NEWS revision 3058e017fced6d5c8712e10c8c1477421bc1e960
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poetteringsystemd System and Service Manager
7c66aeba0f28cb82027d6015405ed71afa3b6059Kay SieversCHANGES WITH 215:
c904f64d84db8c4eebedf210ba10893f19ba05edLennart Poettering * A new tool systemd-sysusers has been added. This tool
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers creates system users and groups in /etc/passwd and
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers /etc/group, based on static declarative system user/group
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers definitions in /usr/lib/sysusers.d/. This is useful to
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers enable factory resets and volatile systems that boot up with
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering an empty /etc directory, and thus need system users and
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering groups created during early boot. systemd now also ships
a40593a0d0d740efa387e35411e1e456a6c5aba7Lennart Poettering with two default sysusers.d/ files for the most basic
20ffc4c4a9226b0e45cc02ad9c0108981626c0bbKay Sievers users and groups systemd and the core operating system
7bcd865d386d96caac83cb1c589fdb8f9ce3b081Zbigniew Jędrzejewski-Szmek * A new tmpfiles snippet has been added that rebuilds the
2f8d077ece024b985f2501dc8c904c2d29967acbKay Sievers essential files in /etc on boot, should they be missing.
2d19f95caef8668aeb5c05a18b39c6b79f710856Kay Sievers * A directive for ensuring automatic clean-up of
2f8d077ece024b985f2501dc8c904c2d29967acbKay Sievers /var/cache/man/ has been removed from the default
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering configuration. This line should now be shipped by the man
c0fe5db522b52f27e030655ce2c03e05cbbc1558Kay Sievers implementation. The necessary change has been made to the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering man-db implementation. Note that you need to update your man
c0fe5db522b52f27e030655ce2c03e05cbbc1558Kay Sievers implementation to one that ships this line, otherwise no
c3090674833c8bd34fbdb0e743f1c47d85dd14fbLennart Poettering automatic clean-up of /var/cache/man will take place.
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering * A new condition ConditionNeedsUpdate= has been added that
2d19f95caef8668aeb5c05a18b39c6b79f710856Kay Sievers may conditionalize services to only run when /etc or /var
2d19f95caef8668aeb5c05a18b39c6b79f710856Kay Sievers are "older" than the vendor operating system resources in
a4cc3e5ccc0a3033d764a9eb3ae5ee90db560682Lennart Poettering /usr. This is useful for reconstructing or updating /etc
a4cc3e5ccc0a3033d764a9eb3ae5ee90db560682Lennart Poettering after an offline update of /usr or a factory reset, on the
a4cc3e5ccc0a3033d764a9eb3ae5ee90db560682Lennart Poettering next reboot. Services that want to run once after such an
0028da22f194f7c0ca7169a48cf32e1bc0f9138aLennart Poettering update or reset should use this condition and order
a4cc3e5ccc0a3033d764a9eb3ae5ee90db560682Lennart Poettering themselves before the new systemd-update-done.service, which
7e2c2bcf1285d124c9c656ff46cafa4db0a987c9Lennart Poettering will mark the two directories as fully updated. A number of
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering service files have been added making use of this, to rebuild
7e2c2bcf1285d124c9c656ff46cafa4db0a987c9Lennart Poettering the udev hardware database, the journald message catalog and
7e2c2bcf1285d124c9c656ff46cafa4db0a987c9Lennart Poettering dynamic loader cache (ldconfig). The systemd-sysusers tool
7e2c2bcf1285d124c9c656ff46cafa4db0a987c9Lennart Poettering described above also makes use of this now. With this in
7e2c2bcf1285d124c9c656ff46cafa4db0a987c9Lennart Poettering place it is now possible to start up a minimal operating
7b4da18c1717f811bae67ea3d39290495857c03eLennart Poettering system with /etc empty cleanly. Fore more information on the
7b4da18c1717f811bae67ea3d39290495857c03eLennart Poettering concepts involved see this recent blog story:
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering http://0pointer.de/blog/projects/stateless.html
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new system group "input" has been introduced, and all
95b4be171988fc2ea33377b1b4450e5d410add7bLennart Poettering input device nodes get this group assigned. This is useful
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering for system-level software to get access to input devices. It
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering complements what is already done for "audio" and "video".
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering * systemd-networkd learnt minimal DHCPv4 server support in
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering addition to the existing DHCPv4 client support. It also
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering learnt DHCPv6 client and IPv6 Router Solicitation client
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering support. The DHCPv4 client gained support for static routes
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering passed in from the server. Note that the [DHCPv4] section
990ffbe5cffe7f11a8d3ab2258a85fc52b97bf60Lennart Poettering known in older systemd-networkd versions has been renamed to
398a745c73cec10b1a669703644651d94eb37599Lennart Poettering [DHCP] and is now also used by the DHCPv6 client. Existing
398a745c73cec10b1a669703644651d94eb37599Lennart Poettering .network files using settings of this section need to be
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering * networkd gained support for vxlan virtual networks.
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering * networkd gained support for automatic allocation of address
990ffbe5cffe7f11a8d3ab2258a85fc52b97bf60Lennart Poettering ranges for interfaces from a system-wide pool of
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering addresses. This is useful for dynamically managing a large
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering number of interfaces with a single network configuration
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering file. In particular this is useful to easily assign
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering appropriate IP addresses to the veth links of a large number
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering of nspawn instances.
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering * RPM macros for processing sysusers, sysctl and binfmt
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering drop-in snippets at package installation time have been
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering * The /etc/os-release file should now be placed in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /usr/lib/os-release. The old location is automatically
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering created as symlink. /usr/lib is the more appropriate
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering location of this file, since it shall actually describe the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering vendor operating system shipped in /usr, and not the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering configuration stored in /etc.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * .mount units gained a new boolean SloppyOptions= setting
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that maps to mount(8)'s -s option which enables permissive
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering parsing of unknown mount options.
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering * tmpfiles learnt a new "L+" directive which creates a symlink
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering but (unlike "L") deletes a pre-existing file first, should
c0fe5db522b52f27e030655ce2c03e05cbbc1558Kay Sievers it already exist and not already be the correct
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering symlink. Similar, "b+", "c+" and "p+" directives have been
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering added as well, which create block and character devices, as
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering well as fifos in the filesystem, possibly removing any
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering pre-existing files of different types.
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering * For tmpfiles' "L", "L+", "C" and "C+" directives the final
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering 'argument' field (which so far specified the source to
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering symlink/copy the files from) is now optional. If ommited the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering same file os copied from /usr/share/factory/ suffixed by the
e6c6e7afffa80ad74efdb1ddfa815294624f1608Lennart Poettering full destination path. This is useful for populating /etc
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering with essential files, by copying them from vendor defaults
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new command "systemctl preset-all" has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering applies the service preset settings to all installed unit
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering files. A new switch --preset-mode= has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering controls whether only enable or only disable operations
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering shall be executed.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new command "systemctl is-system-running" has been added
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that allows checking the overall state of the system, for
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering example whether it is fully up an running.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * When the system boots up with an empty /etc, the equivalent
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering to "systemctl preset-all" is executed during early boot, to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering make sure all default services are enabled after a factory
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering * systemd now contains a minimal preset file that enables the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering most basic services systemd ships by default.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * Unit files' [Install] section gained a new DefaultInstance=
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering field for defining the default instance to create if a
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering template unit is enabled with no instance specified.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new passive target cryptsetup-pre.target has been added
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that may be used by services that need to make they run and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering finish before the first LUKS cryptographic device is set up.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The /dev/loop-control and /dev/btrfs-control device nodes
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering are now owned by the "disk" group by default, opening up
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering access to this group.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-coredump will now automatically generate a
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering stack trace of all core dumps taking place on the system,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering based on elfutils' libdw library. This stack trace is logged
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering to the journal.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-coredump may now optionally store coredumps directly
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering on disk (in /var/lib/systemd/coredump, possibly compressed),
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering instead of storing them unconditionally in the journal. This
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering mode is the new default. A new configuration file
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /etc/systemd/coredump.conf has been added to configure this
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering and other parameters of systemd-coredump.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * coredumpctl gained a new "info" verb to show details about a
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering specific coredump. A new switch "-1" has also been added
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that makes sure to only show information about the most
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering recent entry instead of all entries. Also, as the tool is
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering generally useful now the "systemd-" prefix of the binary
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering name has been removed. Distributions that want to maintain
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering compatibility with the old name should add a symlink from
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering the old name to the new name.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * journald's SplitMode= now defaults to "uid". This makes sure
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that unpriviliged users can access their own coredumps with
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering coredumpctl without restrictions.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * New kernel command line options "systemd.wants=" (for
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering pulling an additional unit during boot), "systemd.mask="
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering (for masking a specific unit for the boot), and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering "systemd.debug-shell" (for enabling the debug shell on tty9)
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering have been added. This is implemented in the new generator
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering "systemd-debug-generator".
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-nspawn will now by default filter a couple of
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering syscalls for containers, among them those required for
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering kernel module loading, direct x86 IO port access, swap
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering management, and kexec. Most importantly though
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering open_by_handle_at() is now prohibited for containers,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering closing a hole similar to a recently discussed vulnerability
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering in docker regarding access to files on file hierarchies the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering container should normally not have access to. Note that for
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering nspawn we generally make no security claims anyway (and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering this is explicitly documented in the man page), so this is
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering just a fix for one of the most obvious problems.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new man page file-hierarchy(7) has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering contains a minimized, modernized version of the file system
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering layout systemd expects, similar in style to the FHS
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering specification or hier(5).
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
8b04b925e587ff56568c62ff5ad3f2ea2b34ca7aLennart Poettering longer done. Since the directory now has a per-user size
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering limit, and is cleaned on logout this appears unnecessary,
7361c3b4e1e28a7eb4354a3da354b22e79782141Lennart Poettering in particular since this now brings the lifecycle of this
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering directory closer in line with how IPC objects are handled.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd.pc now exports a number of additional directories,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering including $libdir (which is useful to identify the library
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering path for the primary architecture of the system), and a
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering couple of drop-in directories.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * udev's predictable network interface names now use the dev_port
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering sysfs attribute, introduced in linux 3.15 instead of dev_id to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering distinguish between ports of the same PCI function. dev_id should
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering only be used for ports using the same HW address, hence the need
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers for dev_port.
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay SieversCHANGES WITH 214:
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers * As an experimental feature, udev now tries to lock the
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers disk device node (flock(LOCK_SH|LOCK_NB)) while it
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers executes events for the disk or any of its partitions.
7a43e910ce00eef22fd42925ae4c85cbea1b1320Kay Sievers Applications like partitioning programs can lock the
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers disk device node (flock(LOCK_EX)) and claim temporary
c55b1b59b837dfd924b704d457ed77c55f8bfeabLennart Poettering device ownership that way; udev will entirely skip all event
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers handling for this disk and its partitions. If the disk
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers was opened for writing, the close will trigger a partition
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers table rescan in udev's "watch" facility, and if needed
08f9588885c5d65694b324846b0ed19211d2c178Lennart Poettering synthesize "change" events for the disk and all its partitions.
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering This is now unconditionally enabled, and if it turns out to
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering cause major problems, we might turn it on only for specific
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering devices, or might need to disable it entirely. Device Mapper
9ec82de1725ddaab333149171b790d62c47ae133Lennart Poettering devices are excluded from this logic.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering * We temporarily dropped the "-l" switch for fsck invocations,
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering since they collide with the flock() logic above. util-linux
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering upstream has been changed already to avoid this conflict,
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering and we will readd "-l" as soon as util-linux with this
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering change has been released.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering * The dependency on libattr has been removed. Since a long
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering time, the extended attribute calls have moved to glibc, and
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering libattr is thus unnecessary.
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering * Virtualization detection works without priviliges now. This
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering means the systemd-detect-virt binary no longer requires
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering CAP_SYS_PTRACE file capabilities, and our daemons can run
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering with fewer privileges.
603cd8fe07cb03e8b11722d1a732e569e5a46347Lennart Poettering * systemd-networkd now runs under its own "systemd-network"
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering loses the ability to write to files owned by root this way.
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering * Similar, systemd-resolved now runs under its own
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering "systemd-resolve" user with no capabilities remaining.
9b27910bb0c23e5225fc1177176e4f9bf9bf787bLennart Poettering * Similar, systemd-bus-proxyd now runs under its own
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers * systemd-networkd gained support for setting up "veth"
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers virtual ethernet devices for container connectivity, as well
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers as GRE and VTI tunnels.
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers * systemd-networkd will no longer automatically attempt to
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers manually load kernel modules necessary for certain tunnel
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers transports. Instead, it is assumed the kernel loads them
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers automatically when required. This only works correctly on
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers very new kernels. On older kernels, please consider adding
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering the kernel modules to /etc/modules-load.d/ as a work-around.
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering * The resolv.conf file systemd-resolved generates has been
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering moved to /run/systemd/resolve/. If you have a symlink from
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering /etc/resolv.conf, it might be necessary to correct it.
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering * Two new service settings, ProtectedHome= and ProtectedSystem=,
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering have been added. When enabled, they will make the user data
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering (such as /home) inaccessible or read-only and the system
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering (such as /usr) read-only, for specific services. This allows
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering very light-weight per-service sandboxing to avoid
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering modifications of user data or system files from
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering services. These two new switches have been enabled for all
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering of systemd's long-running services, where appropriate.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * Socket units gained new SocketUser= and SocketGroup=
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering settings to set the owner user and group of AF_UNIX sockets
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering and FIFOs in the file system.
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering * Socket units gained a new RemoveOnStop= setting. If enabled,
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering all FIFOS and sockets in the file system will be removed
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering when the specific socket unit is stopped.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * Socket units gained a new Symlinks= setting. It takes a list
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering of symlinks to create to file system sockets or FIFOs
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering created by the specific Unix sockets. This is useful to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering manage symlinks to socket nodes with the same life-cycle as
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering the socket itself.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The /dev/log socket and /dev/initctl FIFO have been moved to
f801968466fed39d50d410b30ac828c26722cc95Lennart Poettering /run, and have been replaced by symlinks. This allows
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering connecting to these facilities even if PrivateDevices=yes is
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering used for a service (which makes /dev/log itself unavailable,
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering but /run is left). This also has the benefit of ensuring
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering that /dev only contains device nodes, directories and
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering symlinks, and nothing else.
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering * sd-daemon gained two new calls sd_pid_notify() and
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering sd_pid_notifyf(). They are similar to sd_notify() and
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering sd_notifyf(), but allow overriding of the source PID of
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering notification messages if permissions permit this. This is
d05c556b6b2a680ec8b51ecbbc99a9ab14c28eedZbigniew Jędrzejewski-Szmek useful to send notify messages on behalf of a different
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering process (for example, the parent process). The
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering systemd-notify tool has been updated to make use of this
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering when sending messages (so that notification messages now
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering originate from the shell script invoking systemd-notify and
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering not the systemd-notify process itself. This should minimize
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering a race where systemd fails to associate notification
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering messages to services when the originating process already
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering * A new "on-abnormal" setting for Restart= has been added. If
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering set, it will result in automatic restarts on all "abnormal"
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering reasons for a process to exit, which includes unclean
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering signals, core dumps, timeouts and watchdog timeouts, but
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering does not include clean and unclean exit codes or clean
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering signals. Restart=on-abnormal is an alternative for
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering Restart=on-failure for services that shall be able to
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering terminate and avoid restarts on certain errors, by
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering indicating so with an unclean exit code. Restart=on-failure
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering or Restart=on-abnormal is now the recommended setting for
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering all long-running services.
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering * If the InaccessibleDirectories= service setting points to a
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering mount point (or if there are any submounts contained within
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering it), it is now attempted to completely unmount it, to make
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering the file systems truly unavailable for the respective
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen * The ReadOnlyDirectories= service setting and
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering systemd-nspawn's --read-only parameter are now recursively
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering applied to all submounts, too.
5aea932fd54db835b77709ddeba30732648aae53Lennart Poettering * Mount units may now be created transiently via the bus APIs.
918943c75fbd9dee87ff396de3a7c63a8d228433Lennart Poettering * The support for SysV and LSB init scripts has been removed
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart Poettering from the systemd daemon itself. Instead, it is now
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart Poettering implemented as a generator that creates native systemd units
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering from these scripts when needed. This enables us to remove a
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering substantial amount of legacy code from PID 1, following the
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering fact that many distributions only ship a very small number
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering of LSB/SysV init scripts nowadays.
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering * Priviliged Xen (dom0) domains are not considered
88a6c5894c9d3f85d63b87b040c130366b4006ceKay Sievers virtualization anymore by the virtualization detection
8351ceaea9480d9c2979aa2ff0f4982cfdfef58dLennart Poettering logic. After all, they generally have unrestricted access to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering the hardware and usually are used to manage the unprivileged
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering (domU) domains.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-tmpfiles gained a new "C" line type, for copying
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering files or entire directories.
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering * systemd-tmpfiles "m" lines are now fully equivalent to "z"
c649f72baed31c54c8384c3ca1d203fab6e98d08David Strauss lines. So far, they have been non-globbing versions of the
c649f72baed31c54c8384c3ca1d203fab6e98d08David Strauss latter, and have thus been redundant. In future, it is
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering recommended to only use "z". "m" has hence been removed
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering from the documentation, even though it stays supported.
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering * A tmpfiles snippet to recreate the most basic structure in
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering /var has been added. This is enough to create the /var/run →
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering /run symlink and create a couple of structural
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering directories. This allows systems to boot up with an empty or
eeb875144e5a80d0521461a139f13fc8014d77d8Lennart Poettering volatile /var. Of course, while with this change, the core OS
eeb875144e5a80d0521461a139f13fc8014d77d8Lennart Poettering now is capable with dealing with a volatile /var, not all
59cea26a349cfa8db906b520dac72563dd773ff2Lennart Poettering user services are ready for it. However, we hope that sooner
35eb6b124ebdf82bd77aad6e44962a9a039c4d33Lennart Poettering or later, many service daemons will be changed upstream so
9473414219330b9febc1d0712bbf49ad74cf962fLennart Poettering that they are able to automatically create their necessary
f1a8e221ecacea23883df57951e291a910463948Lennart Poettering directories in /var at boot, should they be missing. This is
7b63bde1ed0d4f30c799c9b4737fa926465929f9Lennart Poettering the first step to allow state-less systems that only require
7b63bde1ed0d4f30c799c9b4737fa926465929f9Lennart Poettering the vendor image for /usr to boot.
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering * systemd-nspawn has gained a new --tmpfs= switch to mount an
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering empty tmpfs instance to a specific directory. This is
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering particularly useful for making use of the automatic
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers reconstruction of /var (see above), by passing --tmpfs=/var.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * Access modes specified in tmpfiles snippets may now be
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers prefixed with "~", which indicates that they shall be masked
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers by whether the existing file or directly is currently
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers writable, readable or executable at all. Also, if specified,
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers the sgid/suid/sticky bits will be masked for all
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers non-directories.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * A new passive target unit "network-pre.target" has been
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering added which is useful for services that shall run before any
06dab8e18aebf822392c7ca66c5bf3c1200fdec8Lennart Poettering network is configured, for example firewall scripts.
e01a15b71e18bf2008aec7e75041ffa42eb80b80Kay Sievers * The "floppy" group that previously owned the /dev/fd*
a888b352eb53b07daa24fa859ceeb254336b293dLennart Poettering devices is no longer used. The "disk" group is now used
98ef27df896f36f0407eaa7ed9e295203b9c271bLennart Poettering instead. Distributions should probably deprecate usage of
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
b8217b7bd5fd171916a095b150fad4c3a37f5a41Kay Sievers Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers Jędrzejewski-Szmek
231931ffba1bca9d8759bbd6f797e56f8c6971faLennart Poettering -- Berlin, 2014-06-11
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart PoetteringCHANGES WITH 213:
bd08f2422491169e92dc0899d5ba848fcae4c15cLennart Poettering * A new "systemd-timesyncd" daemon has been added for
bd08f2422491169e92dc0899d5ba848fcae4c15cLennart Poettering synchronizing the system clock across the network. It
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering implements an SNTP client. In contrast to NTP
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering implementations such as chrony or the NTP reference server,
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering this only implements a client side, and does not bother with
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering the full NTP complexity, focusing only on querying time from
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering one remote server and synchronizing the local clock to
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering it. Unless you intend to serve NTP to networked clients or
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering want to connect to local hardware clocks, this simple NTP
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering client should be more than appropriate for most
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering installations. The daemon runs with minimal privileges, and
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering has been hooked up with networkd to only operate when
53ed2eeb2e709a6c0d152d7bdf2d9a4b9f997a16Lennart Poettering network connectivity is available. The daemon saves the
53ed2eeb2e709a6c0d152d7bdf2d9a4b9f997a16Lennart Poettering current clock to disk every time a new NTP sync has been
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers acquired, and uses this to possibly correct the system clock
680a1dbc354b2f437b4e06e27d4c43217977efdfLennart Poettering early at bootup, in order to accommodate for systems that
a6e87e90ede66815989ba2db92a07102a69906feLennart Poettering lack an RTC such as the Raspberry Pi and embedded devices,
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering and to make sure that time monotonically progresses on these
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering systems, even if it is not always correct. To make use of
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering this daemon, a new system user and group "systemd-timesync"
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering needs to be created on installation of systemd.
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering * The queue "seqnum" interface of libudev has been disabled, as
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering it was generally incompatible with device namespacing as
4cbd9ecf45f64c3a9acc99d473fbf3be3687ae24Lennart Poettering sequence numbers of devices go "missing" if the devices are
4cbd9ecf45f64c3a9acc99d473fbf3be3687ae24Lennart Poettering part of a different namespace.
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering * "systemctl list-timers" and "systemctl list-sockets" gained
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers a --recursive switch for showing units of these types also
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers for all local containers, similar in style to the already
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers supported --recursive switch for "systemctl list-units".
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering * A new RebootArgument= setting has been added for service
de6c78f8795743894431a099d26ec562a8acf3dfLennart Poettering units, which may be used to specify a kernel reboot argument
7d441ddb5ca090b5a97f58ac4b4d97b3e84fa81eLennart Poettering to use when triggering reboots with StartLimitAction=.
14e639ae7a1dbf156273ce697d30fbc6c6594209Lennart Poettering * A new FailureAction= setting has been added for service
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering units which may be used to specify an operation to trigger
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering when a service fails. This works similarly to
d3c7d7dd77b2b72315164b672462825cef6c0f9aKay Sievers StartLimitAction=, but unlike it, controls what is done
72b9ed828bd22f3ddd74b6853c183eebf006d6d8Lennart Poettering immediately rather than only after several attempts to
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering restart the service in question.
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering * hostnamed got updated to also expose the kernel name,
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering release, and version on the bus. This is useful for
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering executing commands like hostnamectl with the -H switch.
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering systemd-analyze makes use of this to properly display
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering details when running non-locally.
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering * The bootchart tool can now show cgroup information in the
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering graphs it generates.
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering * The CFS CPU quota cgroup attribute is now exposed for
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering services. The new CPUQuota= switch has been added for this
8d0e38a2b966799af884e78a54fd6a2dffa44788Lennart Poettering which takes a percentage value. Setting this will have the
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering result that a service may never get more CPU time than the
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering specified percentage, even if the machine is otherwise idle.
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering * systemd-networkd learned IPIP and SIT tunnel support.
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering * LSB init scripts exposing a dependency on $network will now
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering get a dependency on network-online.target rather than simply
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering network.target. This should bring LSB handling closer to
916abb21d0a6653e0187b91591e492026886b0a4Lennart Poettering what it was on SysV systems.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new fsck.repair= kernel option has been added to control
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering how fsck shall deal with unclean file systems at boot.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The (.ini) configuration file parser will now silently
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering ignore sections whose name begins with "X-". This may be
b23de6af893c11da4286bc416455cd0926d1532eLennart Poettering used to maintain application-specific extension sections in unit
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering * machined gained a new API to query the IP addresses of
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering registered containers. "machinectl status" has been updated
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering to show these addresses in its output.
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering * A new call sd_uid_get_display() has been added to the
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering sd-login APIs for querying the "primary" session of a
7a2a0b907b5cc60f5d9a871997d7d6e7f62bf4d8Lennart Poettering user. The "primary" session of the user is elected from the
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering user's sessions and generally a graphical session is
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering preferred over a text one.
8bbabc447b1d913bd21faf97c7b17d20d315d2b4Lennart Poettering * A minimal systemd-resolved daemon has been added. It
f530371f1f85a070d7d0fb5112146a43533ae00bLennart Poettering currently simply acts as a companion to systemd-networkd and
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering manages resolv.conf based on per-interface DNS
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering configuration, possibly supplied via DHCP. In the long run
a73d88fa024b5668ed7dde681e99547d41e6a864Lennart Poettering we hope to extend this into a local DNSSEC enabled DNS and
a74a8793b04de9886b4f6987b9cb86fa02c73520Lennart Poettering * The systemd-networkd-wait-online tool is now enabled by
73090dc815390f4fca4e3ed8a7e1d3806605daaaLennart Poettering default. It will delay network-online.target until a network
44143309dd0b37d61d7d842ca58f01a65646ec71Kay Sievers connection has been configured. The tool primarily integrates
3d57c6ab801f4437f12948e29589e3d00c3ad9dbLennart Poettering with networkd, but will also make a best effort to make sense
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering of network configuration performed in some other way.
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering * Two new service options StartupCPUShares= and
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering StartupBlockIOWeight= have been added that work similarly to
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering CPUShares= and BlockIOWeight= however only apply during
2791a8f8dc8764a9247cdba3562bd4c04010f144Lennart Poettering system startup. This is useful to prioritize certain services
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering differently during bootup than during normal runtime.
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering * hostnamed has been changed to prefer the statically
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering configured hostname in /etc/hostname (unless set to
c32e0c40f7e706e3ebcd101187d5ced96f083491Lennart Poettering 'localhost' or empty) over any dynamic one supplied by