web clients as PAM sessions.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * timer units with at least one OnCalendar= setting will now
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering be started only after timer-sync.target has been
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering reached. This way they will not elapse before the system
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering clock has been corrected by a local NTP client or
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering similar. This is particular useful on RTC-less embedded
33b521be152f67cd722695ba9a2966eda5ee6765Maciej Wereski machines, that come up with an invalid system clock.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * systemd-nspawn's --network-veth= switch should now result in
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering stable MAC addresses for both the outer and the inner side
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * systemd-nspawn gained a new --volatile= switch for running
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering container instances with /etc or /var unpopulated.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * The kdbus client code has been updated to use the new Linux
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering 3.17 memfd subsystem instead of the old kdbus-specific one.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * systemd-networkd's DHCP client and server now support
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering FORCERENEW. There are also new configuration options to
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering configure the vendor client identifier and broadcast mode
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * systemd will no longer inform the kernel about the current
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering timezone, as this is necessarily incorrect and racy as the
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering kernel has no understanding of DST and similar
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering concepts. This hence means FAT timestamps will be always
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering considered UTC, similar to what Android is already
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering doing. Also, when the RTC is configured to the local time
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering (rather than UTC) systemd will never synchronize back to it,
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt as this might confuse Windows at a later boot.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * systemd-analyze gained a new command "verify" for offline
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering validation of unit files.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * systemd-networkd gained support for a couple of additional
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering settings for bonding networking setups. Also, the metric for
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering statically configured routes may now be configured. For
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering network interfaces where this is appropriate the peer IP
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering address may now be configured.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * systemd-networkd's DHCP client will no longer request
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering broadcasting by default, as this tripped up some networks.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering For hardware where broadcast is required the feature should
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering be switched back on using RequestBroadcast=yes.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * systemd-networkd will now set up IPv4LL addresses (when
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering enabled) even if DHCP is configured successfully.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * udev will now default to respect network device names given
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering by the kernel when the kernel indicates that these are
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering predictable. This behavior can be tweaked by changing
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering NamePolicy= in the relevant .link file.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * A new library systemd-terminal has been added that
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering implements full TTY stream parsing and rendering. This
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering library is supposed to be used later on for implementing a
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering full userspace VT subsystem, replacing the current kernel
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering implementation.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering * A new tool systemd-journal-upload has been added to push
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering journal data to a remote system running
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering systemd-journal-remote.
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers * journald will no longer forward all local data to another
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers running syslog daemon. This change has been made because
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers rsyslog (which appears to be the most commonly used syslog
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers implementation these days) no longer makes use of this, and
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering instead pulls the data out of the journal on its own. Since
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering forwarding the messages to a non-existent syslog server is
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering more expensive than we assumed we have now turned this
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering off. If you run a syslog server that is not a recent rsyslog
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering version, you have to turn this option on again
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering (ForwardToSyslog= in journald.conf).
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * journald now optionally supports the LZ4 compressor for
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering larger journal fields. This compressor should perform much
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering better than XZ which was the previous default.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * machinectl now shows the IP addresses of local containers,
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering if it knows them, plus the interface name of the container.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * A new tool "systemd-escape" has been added that makes it
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering easy to escape strings to build unit names and similar.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * sd_notify() messages may now include a new ERRNO= field
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering which is parsed and collected by systemd and shown among the
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering "systemctl status" output for a service.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering * A new component "systemd-firstboot" has been added that
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering queries the most basic systemd information (timezone,
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering hostname, root password) interactively on first
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering boot. Alternatively it may also be used to provision these
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering things offline on OS images installed into directories.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * The default sysctl.d/ snippets will now set
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering net.ipv4.conf.default.promote_secondaries=1
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering This has the benefit of no flushing secondary IP addresses
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering when primary addresses are removed.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering -- Berlin, 2014-08-19
00aa832b948a27507c33e2157e46963852cffc85Lennart PoetteringCHANGES WITH 215:
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new tool systemd-sysusers has been added. This tool
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering creates system users and groups in /etc/passwd and
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering /etc/group, based on static declarative system user/group
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering definitions in /usr/lib/sysusers.d/. This is useful to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering enable factory resets and volatile systems that boot up with
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering an empty /etc directory, and thus need system users and
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering groups created during early boot. systemd now also ships
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering with two default sysusers.d/ files for the most basic
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering users and groups systemd and the core operating system
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new tmpfiles snippet has been added that rebuilds the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering essential files in /etc on boot, should they be missing.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A directive for ensuring automatic clean-up of
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering /var/cache/man/ has been removed from the default
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering configuration. This line should now be shipped by the man
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering implementation. The necessary change has been made to the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering man-db implementation. Note that you need to update your man
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering implementation to one that ships this line, otherwise no
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering automatic clean-up of /var/cache/man will take place.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new condition ConditionNeedsUpdate= has been added that
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering may conditionalize services to only run when /etc or /var
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering are "older" than the vendor operating system resources in
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering /usr. This is useful for reconstructing or updating /etc
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering after an offline update of /usr or a factory reset, on the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering next reboot. Services that want to run once after such an
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering update or reset should use this condition and order
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering themselves before the new systemd-update-done.service, which
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering will mark the two directories as fully updated. A number of
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering service files have been added making use of this, to rebuild
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering the udev hardware database, the journald message catalog and
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering dynamic loader cache (ldconfig). The systemd-sysusers tool
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering described above also makes use of this now. With this in
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering place it is now possible to start up a minimal operating
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering system with /etc empty cleanly. For more information on the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering concepts involved see this recent blog story:
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering http://0pointer.de/blog/projects/stateless.html
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new system group "input" has been introduced, and all
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering input device nodes get this group assigned. This is useful
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering for system-level software to get access to input devices. It
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering complements what is already done for "audio" and "video".
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * systemd-networkd learnt minimal DHCPv4 server support in
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering addition to the existing DHCPv4 client support. It also
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering learnt DHCPv6 client and IPv6 Router Solicitation client
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering support. The DHCPv4 client gained support for static routes
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering passed in from the server. Note that the [DHCPv4] section
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering known in older systemd-networkd versions has been renamed to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering [DHCP] and is now also used by the DHCPv6 client. Existing
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering .network files using settings of this section should be
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek updated, though compatibility is maintained. Optionally, the
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek client hostname may now be sent to the DHCP server.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * networkd gained support for vxlan virtual networks as well
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering as tun/tap and dummy devices.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * networkd gained support for automatic allocation of address
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering ranges for interfaces from a system-wide pool of
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering addresses. This is useful for dynamically managing a large
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering number of interfaces with a single network configuration
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering file. In particular this is useful to easily assign
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek appropriate IP addresses to the veth links of a large number
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering of nspawn instances.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * RPM macros for processing sysusers, sysctl and binfmt
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering drop-in snippets at package installation time have been
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek * The /etc/os-release file should now be placed in
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek /usr/lib/os-release. The old location is automatically
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek created as symlink. /usr/lib is the more appropriate
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering location of this file, since it shall actually describe the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering vendor operating system shipped in /usr, and not the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering configuration stored in /etc.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * .mount units gained a new boolean SloppyOptions= setting
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering that maps to mount(8)'s -s option which enables permissive
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering parsing of unknown mount options.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * tmpfiles learnt a new "L+" directive which creates a symlink
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering but (unlike "L") deletes a pre-existing file first, should
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering it already exist and not already be the correct
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering symlink. Similar, "b+", "c+" and "p+" directives have been
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering added as well, which create block and character devices, as
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering well as fifos in the filesystem, possibly removing any
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering pre-existing files of different types.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * For tmpfiles' "L", "L+", "C" and "C+" directives the final
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering 'argument' field (which so far specified the source to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering symlink/copy the files from) is now optional. If omitted the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering same file os copied from /usr/share/factory/ suffixed by the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering full destination path. This is useful for populating /etc
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering with essential files, by copying them from vendor defaults
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new command "systemctl preset-all" has been added that
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering applies the service preset settings to all installed unit
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering files. A new switch --preset-mode= has been added that
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering controls whether only enable or only disable operations
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering shall be executed.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * A new command "systemctl is-system-running" has been added
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering that allows checking the overall state of the system, for
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering example whether it is fully up and running.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering * When the system boots up with an empty /etc, the equivalent
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering to "systemctl preset-all" is executed during early boot, to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering make sure all default services are enabled after a factory
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering * systemd now contains a minimal preset file that enables the
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering most basic services systemd ships by default.
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering * Unit files' [Install] section gained a new DefaultInstance=
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering field for defining the default instance to create if a
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering template unit is enabled with no instance specified.
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering * A new passive target cryptsetup-pre.target has been added
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering that may be used by services that need to make they run and
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering finish before the first LUKS cryptographic device is set up.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * The /dev/loop-control and /dev/btrfs-control device nodes
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering are now owned by the "disk" group by default, opening up
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering access to this group.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * systemd-coredump will now automatically generate a
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering stack trace of all core dumps taking place on the system,
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering based on elfutils' libdw library. This stack trace is logged
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering to the journal.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * systemd-coredump may now optionally store coredumps directly
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering on disk (in /var/lib/systemd/coredump, possibly compressed),
b82eed9af95668ab38cac33c7996e4d665f8709aLennart Poettering instead of storing them unconditionally in the journal. This
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering mode is the new default. A new configuration file
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering /etc/systemd/coredump.conf has been added to configure this
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering and other parameters of systemd-coredump.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * coredumpctl gained a new "info" verb to show details about a
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering specific coredump. A new switch "-1" has also been added
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering that makes sure to only show information about the most
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering recent entry instead of all entries. Also, as the tool is
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering generally useful now the "systemd-" prefix of the binary
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering name has been removed. Distributions that want to maintain
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering compatibility with the old name should add a symlink from
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering the old name to the new name.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * journald's SplitMode= now defaults to "uid". This makes sure
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering that unprivileged users can access their own coredumps with
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering coredumpctl without restrictions.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * New kernel command line options "systemd.wants=" (for
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering pulling an additional unit during boot), "systemd.mask="
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering (for masking a specific unit for the boot), and
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering "systemd.debug-shell" (for enabling the debug shell on tty9)
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering have been added. This is implemented in the new generator
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering "systemd-debug-generator".
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * systemd-nspawn will now by default filter a couple of
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering syscalls for containers, among them those required for
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering kernel module loading, direct x86 IO port access, swap
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering management, and kexec. Most importantly though
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering open_by_handle_at() is now prohibited for containers,
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering closing a hole similar to a recently discussed vulnerability
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering in docker regarding access to files on file hierarchies the
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering container should normally not have access to. Note that for
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering nspawn we generally make no security claims anyway (and
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering this is explicitly documented in the man page), so this is
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering just a fix for one of the most obvious problems.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * A new man page file-hierarchy(7) has been added that
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering contains a minimized, modernized version of the file system
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering layout systemd expects, similar in style to the FHS
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering specification or hier(5). A new tool systemd-path(1) has
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering been added to query many of these paths for the local
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering machine and user.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering longer done. Since the directory now has a per-user size
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering limit, and is cleaned on logout this appears unnecessary,
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering in particular since this now brings the lifecycle of this
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering directory closer in line with how IPC objects are handled.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * systemd.pc now exports a number of additional directories,
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering including $libdir (which is useful to identify the library
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering path for the primary architecture of the system), and a
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering couple of drop-in directories.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * udev's predictable network interface names now use the dev_port
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering sysfs attribute, introduced in linux 3.15 instead of dev_id to
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering distinguish between ports of the same PCI function. dev_id should
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering only be used for ports using the same HW address, hence the need
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * machined has been updated to export the OS version of a
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering container (read from /etc/os-release and
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering /usr/lib/os-release) on the bus. This is now shown in
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering "machinectl status" for a machine.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering * A new service setting RestartForceExitStatus= has been
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering added. If configured to a set of exit signals or process
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering return values, the service will be restarted when the main
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering daemon process exits with any of them, regardless of the
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering Restart= setting.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * systemctl's -H switch for connecting to remote systemd
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering machines has been extended so that it may be used to
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering directly connect to a specific container on the
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering host. "systemctl -H root@foobar:waldi" will now connect as
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering user "root" to host "foobar", and then proceed directly to
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering the container named "waldi". Note that currently you have to
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering authenticate as user "root" for this to work, as entering
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering containers is a privileged operation.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Contributions from: Andreas Henriksson, Benjamin Steinwender,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering -- Berlin, 2014-07-03
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart PoetteringCHANGES WITH 214:
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * As an experimental feature, udev now tries to lock the
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering disk device node (flock(LOCK_SH|LOCK_NB)) while it
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering executes events for the disk or any of its partitions.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering Applications like partitioning programs can lock the
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering disk device node (flock(LOCK_EX)) and claim temporary
7c04ad2da1cf08ebf53b9aa9671c8c1dc9577135Lennart Poettering device ownership that way; udev will entirely skip all event
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering handling for this disk and its partitions. If the disk
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering was opened for writing, the close will trigger a partition
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering table rescan in udev's "watch" facility, and if needed
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering synthesize "change" events for the disk and all its partitions.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering This is now unconditionally enabled, and if it turns out to
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering cause major problems, we might turn it on only for specific
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering devices, or might need to disable it entirely. Device Mapper
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering devices are excluded from this logic.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * We temporarily dropped the "-l" switch for fsck invocations,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering since they collide with the flock() logic above. util-linux
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering upstream has been changed already to avoid this conflict,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering and we will readd "-l" as soon as util-linux with this
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering change has been released.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * The dependency on libattr has been removed. Since a long
7c04ad2da1cf08ebf53b9aa9671c8c1dc9577135Lennart Poettering time, the extended attribute calls have moved to glibc, and
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering libattr is thus unnecessary.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * Virtualization detection works without priviliges now. This
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek means the systemd-detect-virt binary no longer requires
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek CAP_SYS_PTRACE file capabilities, and our daemons can run
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek with fewer privileges.
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek * systemd-networkd now runs under its own "systemd-network"
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering loses the ability to write to files owned by root this way.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * Similar, systemd-resolved now runs under its own
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering "systemd-resolve" user with no capabilities remaining.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering * Similar, systemd-bus-proxyd now runs under its own
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * systemd-networkd gained support for setting up "veth"
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering virtual ethernet devices for container connectivity, as well
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering as GRE and VTI tunnels.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * systemd-networkd will no longer automatically attempt to
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering manually load kernel modules necessary for certain tunnel
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering transports. Instead, it is assumed the kernel loads them
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering automatically when required. This only works correctly on
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering very new kernels. On older kernels, please consider adding
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering the kernel modules to /etc/modules-load.d/ as a work-around.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * The resolv.conf file systemd-resolved generates has been
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering moved to /run/systemd/resolve/. If you have a symlink from
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering /etc/resolv.conf, it might be necessary to correct it.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * Two new service settings, ProtectHome= and ProtectSystem=,
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering have been added. When enabled, they will make the user data
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering (such as /home) inaccessible or read-only and the system
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering (such as /usr) read-only, for specific services. This allows
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering very light-weight per-service sandboxing to avoid
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering modifications of user data or system files from
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering services. These two new switches have been enabled for all
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering of systemd's long-running services, where appropriate.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * Socket units gained new SocketUser= and SocketGroup=
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering settings to set the owner user and group of AF_UNIX sockets
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering and FIFOs in the file system.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * Socket units gained a new RemoveOnStop= setting. If enabled,
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering all FIFOS and sockets in the file system will be removed
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering when the specific socket unit is stopped.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * Socket units gained a new Symlinks= setting. It takes a list
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering of symlinks to create to file system sockets or FIFOs
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering created by the specific Unix sockets. This is useful to
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering manage symlinks to socket nodes with the same life-cycle as
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering the socket itself.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * The /dev/log socket and /dev/initctl FIFO have been moved to
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering /run, and have been replaced by symlinks. This allows
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering connecting to these facilities even if PrivateDevices=yes is
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering used for a service (which makes /dev/log itself unavailable,
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering but /run is left). This also has the benefit of ensuring
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering that /dev only contains device nodes, directories and
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering symlinks, and nothing else.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * sd-daemon gained two new calls sd_pid_notify() and
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering sd_pid_notifyf(). They are similar to sd_notify() and
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering sd_notifyf(), but allow overriding of the source PID of
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering notification messages if permissions permit this. This is
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering useful to send notify messages on behalf of a different
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering process (for example, the parent process). The
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering systemd-notify tool has been updated to make use of this
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt when sending messages (so that notification messages now
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering originate from the shell script invoking systemd-notify and
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering not the systemd-notify process itself. This should minimize
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering a race where systemd fails to associate notification
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering messages to services when the originating process already
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering * A new "on-abnormal" setting for Restart= has been added. If
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering set, it will result in automatic restarts on all "abnormal"
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering reasons for a process to exit, which includes unclean
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering signals, core dumps, timeouts and watchdog timeouts, but
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering does not include clean and unclean exit codes or clean
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering signals. Restart=on-abnormal is an alternative for
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering Restart=on-failure for services that shall be able to
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering terminate and avoid restarts on certain errors, by
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering indicating so with an unclean exit code. Restart=on-failure
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering or Restart=on-abnormal is now the recommended setting for
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering all long-running services.
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering * If the InaccessibleDirectories= service setting points to a
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering mount point (or if there are any submounts contained within
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering it), it is now attempted to completely unmount it, to make
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering the file systems truly unavailable for the respective
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering * The ReadOnlyDirectories= service setting and
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering systemd-nspawn's --read-only parameter are now recursively
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering applied to all submounts, too.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * Mount units may now be created transiently via the bus APIs.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * The support for SysV and LSB init scripts has been removed
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering from the systemd daemon itself. Instead, it is now
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering implemented as a generator that creates native systemd units
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering from these scripts when needed. This enables us to remove a
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering substantial amount of legacy code from PID 1, following the
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering fact that many distributions only ship a very small number
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering of LSB/SysV init scripts nowadays.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * Privileged Xen (dom0) domains are not considered
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering virtualization anymore by the virtualization detection
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering logic. After all, they generally have unrestricted access to
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering the hardware and usually are used to manage the unprivileged
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * systemd-tmpfiles gained a new "C" line type, for copying
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering files or entire directories.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * systemd-tmpfiles "m" lines are now fully equivalent to "z"
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering lines. So far, they have been non-globbing versions of the
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering latter, and have thus been redundant. In future, it is
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering recommended to only use "z". "m" has hence been removed
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering from the documentation, even though it stays supported.
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek * A tmpfiles snippet to recreate the most basic structure in
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering /var has been added. This is enough to create the /var/run →
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering /run symlink and create a couple of structural
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering directories. This allows systems to boot up with an empty or
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering volatile /var. Of course, while with this change, the core OS
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering now is capable with dealing with a volatile /var, not all
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering user services are ready for it. However, we hope that sooner
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers or later, many service daemons will be changed upstream so
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek that they are able to automatically create their necessary
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek directories in /var at boot, should they be missing. This is
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek the first step to allow state-less systems that only require
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek the vendor image for /usr to boot.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * systemd-nspawn has gained a new --tmpfs= switch to mount an
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering empty tmpfs instance to a specific directory. This is
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering particularly useful for making use of the automatic
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering reconstruction of /var (see above), by passing --tmpfs=/var.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering * Access modes specified in tmpfiles snippets may now be
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering prefixed with "~", which indicates that they shall be masked
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering by whether the existing file or directory is currently
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering writable, readable or executable at all. Also, if specified,
6a7d3d68bf1ae9bcdaa3a17bc76f72bb7b988ec4Lennart Poettering the sgid/suid/sticky bits will be masked for all
6a7d3d68bf1ae9bcdaa3a17bc76f72bb7b988ec4Lennart Poettering non-directories.
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek * A new passive target unit "network-pre.target" has been
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek added which is useful for services that shall run before any
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers network is configured, for example firewall scripts.
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers * The "floppy" group that previously owned the /dev/fd*
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers devices is no longer used. The "disk" group is now used
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering instead. Distributions should probably deprecate usage of
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering Jędrzejewski-Szmek
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering -- Berlin, 2014-06-11
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart PoetteringCHANGES WITH 213:
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new "systemd-timesyncd" daemon has been added for
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering synchronizing the system clock across the network. It
ad88e758d1b08a21d25971b074e119c167757109Zbigniew Jędrzejewski-Szmek implements an SNTP client. In contrast to NTP
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering implementations such as chrony or the NTP reference server,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering this only implements a client side, and does not bother with
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering the full NTP complexity, focusing only on querying time from
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers one remote server and synchronizing the local clock to
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers it. Unless you intend to serve NTP to networked clients or
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering want to connect to local hardware clocks, this simple NTP
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering client should be more than appropriate for most
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering installations. The daemon runs with minimal privileges, and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering has been hooked up with networkd to only operate when
fd86897568f7a1aed7ffe4c54ace6c158ddbdf7dKay Sievers network connectivity is available. The daemon saves the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering current clock to disk every time a new NTP sync has been
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering acquired, and uses this to possibly correct the system clock
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering early at bootup, in order to accommodate for systems that
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering lack an RTC such as the Raspberry Pi and embedded devices,
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering and to make sure that time monotonically progresses on these
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering systems, even if it is not always correct. To make use of
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering this daemon, a new system user and group "systemd-timesync"
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering needs to be created on installation of systemd.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The queue "seqnum" interface of libudev has been disabled, as
156f7d09add8fc93cae8a3f13adcb2564931fee4Kay Sievers it was generally incompatible with device namespacing as
156f7d09add8fc93cae8a3f13adcb2564931fee4Kay Sievers sequence numbers of devices go "missing" if the devices are
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering part of a different namespace.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * "systemctl list-timers" and "systemctl list-sockets" gained
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering a --recursive switch for showing units of these types also
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers for all local containers, similar in style to the already
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering supported --recursive switch for "systemctl list-units".
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new RebootArgument= setting has been added for service
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering units, which may be used to specify a kernel reboot argument
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering to use when triggering reboots with StartLimitAction=.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new FailureAction= setting has been added for service
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering units which may be used to specify an operation to trigger
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering when a service fails. This works similarly to
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering StartLimitAction=, but unlike it, controls what is done
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering immediately rather than only after several attempts to
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering restart the service in question.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * hostnamed got updated to also expose the kernel name,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering release, and version on the bus. This is useful for
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering executing commands like hostnamectl with the -H switch.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering systemd-analyze makes use of this to properly display
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering details when running non-locally.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The bootchart tool can now show cgroup information in the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering graphs it generates.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The CFS CPU quota cgroup attribute is now exposed for
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering services. The new CPUQuota= switch has been added for this
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering which takes a percentage value. Setting this will have the
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering result that a service may never get more CPU time than the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering specified percentage, even if the machine is otherwise idle.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * systemd-networkd learned IPIP and SIT tunnel support.
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering * LSB init scripts exposing a dependency on $network will now
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering get a dependency on network-online.target rather than simply
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering network.target. This should bring LSB handling closer to
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering what it was on SysV systems.
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering * A new fsck.repair= kernel option has been added to control
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering how fsck shall deal with unclean file systems at boot.
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering * The (.ini) configuration file parser will now silently
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering ignore sections whose name begins with "X-". This may be
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering used to maintain application-specific extension sections in unit
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * machined gained a new API to query the IP addresses of
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering registered containers. "machinectl status" has been updated
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering to show these addresses in its output.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new call sd_uid_get_display() has been added to the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering sd-login APIs for querying the "primary" session of a
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering user. The "primary" session of the user is elected from the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering user's sessions and generally a graphical session is
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering preferred over a text one.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A minimal systemd-resolved daemon has been added. It
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering currently simply acts as a companion to systemd-networkd and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering manages resolv.conf based on per-interface DNS
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering configuration, possibly supplied via DHCP. In the long run
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering we hope to extend this into a local DNSSEC enabled DNS and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The systemd-networkd-wait-online tool is now enabled by
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering default. It will delay network-online.target until a network
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering connection has been configured. The tool primarily integrates
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering with networkd, but will also make a best effort to make sense
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering of network configuration performed in some other way.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * Two new service options StartupCPUShares= and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering StartupBlockIOWeight= have been added that work similarly to
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers CPUShares= and BlockIOWeight= however only apply during
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering system startup. This is useful to prioritize certain services
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering differently during bootup than during normal runtime.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * hostnamed has been changed to prefer the statically
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering configured hostname in /etc/hostname (unless set to
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering 'localhost' or empty) over any dynamic one supplied by
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering dhcp. With this change, the rules for picking the hostname
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering match more closely the rules of other configuration settings
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering where the local administrator's configuration in /etc always
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering overrides any other settings.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Lindskog, WaLyong Cho, Will Woods, Zbigniew
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Jędrzejewski-Szmek
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering -- Beijing, 2014-05-28
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart PoetteringCHANGES WITH 212:
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * When restoring the screen brightness at boot, stay away from
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering the darkest setting or from the lowest 5% of the available
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering range, depending on which is the larger value of both. This
bf9335608821264163058a8b036a00775a8ffbe4Kay Sievers should effectively protect the user from rebooting into a
bf9335608821264163058a8b036a00775a8ffbe4Kay Sievers black screen, should the brightness have been set to minimum
bf9335608821264163058a8b036a00775a8ffbe4Kay Sievers by accident.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * sd-login gained a new sd_machine_get_class() call to
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering determine the class ("vm" or "container") of a machine
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering registered with machined.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * sd-login gained new calls
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering to query the identity of the peer of a local AF_UNIX
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering connection. They operate similarly to their sd_pid_get_xyz()
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers * PID 1 will now maintain a system-wide system state engine
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering with the states "starting", "running", "degraded",
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering "maintenance", "stopping". These states are bound to system
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering startup, normal runtime, runtime with at least one failed
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering service, rescue/emergency mode and system shutdown. This
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering state is shown in the "systemctl status" output when no unit
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering name is passed. It is useful to determine system state, in
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering particularly when doing so for many systems or containers at
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new command "list-machines" has been added to "systemctl"
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering that lists all local OS containers and shows their system
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering state (see above), if systemd runs inside of them.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * systemctl gained a new "-r" switch to recursively enumerate
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering units on all local containers, when used with the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering "list-unit" command (which is the default one that is
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering executed when no parameters are specified).
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The GPT automatic partition discovery logic will now honour
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering two GPT partition flags: one may be set on a partition to
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering cause it to be mounted read-only, and the other may be set
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering on a partition to ignore it during automatic discovery.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * Two new GPT type UUIDs have been added for automatic root
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering partition discovery, for 32-bit and 64-bit ARM. This is not
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering particularly useful for discovering the root directory on
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering these architectures during bare-metal boots (since UEFI is
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering not common there), but still very useful to allow booting of
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering ARM disk images in nspawn with the -i option.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * MAC addresses of interfaces created with nspawn's
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering --network-interface= switch will now be generated from the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering machine name, and thus be stable between multiple invocations
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering of the container.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * logind will now automatically remove all IPC objects owned
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering by a user if she or he fully logs out. This makes sure that
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering users who are logged out cannot continue to consume IPC
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering resources. This covers SysV memory, semaphores and message
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering queues as well as POSIX shared memory and message
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering queues. Traditionally, SysV and POSIX IPC had no life-cycle
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering limits. With this functionality, that is corrected. This may
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering be turned off by using the RemoveIPC= switch of logind.conf.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The systemd-machine-id-setup and tmpfiles tools gained a
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering --root= switch to operate on a specific root directory,
43447fb72693d62363a1a271dacc70d400ed685bLennart Poettering * journald can now forward logged messages to the TTYs of all
43447fb72693d62363a1a271dacc70d400ed685bLennart Poettering logged in users ("wall"). This is the default for all
43447fb72693d62363a1a271dacc70d400ed685bLennart Poettering emergency messages now.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new tool systemd-journal-remote has been added to stream
499b604b21c02ee64c8590a76d7900d64d7a5cb7Zbigniew Jędrzejewski-Szmek journal log messages across the network.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * /sys/fs/cgroup/ is now mounted read-only after all cgroup
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering controller trees are mounted into it. Note that the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering directories mounted beneath it are not read-only. This is a
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering security measure and is particularly useful because glibc
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering actually includes a search logic to pick any tmpfs it can
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering find to implement shm_open() if /dev/shm is not available
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering (which it might very well be in namespaced setups).
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering * machinectl gained a new "poweroff" command to cleanly power
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering down a local OS container.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The PrivateDevices= unit file setting will now also drop the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering CAP_MKNOD capability from the capability bound set, and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering imply DevicePolicy=closed.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering comprehensively on all long-running systemd services where
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering this is appropriate.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * systemd-udevd will now run in a disassociated mount
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering namespace. To mount directories from udev rules, make sure to
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering pull in mount units via SYSTEMD_WANTS properties.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * The kdbus support gained support for uploading policy into
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering the kernel. sd-bus gained support for creating "monitoring"
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering connections that can eavesdrop into all bus communication
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering for debugging purposes.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * Timestamps may now be specified in seconds since the UNIX
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering epoch Jan 1st, 1970 by specifying "@" followed by the value
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers * Native tcpwrap support in systemd has been removed. tcpwrap
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers is old code, not really maintained anymore and has serious
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering shortcomings, and better options such as firewalls
1aed45907715ad4dce7dbc84a957cd5de8cca36eLennart Poettering exist. For setups that require tcpwrap usage, please
1aed45907715ad4dce7dbc84a957cd5de8cca36eLennart Poettering consider invoking your socket-activated service via tcpd,
1aed45907715ad4dce7dbc84a957cd5de8cca36eLennart Poettering like on traditional inetd.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * A new system.conf configuration option
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering DefaultTimerAccuracySec= has been added that controls the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering default AccuracySec= setting of .timer units.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * Timer units gained a new WakeSystem= switch. If enabled,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering timers configured this way will cause the system to resume
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering from system suspend (if the system supports that, which most
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering do these days).
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering * Timer units gained a new Persistent= switch. If enabled,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering timers configured this way will save to disk when they have
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering been last triggered. This information is then used on next
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering reboot to possible execute overdue timer events, that
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering could not take place because the system was powered off.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering This enables simple anacron-like behaviour for timer units.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemctl's "list-timers" will now also list the time a
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering timer unit was last triggered in addition to the next time
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering it will be triggered.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-networkd will now assign predictable IPv4LL
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering addresses to its local interfaces.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Jędrzejewski-Szmek
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering -- Berlin, 2014-03-25
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan EngelhardtCHANGES WITH 211:
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * A new unit file setting RestrictAddressFamilies= has been
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering added to restrict which socket address families unit
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering processes gain access to. This takes address family names
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering like "AF_INET" or "AF_UNIX", and is useful to minimize the
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering attack surface of services via exotic protocol stacks. This
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering is built on seccomp system call filters.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * Two new unit file settings RuntimeDirectory= and
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering RuntimeDirectoryMode= have been added that may be used to
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering manage a per-daemon runtime directories below /run. This is
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering an alternative for setting up directory permissions with
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering tmpfiles snippets, and has the advantage that the runtime
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering directory's lifetime is bound to the daemon runtime and that
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering the daemon starts up with an empty directory each time. This
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering is particularly useful when writing services that drop
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering privileges using the User= or Group= setting.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * The DeviceAllow= unit setting now supports globbing for
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering matching against device group names.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * The systemd configuration file system.conf gained new
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering DefaultMemoryAccounting= to globally turn on/off accounting
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering for specific resources (cgroups) for all units. These
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering settings may still be overridden individually in each unit
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-gpt-auto-generator is now able to discover /srv and
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering root partitions in addition to /home and swap partitions. It
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering also supports LUKS-encrypted partitions now. With this in
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering place, automatic discovery of partitions to mount following
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering the Discoverable Partitions Specification
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering is now a lot more complete. This allows booting without
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering /etc/fstab and without root= on the kernel command line on
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering systems prepared appropriately.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-nspawn gained a new --image= switch which allows
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering booting up disk images and Linux installations on any block
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering device that follow the Discoverable Partitions Specification
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering (see above). This means that installations made with
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering appropriately updated installers may now be started and
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering deployed using container managers, completely
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering unmodified. (We hope that libvirt-lxc will add support for
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering this feature soon, too.)
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-nspawn gained a new --network-macvlan= setting to
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering set up a private macvlan interface for the
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering container. Similarly, systemd-networkd gained a new
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Kind=macvlan setting in .netdev files.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-networkd now supports configuring local addresses
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * A new tool systemd-network-wait-online has been added to
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering synchronously wait for network connectivity using
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering systemd-networkd.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * The sd-bus.h bus API gained a new sd_bus_track object for
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering tracking the life-cycle of bus peers. Note that sd-bus.h is
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering still not a public API though (unless you specify
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering --enable-kdbus on the configure command line, which however
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering voids your warranty and you get no API stability guarantee).
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * The $XDG_RUNTIME_DIR runtime directories for each user are
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering now individual tmpfs instances, which has the benefit of
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering introducing separate pools for each user, with individual
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering size limits, and thus making sure that unprivileged clients
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering can no longer negatively impact the system or other users by
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering RuntimeDirectorySize= has been introduced that allows
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering controlling the default size limit for all users. It
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering defaults to 10% of the available physical memory. This is no
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering replacement for quotas on tmpfs though (which the kernel
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering still does not support), as /dev/shm and /tmp are still
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering shared resources used by both the system and unprivileged
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * logind will now automatically turn off automatic suspending
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering on laptop lid close when more than one display is
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering connected. This was previously expected to be implemented
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering individually in desktop environments (such as GNOME),
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering however has been added to logind now, in order to fix a
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering boot-time race where a desktop environment might not have
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering been started yet and thus not been able to take an inhibitor
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering lock at the time where logind already suspends the system
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering due to a closed lid.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * logind will now wait at least 30s after each system
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering suspend/resume cycle, and 3min after system boot before
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering suspending the system due to a closed laptop lid. This
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering should give USB docking stations and similar enough time to
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering be probed and configured after system resume and boot in
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering order to then act as suspend blocker.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-run gained a new --property= setting which allows
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering initialization of resource control properties (and others)
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering for the created scope or service unit. Example: "systemd-run
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering --property=BlockIOWeight=10 updatedb" may be used to run
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering updatedb at a low block IO scheduling weight.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering now also work in --scope mode.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * When systemd is compiled with kdbus support, basic support
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering for enforced policies is now in place. (Note that enabling
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering kdbus still voids your warranty and no API compatibility
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering promises are made.)
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Zbigniew Jędrzejewski-Szmek
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering -- Berlin, 2014-03-12
0428ddb729d12563b827510e04663de9cb4056f3Lennart PoetteringCHANGES WITH 210:
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * systemd will now relabel /dev after loading the SMACK policy
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering according to SMACK rules.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * A new unit file option AppArmorProfile= has been added to
96ec33c079caacdf9c7cdfb2cad2f1bc48dfca65Lennart Poettering set the AppArmor profile for the processes of a unit.
96ec33c079caacdf9c7cdfb2cad2f1bc48dfca65Lennart Poettering * A new condition check ConditionArchitecture= has been added
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering to conditionalize units based on the system architecture, as
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering reported by uname()'s "machine" field.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * systemd-networkd now supports matching on the system
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering virtualization, architecture, kernel command line, host name
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering and machine ID.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * logind is now a lot more aggressive when suspending the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering machine due to a closed laptop lid. Instead of acting only
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering on the lid close action, it will continuously watch the lid
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering status and act on it. This is useful for laptops where the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering power button is on the outside of the chassis so that it can
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering be reached without opening the lid (such as the Lenovo
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Yoga). On those machines, logind will now immediately
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering re-suspend the machine if the power button has been
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering accidentally pressed while the laptop was suspended and in a
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering backpack or similar.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * logind will now watch SW_DOCK switches and inhibit reaction
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering to the lid switch if it is pressed. This means that logind
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering will not suspend the machine anymore if the lid is closed
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering and the system is docked, if the laptop supports SW_DOCK
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering notifications via the input layer. Note that ACPI docking
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering stations do not generate this currently. Also note that this
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering logic is usually not fully sufficient and Desktop
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Environments should take a lid switch inhibitor lock when an
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov external display is connected, as systemd will not watch
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering this on its own.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * nspawn will now make use of the devices cgroup controller by
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering default, and only permit creation of and access to the usual
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering API device nodes like /dev/null or /dev/random, as well as
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering access to (but not creation of) the pty devices.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * We will now ship a default .network file for
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering systemd-networkd that automatically configures DHCP for
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering network interfaces created by nspawn's --network-veth or
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering --network-bridge= switches.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * systemd will now understand the usual M, K, G, T suffixes
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering according to SI conventions (i.e. to the base 1000) when
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering referring to throughput and hardware metrics. It will stay
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering with IEC conventions (i.e. to the base 1024) for software
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering metrics, according to what is customary according to
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Wikipedia. We explicitly document which base applies for
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering each configuration option.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * The DeviceAllow= setting in unit files now supports a syntax
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering to whitelist an entire group of devices node majors at once,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering based on the /proc/devices listing. For example, with the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering string "char-pts", it is now possible to whitelist all
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering current and future pseudo-TTYs at once.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * sd-event learned a new "post" event source. Event sources of
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering this type are triggered by the dispatching of any event
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering source of a type that is not "post". This is useful for
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering implementing clean-up and check event sources that are
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering triggered by other work being done in the program.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * systemd-networkd is no longer statically enabled, but uses
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering the usual [Install] sections so that it can be
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering enabled/disabled using systemctl. It still is enabled by
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering default however.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * When creating a veth interface pair with systemd-nspawn, the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering host side will now be prefixed with "vb-" if
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering --network-bridge= is used, and with "ve-" if --network-veth
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering is used. This way, it is easy to distinguish these cases on
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt the host, for example to apply different configuration to
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering them with systemd-networkd.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * The compatibility libraries for libsystemd-journal.so,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering libsystem-id128.so, libsystemd-login.so and
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering libsystemd-daemon.so do not make use of IFUNC
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering anymore. Instead, we now build libsystemd.so multiple times
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering under these alternative names. This means that the footprint
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering is drastically increased, but given that these are
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering transitional compatibility libraries, this should not matter
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering much. This change has been made necessary to support the ARM
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering platform for these compatibility libraries, as the ARM
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering toolchain is not really at the same level as the toolchain
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering for other architectures like x86 and does not support
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering IFUNC. Please make sure to use --enable-compat-libs only
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering during a transitional period!
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Contributions from: Andreas Fuchs, Armin K., Colin Walters,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering Zbigniew Jędrzejewski-Szmek
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering -- Berlin, 2014-02-24
0428ddb729d12563b827510e04663de9cb4056f3Lennart PoetteringCHANGES WITH 209:
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * A new component "systemd-networkd" has been added that can
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering be used to configure local network interfaces statically or
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering via DHCP. It is capable of bringing up bridges, VLANs, and
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering bonding. Currently, no hook-ups for interactive network
6827101ab4df4730a22062f4b3a8f8c2bae5be28Zbigniew Jędrzejewski-Szmek configuration are provided. Use this for your initrd,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering container, embedded, or server setup if you need a simple,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering yet powerful, network configuration solution. This
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering configuration subsystem is quite nifty, as it allows wildcard
6827101ab4df4730a22062f4b3a8f8c2bae5be28Zbigniew Jędrzejewski-Szmek hotplug matching in interfaces. For example, with a single
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering configuration snippet, you can configure that all Ethernet
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering interfaces showing up are automatically added to a bridge,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering or similar. It supports link-sensing and more.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * A new tool "systemd-socket-proxyd" has been added which can
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering act as a bidirectional proxy for TCP sockets. This is
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering useful for adding socket activation support to services that
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering do not actually support socket activation, including virtual
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering machines and the like.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * Add a new tool to save/restore rfkill state on
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * Save/restore state of keyboard backlights in addition to
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering display backlights on shutdown/boot.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * udev learned a new SECLABEL{} construct to label device
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering nodes with a specific security label when they appear. For
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering now, only SECLABEL{selinux} is supported, but the syntax is
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering prepared for additional security frameworks.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * udev gained a new scheme to configure link-level attributes
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering from files in /etc/systemd/network/*.link. These files can
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering match against MAC address, device path, driver name and type,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering and will apply attributes like the naming policy, link speed,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering address assignment policy (randomized, ...).
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * The configuration of network interface naming rules for
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering "permanent interface names" has changed: a new NamePolicy=
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering setting in the [Link] section of .link files determines the
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering priority of possible naming schemes (onboard, slot, mac,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering path). The default value of this setting is determined by
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering 80-net-name-slot.rules udev configuration file has been
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering removed, so local configuration overriding this file should
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering be adapated to override 99-default.link instead.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * When the User= switch is used in a unit file, also
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering initialize $SHELL= based on the user database entry.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * systemd no longer depends on libdbus. All communication is
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering now done with sd-bus, systemd's low-level bus library
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering implementation.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * kdbus support has been added to PID 1 itself. When kdbus is
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering enabled, this causes PID 1 to set up the system bus and
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering enable support for a new ".busname" unit type that
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering encapsulates bus name activation on kdbus. It works a little
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering bit like ".socket" units, except for bus names. A new
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering generator has been added that converts classic dbus1 service
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering activation files automatically into native systemd .busname
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering and .service units.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * sd-bus: add a light-weight vtable implementation that allows
15f47220ab59f480ddedc422cad435091778fc95Ben Boeckel defining objects on the bus with a simple static const
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering vtable array of its methods, signals and properties.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * systemd will not generate or install static dbus
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering introspection data anymore to /usr/share/dbus-1/interfaces,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering as the precise format of these files is unclear, and
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering nothing makes use of it.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering * A proxy daemon is now provided to proxy clients connecting
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering via classic D-Bus AF_UNIX sockets to kdbus, to provide full
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering compatibility with classic D-Bus.
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering * A bus driver implementation has been added that supports the
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering classic D-Bus bus driver calls on kdbus, also for
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering compatibility purposes.
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering * A new API "sd-event.h" has been added that implements a
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering minimal event loop API built around epoll. It provides a
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering couple of features that direct epoll usage is lacking:
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering prioritization of events, scales to large numbers of timer
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering events, per-event timer slack (accuracy), system-wide
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering coalescing of timer events, exit handlers, watchdog
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering supervision support using systemd's sd_notify() API, child
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering process handling.
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering * A new API "sd-rntl.h" has been added that provides an API
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering around the route netlink interface of the kernel, similar in
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering * A new API "sd-dhcp-client.h" has been added that provides a
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering small DHCPv4 client-side implementation. This is used by
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering "systemd-networkd".
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering * There is a new kernel command line option
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering "systemd.restore_state=0|1". When set to "0", none of the
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering systemd tools will restore saved runtime state to hardware
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering devices. More specifically, the rfkill and backlight states
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering are not restored.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * The FsckPassNo= compatibility option in mount/service units
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering has been removed. The fstab generator will now add the
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering necessary dependencies automatically, and does not require
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering PID1's support for that anymore.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * journalctl gained a new switch, --list-boots, that lists
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering recent boots with their times and boot IDs.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * The various tools like systemctl, loginctl, timedatectl,
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering busctl, systemd-run, ... have gained a new switch "-M" to
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering connect to a specific, local OS container (as direct
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering connection, without requiring SSH). This works on any
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering container that is registered with machined, such as those
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering created by libvirt-lxc or nspawn.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * systemd-run and systemd-analyze also gained support for "-H"
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering to connect to remote hosts via SSH. This is particularly
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering useful for systemd-run because it enables queuing of jobs
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering onto remote systems.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * machinectl gained a new command "login" to open a getty
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering login in any local container. This works with any container
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering that is registered with machined (such as those created by
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering libvirt-lxc or nspawn), and which runs systemd inside.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * machinectl gained a new "reboot" command that may be used to
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering trigger a reboot on a specific container that is registered
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering with machined. This works on any container that runs an init
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering system of some kind.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * systemctl gained a new "list-timers" command to print a nice
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering listing of installed timer units with the times they elapse
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering * Alternative reboot() parameters may now be specified on the
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering "systemctl reboot" command line and are passed to the
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering reboot() system call.
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering * systemctl gained a new --job-mode= switch to configure the
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt mode to queue a job with. This is a more generic version of
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering --fail, --irreversible, and --ignore-dependencies, which are
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering still available but not advertised anymore.
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering * /etc/systemd/system.conf gained new settings to configure
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering various default timeouts of units, as well as the default
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering start limit interval and burst. These may still be overridden
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering within each Unit.
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering * PID1 will now export on the bus profile data of the security
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering policy upload process (such as the SELinux policy upload to
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * journald: when forwarding logs to the console, include
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering timestamps (following the setting in
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * OnCalendar= in timer units now understands the special
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering strings "yearly" and "annually". (Both are equivalent)
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * The accuracy of timer units is now configurable with the new
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering AccuracySec= setting. It defaults to 1min.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * A new dependency type JoinsNamespaceOf= has been added that
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering allows running two services within the same /tmp and network
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering namespace, if PrivateNetwork= or PrivateTmp= are used.
6563b535a062055ae68f2e574018d9d04a864b65Lennart Poettering * A new command "cat" has been added to systemctl. It outputs
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering the original unit file of a unit, and concatenates the
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering contents of additional "drop-in" unit file snippets, so that
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering the full configuration is shown.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * systemctl now supports globbing on the various "list-xyz"
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering commands, like "list-units" or "list-sockets", as well as on
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering those commands which take multiple unit names.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * journalctl's --unit= switch gained support for globbing.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * All systemd daemons now make use of the watchdog logic so
6563b535a062055ae68f2e574018d9d04a864b65Lennart Poettering that systemd automatically notices when they hang.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * If the $container_ttys environment variable is set,
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering getty-generator will automatically spawn a getty for each
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering listed tty. This is useful for container managers to request
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering login gettys to be spawned on as many ttys as needed.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * %h, %s, %U specifier support is not available anymore when
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering used in unit files for PID 1. This is because NSS calls are
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering not safe from PID 1. They stay available for --user
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt instances of systemd, and as special case for the root user.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * loginctl gained a new "--no-legend" switch to turn off output
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering of the legend text.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The "sd-login.h" API gained three new calls:
8d0256b7eb119de92c748cf566257996b02fb506Lennart Poettering sd_session_is_remote(), sd_session_get_remote_user(),
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering sd_session_get_remote_host() to query information about
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering remote sessions.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The udev hardware database now also carries vendor/product
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering information of SDIO devices.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering determine whether watchdog notifications are requested by
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering the system manager.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Socket-activated per-connection services now include a
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering short description of the connection parameters in the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * tmpfiles gained a new "--boot" option. When this is not used,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering only lines where the command character is not suffixed with
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "!" are executed. When this option is specified, those
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering options are executed too. This partitions tmpfiles
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering directives into those that can be safely executed at any
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering time, and those which should be run only at boot (for
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering example, a line that creates /run/nologin).
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * A new API "sd-resolve.h" has been added which provides a simple
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering asynchronous wrapper around glibc NSS host name resolution
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering calls, such as getaddrinfo(). In contrast to glibc's
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering getaddrinfo_a(), it does not use signals. In contrast to most
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering other asynchronous name resolution libraries, this one does
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering not reimplement DNS, but reuses NSS, so that alternate
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering host name resolution systems continue to work, such as mDNS,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering LDAP, etc. This API is based on libasyncns, but it has been
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering cleaned up for inclusion in systemd.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "sd-daemon.h" are no longer found in individual libraries
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering libsystemd-journal.so, libsystemd-login.so,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering merged them into a single library, libsystemd.so, which
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering provides all symbols. The reason for this is cyclic
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering dependencies, as these libraries tend to use each other's
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering symbols. So far, we have managed to workaround that by linking
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering a copy of a good part of our code into each of these
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering libraries again and again, which, however, makes certain
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering things hard to do, like sharing static variables. Also, it
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering substantially increases footprint. With this change, there
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering is only one library for the basic APIs systemd
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering library as well, however are subject to the --enable-kdbus
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering switch (see below). Note that "sd-dhcp-client.h" is not part
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering of this library (this is because it only consumes, never
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering provides, services of/to other APIs). To make the transition
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering easy from the separate libraries to the unified one, we
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering provide the --enable-compat-libs compile-time switch which
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering will generate stub libraries that are compatible with the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering old ones but redirect all calls to the new one.
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering * All of the kdbus logic and the new APIs "sd-bus.h",
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering and "sd-utf8.h" are compile-time optional via the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "--enable-kdbus" switch, and they are not compiled in by
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering default. To make use of kdbus, you have to explicitly enable
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering the switch. Note however, that neither the kernel nor the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering userspace API for all of this is considered stable yet. We
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt want to maintain the freedom to still change the APIs for
dca348bcbb462305864526c587495a14a76bfcdeJan Engelhardt now. By specifying this build-time switch, you acknowledge
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering that you are aware of the instability of the current
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Also, note that while kdbus is pretty much complete,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering it lacks one thing: proper policy support. This means you
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering can build a fully working system with all features; however,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering it will be highly insecure. Policy support will be added in
aaccc32cdc44b2b972946e44792d63ae17c089c2Lennart Poettering one of the next releases, at the same time that we will
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering declare the APIs stable.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * When the kernel command line argument "kdbus" is specified,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering systemd will automatically load the kdbus.ko kernel module. At
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering this stage of development, it is only useful for testing kdbus
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering and should not be used in production. Note: if "--enable-kdbus"
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering is specified, and the kdbus.ko kernel module is available, and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "kdbus" is added to the kernel command line, the entire system
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering runs with kdbus instead of dbus-daemon, with the above mentioned
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering problem of missing the system policy enforcement. Also a future
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering version of kdbus.ko or a newer systemd will not be compatible with
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering each other, and will unlikely be able to boot the machine if only
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering one of them is updated.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * systemctl gained a new "import-environment" command which
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering uploads the caller's environment (or parts thereof) into the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering service manager so that it is inherited by services started
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering by the manager. This is useful to upload variables like
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering $DISPLAY into the user service manager.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * A new PrivateDevices= switch has been added to service units
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering which allows running a service with a namespaced /dev
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering directory that does not contain any device nodes for
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering physical devices. More specifically, it only includes devices
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering such as /dev/null, /dev/urandom, and /dev/zero which are API
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * logind has been extended to support behaviour like VT
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering switching on seats that do not support a VT. This makes
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering multi-session available on seats that are not the first seat
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering (seat0), and on systems where kernel support for VTs has
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering been disabled at compile-time.
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering * If a process holds a delay lock for system sleep or shutdown
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering and fails to release it in time, we will now log its
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering identity. This makes it easier to identify processes that
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering cause slow suspends or power-offs.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * When parsing /etc/crypttab, support for a new key-slot=
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering option as supported by Debian is added. It allows indicating
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering which LUKS slot to use on disk, speeding up key loading.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The sd_journald_sendv() API call has been checked and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering officially declared to be async-signal-safe so that it may
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering be invoked from signal handlers for logging purposes.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * Boot-time status output is now enabled automatically after a
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering short timeout if boot does not progress, in order to give
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the user an indication what she or he is waiting for.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * The boot-time output has been improved to show how much time
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering remains until jobs expire.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * The KillMode= switch in service units gained a new possible
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering value "mixed". If set, and the unit is shut down, then the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering initial SIGTERM signal is sent only to the main daemon
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering process, while the following SIGKILL signal is sent to
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering all remaining processes of the service.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * When a scope unit is registered, a new property "Controller"
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering may be set. If set to a valid bus name, systemd will send a
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering RequestStop() signal to this name when it would like to shut
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering down the scope. This may be used to hook manager logic into
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the shutdown logic of scope units. Also, scope units may now
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering be put in a special "abandoned" state, in which case the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering manager process which created them takes no further
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering responsibilities for it.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * When reading unit files, systemd will now verify
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the access mode of these files, and warn about certain
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering suspicious combinations. This has been added to make it
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering easier to track down packaging bugs where unit files are
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering marked executable or world-writable.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new "--setenv=" switch to set
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering container-wide environment variables. The similar option in
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering systemd-activate was renamed from "--environment=" to
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering "--setenv=" for consistency.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn has been updated to create a new kdbus domain
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering for each container that is invoked, thus allowing each
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering container to have its own set of system and user buses,
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering independent of the host.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new --drop-capability= switch to run
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the container with less capabilities than the default. Both
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering --drop-capability= and --capability= now take the special
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering string "all" for dropping or keeping all capabilities.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained new switches for executing containers
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering with specific SELinux labels set.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new --quiet switch to not generate
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering any additional output but the container's own console
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new --share-system switch to run a
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering container without PID namespacing enabled.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new --register= switch to control
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering whether the container is registered with systemd-machined or
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering not. This is useful for containers that do not run full
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering OS images, but only specific apps.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-nspawn gained a new --keep-unit which may be used
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering when invoked as the only program from a service unit, and
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering results in registration of the unit service itself in
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering systemd-machined, instead of a newly opened scope unit.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd-nspawn gained a new --network-interface= switch for
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering moving arbitrary interfaces to the container. The new
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering --network-veth switch creates a virtual Ethernet connection
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering between host and container. The new --network-bridge=
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering switch then allows assigning the host side of this virtual
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Ethernet connection to a bridge device.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd-nspawn gained a new --personality= switch for
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering setting the kernel personality for the container. This is
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering useful when running a 32-bit container on a 64-bit host. A
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering similar option Personality= is now also available for service
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * logind will now also track a "Desktop" identifier for each
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering session which encodes the desktop environment of it. This is
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering useful for desktop environments that want to identify
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov multiple running sessions of itself easily.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * A new SELinuxContext= setting for service units has been
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering added that allows setting a specific SELinux execution
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering context for a service.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * Most systemd client tools will now honour $SYSTEMD_LESS for
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering settings of the "less" pager. By default, these tools will
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering override $LESS to allow certain operations to work, such as
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering jump-to-the-end. With $SYSTEMD_LESS, it is possible to
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering influence this logic.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd's "seccomp" hook-up has been changed to make use of
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering the libseccomp library instead of using its own
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering implementation. This has benefits for portability among
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * For usage together with SystemCallFilter=, a new
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering SystemCallErrorNumber= setting has been introduced that
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering allows configuration of a system error number to be returned
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering on filtered system calls, instead of immediately killing the
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering process. Also, SystemCallArchitectures= has been added to
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering limit access to system calls of a particular architecture
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering (in order to turn off support for unused secondary
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering architectures). There is also a global
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering SystemCallArchitectures= setting in system.conf now to turn
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering off support for non-native system calls system-wide.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd requires a kernel with a working name_to_handle_at(),
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering please see the kernel config requirements in the README file.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Elia Pinto, Florian Weimer, George McCollister, Goffredo
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering -- Berlin, 2014-02-20
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart PoetteringCHANGES WITH 208:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * logind has gained support for facilitating privileged input
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering and drm device access for unprivileged clients. This work is
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering useful to allow Wayland display servers (and similar
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering programs, such as kmscon) to run under the user's ID and
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering access input and drm devices which are normally
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering protected. When this is used (and the kernel is new enough)
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering logind will "mute" IO on the file descriptors passed to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Wayland as long as it is in the background and "unmute" it
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering if it returns into the foreground. This allows secure
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering session switching without allowing background sessions to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering eavesdrop on input and display data. This also introduces
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering session switching support if VT support is turned off in the
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering kernel, and on seats that are not seat0.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * A new kernel command line option luks.options= is understood
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering now which allows specifying LUKS options for usage for LUKS
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering encrypted partitions specified with luks.uuid=.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * tmpfiles.d(5) snippets may now use specifier expansion in
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering path names. More specifically %m, %b, %H, %v, are now
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering replaced by the local machine id, boot id, hostname, and
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering kernel version number.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * A new tmpfiles.d(5) command "m" has been introduced which
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering may be used to change the owner/group/access mode of a file
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering or directory if it exists, but do nothing if it does not.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * This release removes high-level support for the
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering MemorySoftLimit= cgroup setting. The underlying kernel
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering cgroup attribute memory.soft_limit= is currently badly
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering designed and likely to be removed from the kernel API in its
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering current form, hence we should not expose it for now.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * The memory.use_hierarchy cgroup attribute is now enabled for
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering all cgroups systemd creates in the memory cgroup
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering hierarchy. This option is likely to be come the built-in
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering default in the kernel anyway, and the non-hierarchical mode
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering never made much sense in the intrinsically hierarchical
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering cgroup system.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * A new field _SYSTEMD_SLICE= is logged along with all journal
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering messages containing the slice a message was generated
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering from. This is useful to allow easy per-customer filtering of
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering logs among other things.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * systemd-journald will no longer adjust the group of journal
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering files it creates to the "systemd-journal" group. Instead we
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering rely on the journal directory to be owned by the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-journal" group, and its setgid bit set, so that the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering kernel file system layer will automatically enforce that
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering journal files inherit this group assignment. The reason for
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering this change is that we cannot allow NSS look-ups from
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering journald which would be necessary to resolve
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-journal" to a numeric GID, because this might
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering create deadlocks if NSS involves synchronous queries to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering other daemons (such as nscd, or sssd) which in turn are
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering logging clients of journald and might block on it, which
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering would then dead lock. A tmpfiles.d(5) snippet included in
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering systemd will make sure the setgid bit and group are
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering properly set on the journal directory if it exists on every
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering boot. However, we recommend adjusting it manually after
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering upgrades too (or from RPM scriptlets), so that the change is
d1f9edafe7b832c507931640f32069d001916b0eLennart Poettering not delayed until next reboot.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * Backlight and random seed files in /var/lib/ have moved into
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering the /var/lib/systemd/ directory, in order to centralize all
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering systemd generated files in one directory.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * Boot time performance measurements (as displayed by
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-analyze" for example) will now read ACPI 5.0 FPDT
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering performance information if that's available to determine how
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering much time BIOS and boot loader initialization required. With
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering a sufficiently new BIOS you hence no longer need to boot
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering with Gummiboot to get access to such information.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Cristian Rodríguez, Dave Reisner, David Herrmann, David
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering -- Berlin, 2013-10-02
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringCHANGES WITH 207:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The Restart= option for services now understands a new
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering on-watchdog setting, which will restart the service
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering automatically if the service stops sending out watchdog keep
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering alive messages (as configured with WatchdogSec=).
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The getty generator (which is responsible for bringing up a
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering getty on configured serial consoles) will no longer only
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering start a getty on the primary kernel console but on all
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering others, too. This makes the order in which console= is
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering specified on the kernel command line less important.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * libsystemd-logind gained a new sd_session_get_vt() call to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering retrieve the VT number of a session.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * If the option "tries=0" is set for an entry of /etc/crypttab
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering its passphrase is queried indefinitely instead of any
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering maximum number of tries.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * If a service with a configure PID file terminates its PID
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering file will now be removed automatically if it still exists
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering afterwards. This should put an end to stale PID files.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-run will now also take relative binary path names
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering for execution and no longer insists on absolute paths.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * InaccessibleDirectories= and ReadOnlyDirectories= now take
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering paths that are optionally prefixed with "-" to indicate that
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering it should not be considered a failure if they do not exist.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * journalctl -o (and similar commands) now understands a new
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering output mode "short-precise", it is similar to "short" but
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering shows timestamps with usec accuracy.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The option "discard" (as known from Debian) is now
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering synonymous to "allow-discards" in /etc/crypttab. In fact,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "discard" is preferred now (since it is easier to remember
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * Some licensing clean-ups were made, so that more code is now
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering LGPL-2.1 licensed than before.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * A minimal tool to save/restore the display backlight
91ac74250149a29122b2291c5393dec4592430d4Kay Sievers brightness across reboots has been added. It will store the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering backlight setting as late as possible at shutdown, and
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering restore it as early as possible during reboot.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * A logic to automatically discover and enable home and swap
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering partitions on GPT disks has been added. With this in place
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering /etc/fstab becomes optional for many setups as systemd can
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering discover certain partitions located on the root disk
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering automatically. Home partitions are recognized under their
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering partitions are recognized under their GPT type ID
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 0657fd6da4ab43c484e50933c84b4f4f.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd will no longer pass any environment from the kernel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering or initrd to system services. If you want to set an
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering environment for all services, do so via the kernel command
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering line systemd.setenv= assignment.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The systemd-sysctl tool no longer natively reads the file
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering /etc/sysctl.conf. If desired, the file should be symlinked
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering from /etc/sysctl.d/99-sysctl.conf. Apart from providing
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering legacy support by a symlink rather than built-in code, it
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering also makes the otherwise hidden order of application of the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering different files visible. (Note that this partly reverts to a
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering pre-198 application order of sysctl knobs!)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The "systemctl set-log-level" and "systemctl dump" commands
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering have been moved to systemd-analyze.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-run learned the new --remain-after-exit switch,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering which causes the scope unit not to be cleaned up
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering automatically after the process terminated.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * tmpfiles learned a new --exclude-prefix= switch to exclude
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering certain paths from operation.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * journald will now automatically flush all messages to disk
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering as soon as a message at the log level CRIT, ALERT or EMERG
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Contributions from: Andrew Cook, Brandon Philips, Christian
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
5b00c0168be6e7b11db7b26fc1712cd6cda3c2e3Lennart Poettering McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering William Giokas, Zbigniew Jędrzejewski-Szmek
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering -- Berlin, 2013-09-13
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringCHANGES WITH 206:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * The documentation has been updated to cover the various new
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering concepts introduced with 205.
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering * Unit files now understand the new %v specifier which
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering resolves to the kernel version string as returned by "uname
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers * systemctl now supports filtering the unit list output by
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering load state, active state and sub state, using the new
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers --state= parameter.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers * "systemctl status" will now show the results of the
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers condition checks (like ConditionPathExists= and similar) of
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers the last start attempts of the unit. They are also logged to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * "journalctl -b" may now be used to look for boot output of a
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering specific boot. Try "journalctl -b -1" for the previous boot,
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers but the syntax is substantially more powerful.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * "journalctl --show-cursor" has been added which prints the
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers cursor string the last shown log line. This may then be used
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers with the new "journalctl --after-cursor=" switch to continue
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers browsing logs from that point on.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers * "journalctl --force" may now be used to force regeneration
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering of an FSS key.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering * Creation of "dead" device nodes has been moved from udev
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering into kmod and tmpfiles. Previously, udev would read the kmod
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering databases to pre-generate dead device nodes based on meta
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering information contained in kernel modules, so that these would
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering be auto-loaded on access rather then at boot. As this
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering does not really have much to do with the exposing actual
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering kernel devices to userspace this has always been slightly
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering alien in the udev codebase. Following the new scheme kmod
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering will now generate a runtime snippet for tmpfiles from the
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering module meta information and it now is tmpfiles' job to the
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering create the nodes. This also allows overriding access and
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering other parameters for the nodes using the usual tmpfiles
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering facilities. As side effect this allows us to remove the
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering CAP_SYS_MKNOD capability bit from udevd entirely.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * logind's device ACLs may now be applied to these "dead"
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering devices nodes too, thus finally allowing managed access to
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering devices such as /dev/snd/sequencer whithout loading the
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering backing module right-away.
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering * A new RPM macro has been added that may be used to apply
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers tmpfiles configuration during package installation.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers * systemd-detect-virt and ConditionVirtualization= now can
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers detect User-Mode-Linux machines (UML).
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * journald will now implicitly log the effective capabilities
07cd4fc16806783d3b6b3008db222ac6a024805cKay Sievers set of processes in the message metadata.
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers * systemd-cryptsetup has gained support for TrueCrypt volumes.
64661ee70d5a10c6208a1cb66ecd8b158e2d8bc5Kay Sievers * The initrd interface has been simplified (more specifically,
2d13da8821b8197e62f819b5b996750800e910abKay Sievers support for passing performance data via environment
2d13da8821b8197e62f819b5b996750800e910abKay Sievers variables and fsck results via files in /run has been
2d13da8821b8197e62f819b5b996750800e910abKay Sievers removed). These features were non-essential, and are
2d13da8821b8197e62f819b5b996750800e910abKay Sievers nowadays available in a much nicer way by having systemd in
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers the initrd serialize its state and have the hosts systemd
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers deserialize it again.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers * The udev "keymap" data files and tools to apply keyboard
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering specific mappings of scan to key codes, and force-release
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers scan code lists have been entirely replaced by a udev
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers "keyboard" builtin and a hwdb data file.
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers * systemd will now honour the kernel's "quiet" command line
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers argument also during late shutdown, resulting in a
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers completely silent shutdown when used.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * There's now an option to control the SO_REUSEPORT socket
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers option in .socket units.
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers * Instance units will now automatically get a per-template
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering subslice of system.slice unless something else is explicitly
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers configured. For example, instances of sshd@.service will now
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering implicitly be placed in system-sshd.slice rather than
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers * Test coverage support may now be enabled at build time.
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers Contributions from: Dave Reisner, Frederic Crozat, Harald
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Giokas, Zbigniew Jędrzejewski-Szmek
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering -- Berlin, 2013-07-23
49f43d5f91a99b23f745726aa351d8f159774357Ville SkyttäCHANGES WITH 205:
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * Two new unit types have been introduced:
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Scope units are very similar to service units, however, are
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering created out of pre-existing processes -- instead of PID 1
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering forking off the processes. By using scope units it is
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering possible for system services and applications to group their
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering own child processes (worker processes) in a powerful way
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering which then maybe used to organize them, or kill them
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering together, or apply resource limits on them.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Slice units may be used to partition system resources in an
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering hierarchical fashion and then assign other units to them. By
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering default there are now three slices: system.slice (for all
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering system services), user.slice (for all user sessions),
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering machine.slice (for VMs and containers).
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Slices and scopes have been introduced primarily in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering context of the work to move cgroup handling to a
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering single-writer scheme, where only PID 1
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * There's a new concept of "transient" units. In contrast to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering normal units these units are created via an API at runtime,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering not from configuration from disk. More specifically this
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering means it is now possible to run arbitrary programs as
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering independent services, with all execution parameters passed
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering in via bus APIs rather than read from disk. Transient units
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering make systemd substantially more dynamic then it ever was,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering and useful as a general batch manager.
439d6dfd12f58d7230bcae06d73b841eb3bc588aLennart Poettering * logind has been updated to make use of scope and slice units
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering for managing user sessions. As a user logs in he will get
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering his own private slice unit, to which all sessions are added
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering as scope units. We also added support for automatically
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering adding an instance of user@.service for the user into the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering slice. Effectively logind will no longer create cgroup
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering hierarchies on its own now, it will defer entirely to PID 1
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering for this by means of scope, service and slice units. Since
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering user sessions this way become entities managed by PID 1
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering the output of "systemctl" is now a lot more comprehensive.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * A new mini-daemon "systemd-machined" has been added which
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering may be used by virtualization managers to register local
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering VMs/containers. nspawn has been updated accordingly, and
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering libvirt will be updated shortly. machined will collect a bit
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering of meta information about the VMs/containers, and assign
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering them their own scope unit (see above). The collected
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering meta-data is then made available via the "machinectl" tool,
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt and exposed in "ps" and similar tools. machined/machinectl
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering is compile-time optional.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * As discussed earlier, the low-level cgroup configuration
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering options ControlGroup=, ControlGroupModify=,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering ControlGroupPersistent=, ControlGroupAttribute= have been
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering removed. Please use high-level attribute settings instead as
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering well as slice units.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * A new bus call SetUnitProperties() has been added to alter
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering various runtime parameters of a unit. This is primarily
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering useful to alter cgroup parameters dynamically in a nice way,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering but will be extended later on to make more properties
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering modifiable at runtime. systemctl gained a new set-properties
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering command that wraps this call.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * A new tool "systemd-run" has been added which can be used to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering run arbitrary command lines as transient services or scopes,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering while configuring a number of settings via the command
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering line. This tool is currently very basic, however already
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering very useful. We plan to extend this tool to even allow
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering queuing of execution jobs with time triggers from the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering command line, similar in fashion to "at".
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * nspawn will now inform the user explicitly that kernels with
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering audit enabled break containers, and suggest the user to turn
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * Support for detecting the IMA and AppArmor security
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering frameworks with ConditionSecurity= has been added.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * journalctl gained a new "-k" switch for showing only kernel
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering messages, mimicking dmesg output; in addition to "--user"
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering and "--system" switches for showing only user's own logs
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering and system logs.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd-delta can now show information about drop-in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering snippets extending unit files.
f8c0a2cb695e3b8140b51cb40637a09ba6eff48eLennart Poettering * libsystemd-bus has been substantially updated but is still
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering not available as public API.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd will now look for the "debug" argument on the kernel
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering command line and enable debug logging, similar to what
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering "systemd.log_level=debug" already did before.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * "systemctl set-default", "systemctl get-default" has been
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering added to configure the default.target symlink, which
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering controls what to boot into by default.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * "systemctl set-log-level" has been added as a convenient
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering way to raise and lower systemd logging threshold.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * "systemd-analyze plot" will now show the time the various
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering generators needed for execution, as well as information
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering about the unit file loading.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * libsystemd-journal gained a new sd_journal_open_files() call
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering for opening specific journal files. journactl also gained a
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering new switch to expose this new functionality. Previously we
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering only supported opening all files from a directory, or all
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering files from the system, as opening individual files only is
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering racy due to journal file rotation.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd gained the new DefaultEnvironment= setting in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering /etc/systemd/system.conf to set environment variables for
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * If a privileged process logs a journal message with the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering OBJECT_PID= field set, then journald will automatically
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering augment this with additional OBJECT_UID=, OBJECT_GID=,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering system services want to log events about specific client
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering processes. journactl/systemctl has been updated to make use
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering of this information if all log messages regarding a specific
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering unit is requested.
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Reisner, David Coppa, David King, David Strauss, Eelco
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Łukasz Stelmach, 장동준
16f1239e1ece27257c0deedcf01aa39474f66241Lennart PoetteringCHANGES WITH 204:
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * The Python bindings gained some minimal support for the APIs
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering exposed by libsystemd-logind.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * ConditionSecurity= gained support for detecting SMACK. Since
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering this condition already supports SELinux and AppArmor we only
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering miss IMA for this. Patches welcome!
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Contributions from: Karol Lewandowski, Lennart Poettering,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Zbigniew Jędrzejewski-Szmek
16f1239e1ece27257c0deedcf01aa39474f66241Lennart PoetteringCHANGES WITH 203:
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn will now create /etc/resolv.conf if
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering necessary, before bind-mounting the host's file onto it.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn will now store meta information about a
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering container on the container's cgroup as extended attribute
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering fields, including the root directory.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * The cgroup hierarchy has been reworked in many ways. All
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering objects any of the components systemd creates in the cgroup
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering tree are now suffixed. More specifically, user sessions are
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering now placed in cgroups suffixed with ".session", users in
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering cgroups suffixed with ".user", and nspawn containers in
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering cgroups suffixed with ".nspawn". Furthermore, all cgroup
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering names are now escaped in a simple scheme to avoid collision
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering of userspace object names with kernel filenames. This work
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering is preparation for making these objects relocatable in the
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering cgroup tree, in order to allow easy resource partitioning of
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering these objects without causing naming conflicts.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemctl list-dependencies gained the new switches
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering --plain, --reverse, --after and --before.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-inhibit now shows the process name of processes that
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering have taken an inhibitor lock.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering * nss-myhostname will now also resolve "localhost"
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering implicitly. This makes /etc/hosts an optional file and
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering nicely handles that on IPv6 ::1 maps to both "localhost" and
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering the local hostname.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering * libsystemd-logind.so gained a new call
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering sd_get_machine_names() to enumerate running containers and
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering VMs (currently only supported by very new libvirt and
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering nspawn). sd_login_monitor can now be used to watch
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering VMs/containers coming and going.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering * .include is not allowed recursively anymore, and only in
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering unit files. Usually it is better to use drop-in snippets in
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering .d/*.conf anyway, as introduced with systemd 198.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * systemd-analyze gained a new "critical-chain" command that
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering determines the slowest chain of units run during system
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering boot-up. It is very useful for tracking down where
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering optimizing boot time is the most beneficial.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * systemd will no longer allow manipulating service paths in
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering the name=systemd:/system cgroup tree using ControlGroup= in
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering units. (But is still fine with it in all other dirs.)
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * There's a new systemd-nspawn@.service service file that may
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering be used to easily run nspawn containers as system
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering services. With the container's root directory in
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering /var/lib/container/foobar it is now sufficient to run
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering "systemctl start systemd-nspawn@foobar.service" to boot it.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * systemd-cgls gained a new parameter "--machine" to list only
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering the processes within a certain container.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * ConditionSecurity= now can check for "apparmor". We still
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering are lacking checks for SMACK and IMA for this condition
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering check though. Patches welcome!
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * A new configuration file /etc/systemd/sleep.conf has been
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers added that may be used to configure which kernel operation
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers systemd is supposed to execute when "suspend", "hibernate"
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers or "hybrid-sleep" is requested. This makes the new kernel
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers "freeze" state accessible to the user.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering the passed argument if applicable.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
e9c1ea9de87d4d508ac38ce87a2fa56e7529a91aJason St. John Jędrzejewski-Szmek
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart PoetteringCHANGES WITH 202:
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering * The output of 'systemctl list-jobs' got some polishing. The
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering '--type=' argument may now be passed more than once. A new
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering command 'systemctl list-sockets' has been added which shows
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering a list of kernel sockets systemd is listening on with the
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering socket units they belong to, plus the units these socket
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering units activate.
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering * The experimental libsystemd-bus library got substantial
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering updates to work in conjunction with the (also experimental)
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering kdbus kernel project. It works well enough to exchange
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering messages with some sophistication. Note that kdbus is not
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering ready yet, and the library is mostly an elaborate test case
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering for now, and not installable.
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering * systemd gained a new unit 'systemd-static-nodes.service'
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering that generates static device nodes earlier during boot, and
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering can run in conjunction with udev.
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering * libsystemd-login gained a new call sd_pid_get_user_unit()
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering to retrieve the user systemd unit a process is running
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering in. This is useful for systems where systemd is used as
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering session manager.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * systemd-nspawn now places all containers in the new /machine
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering top-level cgroup directory in the name=systemd
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering hierarchy. libvirt will soon do the same, so that we get a
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering uniform separation of /system, /user and /machine for system
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering services, user processes and containers/virtual
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering machines. This new cgroup hierarchy is also useful to stick
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering stable names to specific container instances, which can be
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering recognized later this way (this name may be controlled
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering via systemd-nspawn's new -M switch). libsystemd-login also
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering gained a new call sd_pid_get_machine_name() to retrieve the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering name of the container/VM a specific process belongs to.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * bootchart can now store its data in the journal.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * libsystemd-journal gained a new call
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering sd_journal_add_conjunction() for AND expressions to the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering matching logic. This can be used to express more complex
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering logical expressions.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * journactl can now take multiple --unit= and --user-unit=
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * The cryptsetup logic now understands the "luks.key=" kernel
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering command line switch for specifying a file to read the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering decryption key from. Also, if a configured key file is not
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering found the tool will now automatically fall back to prompting
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * Python systemd.journal module was updated to wrap recently
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering added functions from libsystemd-journal. The interface was
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering changed to bring the low level interface in s.j._Reader
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering closer to the C API, and the high level interface in
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering s.j.Reader was updated to wrap and convert all data about
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Tom Gundersen, Zbigniew Jędrzejewski-Szmek
220a21d38f675eb835f5758e3d23e896573aa5eaLennart PoetteringCHANGES WITH 201:
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * journalctl --update-catalog now understands a new --root=
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering option to operate on catalogs found in a different root
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * During shutdown after systemd has terminated all running
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering services a final killing loop kills all remaining left-over
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering processes. We will now print the name of these processes
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering when we send SIGKILL to them, since this usually indicates a
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * If /etc/crypttab refers to password files stored on
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt configured mount points automatic dependencies will now be
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering generated to ensure the specific mount is established first
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering before the key file is attempted to be read.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * 'systemctl status' will now show information about the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering network sockets a socket unit is listening on.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering * 'systemctl status' will also shown information about any
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering drop-in configuration file for units. (Drop-In configuration
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering files in this context are files such as
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering /etc/systemd/systemd/foobar.service.d/*.conf)
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd-cgtop now optionally shows summed up CPU times of
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering cgroups. Press '%' while running cgtop to switch between
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering percentage and absolute mode. This is useful to determine
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering which cgroups use up the most CPU time over the entire
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering runtime of the system. systemd-cgtop has also been updated
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering to be 'pipeable' for processing with further shell tools.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * 'hostnamectl set-hostname' will now allow setting of FQDN
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * The formatting and parsing of time span values has been
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering changed. The parser now understands fractional expressions
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering such as "5.5h". The formatter will now output fractional
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering expressions for all time spans under 1min, i.e. "5.123456s"
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering rather than "5s 123ms 456us". For time spans under 1s
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering millisecond values are shown, for those under 1ms
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering microsecond values are shown. This should greatly improve
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering all time-related output of systemd.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * libsystemd-login and libsystemd-journal gained new
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering functions for querying the poll() events mask and poll()
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering timeout value for integration into arbitrary event
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * localectl gained the ability to list available X11 keymaps
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering (models, layouts, variants, options).
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * 'systemd-analyze dot' gained the ability to filter for
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering specific units via shell-style globs, to create smaller,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering more useful graphs. I.e. it is now possible to create simple
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering graphs of all the dependencies between only target units, or
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering of all units that Avahi has dependencies with.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
220a21d38f675eb835f5758e3d23e896573aa5eaLennart PoetteringCHANGES WITH 200:
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * The boot-time readahead implementation for rotating media
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering will now read the read-ahead data in multiple passes which
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering consist of all read requests made in equidistant time
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering intervals. This means instead of strictly reading read-ahead
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering data in its physical order on disk we now try to find a
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering middle ground between physical and access time order.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * /etc/os-release files gained a new BUILD_ID= field for usage
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering on operating systems that provide continuous builds of OS
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering William Douglas, Zbigniew Jędrzejewski-Szmek
220a21d38f675eb835f5758e3d23e896573aa5eaLennart PoetteringCHANGES WITH 199:
d28315e4aff91560ed4c2fc9f876ec8bfc559f2dJan Engelhardt * systemd-python gained an API exposing libsystemd-daemon.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * The SMACK setup logic gained support for uploading CIPSO
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering security policy.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * Behaviour of PrivateTmp=, ReadWriteDirectories=,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering ReadOnlyDirectories= and InaccessibleDirectories= has
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering changed. The private /tmp and /var/tmp directories are now
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering shared by all processes of a service (which means
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering ExecStartPre= may now leave data in /tmp that ExecStart= of
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering the same service can still access). When a service is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering stopped its temporary directories are immediately deleted
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering (normal clean-up with tmpfiles is still done in addition to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * By default, systemd will now set a couple of sysctl
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering variables in the kernel: the safe sysrq options are turned
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering on, IP route verification is turned on, and source routing
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering disabled. The recently added hardlink and softlink
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering protection of the kernel is turned on. These settings should
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering be reasonably safe, and good defaults for all new systems.
with a new kernel command line switch: net.ifnames=0.
can be configured via SyncIntervalSec= in journald.conf.
* There's a new remote-fs-setup.target unit that can be used
from. This complements sockets.target with a similar
files without having to edit/override the unit files
change one value for a service file foobar.service he can
/etc/systemd/system/foobar.service.d/*.conf. The unit logic
them there; or creating a new file in /etc/systemd/system/
overriding semantics between /usr/lib, /etc and /run apply
$null. Also, the mail-transfer-agent.target unit backing
are implied anyway for normal services. syslog.target has
* The various "environment" files, such as /etc/locale.conf
seat. (i.e. the device of a seat that needs to be around for
* The log messages for lid events and power/sleep keypresses
journal output in reverse order (i.e. newest line first).
than just journal/log file access. This new group is now
up for /var/log/journal to give "adm" and "wheel" read
add read access to "adm" + "wheel" to /var/log/journal, and
all existing/future journal files. To normal users and
scripts need to create these system user/group at
systemd.time(7).
containers. i.e. think about autospawning an entire OS image
* logind can now automatically suspend/hibernate/shutdown the
* /etc/machine-info and hostnamed now also expose the chassis
user/vendor or is automatically determined from ACPI and DMI
devices as seat masters, i.e. as devices that are required
from an indexed database that is keyed by vendor/product IDs
userspace device metadata. Previously, data from the PCI/USB
(i.e. those for non-standard runlevels such as 'b' or 'S')
or ArchLinux /etc/rc.conf support. We recommend the
systemd without blkid and/or kmod support.
more than once. I.e. in addition to transitions from the
* We now install a README each in /var/log/ and
/etc/rc.d/init.d explaining where the system logs and init
* browse.html now allows filtering and showing detailed
* journald.conf's RuntimeMinSize=, PersistentMinSize= settings
* If /etc/vconsole.conf is non-existent or empty we will no
the userspace fonts/key maps we previously overloaded them
/etc/vconsole.conf with the appropriate contents.
"systemd-journal-gatewayd.service". This service provides
# systemctl start systemd-journal-gatewayd.service
/var/log/messages compatible format. The same as JSON:
* nspawn will now create a symlink /etc/localtime in the
changed to create/update the appropriate symlink.
systemd-journald.service" to see this information.
* HandleSleepKey= in logind.conf has been split up into
journald.conf which may be used to control how user journals
are split off. See journald.conf(5) for details.
* timedated will no longer write or process /etc/timezone,
anymore /etc/localtime always being a symlink is now safe,
and hence the information in /etc/timezone is not necessary
/dev/kmsg has now been added and is enabled by default.
* Support for reading kernel messages from /proc/kmsg has now
reading structured messages from /dev/kmsg (see
above). /proc/kmsg is now exclusive property of classic
warning/notice log levels in bright white. It also supports
* libsystemd-logind.so gained a new call sd_journal_perror()
* /etc/crypttab entries now understand the new keyfile-size=
* The prefdm.service file has been removed. Distributions
* /etc/crypttab entries now understand the new keyfile-offset=
systemd-journal-flush.service, rather than implicitly simply
by seeing /var/log/journal to be writable.
/usr/lib/systemd/systemd-readahead analyze /.readahead
systemctl enable debug-shell.service
udevadm info /dev/sda
udevadm info /sys/class/block/sda
* We now include RPM macros for service enabling/disabling
systemctl status /dev/sda
system.conf parsing.
* systemd.confirm_spawn= on the kernel command line should now
from /usr/lib/systemd/ntp-units.d/*.list,
systemd-timedated-ntp.target has been removed.
journald.conf. These options allow reducing the amount of
* TimerSlackNSec= can now be specified in system.conf for
/usr/bin/avahi-daemon" to get all log output of a specific
* CapabilityBoundingSet= in system.conf now also influences
* udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
in /usr/lib/systemd/. Standalone builds or non-systemd systems need
* The config files: /etc/systemd/systemd-logind.conf and
/etc/systemd/systemd-journald.conf have been renamed to
* logind now implements a sleep/shutdown/idle inhibiting logic
systemd-vconsole-setup.service) now detect properly if they
/etc/fstab are out of date due to changes in fstab that
between user/admin configuration and vendor defaults.
* PrivateTmp= now affects both /tmp and /var/tmp.
system.conf. Mounting file systems at boot has to take place
masked and /etc/fstab can override it.
* Show /etc/os-release data in systemd-analyze output
* sd-login.h is C++ comptaible again
* Extend the /etc/os-release format on request of the Debian
* systems lacking /etc/os-release are no longer supported.
* Various functionality updates to libsystemd-login.so
* The systemd binary is installed /usr/lib/systemd/systemd now;
An existing /sbin/init symlink needs to be adapted with the
* A new kernel command line option systemd.setenv= is
with STDERR/STDOUT connected to the journal. Can also act as
* Introduce remote-fs-pre.target which is ordered before all
fixed (i.e. PID file creation must have finished before the
* /etc/rc.local is now hooked in via a generator binary, and
of /usr/local by default.