d657c51f14601d0235434ffb78cf6ac0f27cc83cLennart Poetteringsystemd System and Service Manager

220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering

61f32bff6130a44d077886d38cff89ad161bf177Martin PittCHANGES WITH 220:

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt * systemd now exposes a CPUUsageNSec= property for each

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt service unit on the bus, that contains the overall consumed

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt CPU time of a service (the sum of what each process of the

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt service consumed). This value is only available if

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt CPUAccounting= is turned on for a service, and is then shown

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt in the "systemctl status" output.

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt * Support for configuring alternative mappings of the old SysV

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt runlevels to systemd targets has been removed. They are now

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt harcoded in a way that runlevels 2, 3, 4 all map to

61f32bff6130a44d077886d38cff89ad161bf177Martin Pitt multi-user.target and 5 to graphical.target (which

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering previously was already the default behaviour).

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * The auto-mounter logic gained support for mount point

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering expiry, using a new TimeoutIdleSec= setting in .automount

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering units. (Also available as x-systemd.idle-timeout= in /etc/fstab).

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * The EFI System Partition (ESP) as mounted to /boot by

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering systemd-efi-boot-generator will now be unmounted

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering automatically after 2min of not being used. This should

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering minimize the risk of ESP corruptions.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * New /etc/fstab options x-systemd.requires= and

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering x-systemd.requires-mounts-for= are now supported to express

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering additional dependencies for mounts. This is useful for

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering journalling file systems that support external journal

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering devices or overlay file systems that require underlying file

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering systems to be mounted.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd does not support direct live-upgrades (via systemctl

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering daemon-reexec) from versions older than v44 anymore. As no

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering distribution we are aware of shipped such old versions in a

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering stable release this should not be problematic.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * When systemd forks off a new per-connection service instance

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering it will now set the $REMOTE_ADDR environment variable to the

815bb5bd565b4edc05a426d24353a9ba68482834Thomas Hindoe Paaboel Andersen remote IP address, and $REMOTE_PORT environment variable to

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering the remote IP port. This behaviour is similar to the

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering corresponding environment variables defined by CGI.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * systemd-networkd gained support for uplink failure

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering detection. The BindCarrier= option allows binding interface

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering configuration dynamically to the link sense of other

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering interfaces. This is useful to achieve behaviour like in

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering network switches.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * systemd-networkd gained support for configuring the DHCP

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering client identifier to use when requesting leases.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd-networkd now has a per-network UseNTP= option to

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering configure whether NTP server information acquired via DHCP

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering is passed on to services like systemd-timesyncd.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd-networkd gained support for vti6 tunnels.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * Many bonding and vxlan options are now configurable in

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering systemd-networkd.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * systemd-nspawn gained a new --property= setting to set unit

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering properties for the container scope. This is useful for

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering setting resource parameters (e.g "CPUShares=500") on

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering containers started from the command line.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * systemd-nspawn gained a new --private-users= switch to make

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering use of user namespacing available on recent Linux kernels.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * systemd-nspawn may now be called as part of a shell pipeline

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering in which case the pipes used for stdin and stdout are passed

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering directly to the process invoked in the container, without

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering indirection via a pseudo tty.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd-nspawn gained a new switch to control the UNIX

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering signal to use when killing the init process of the container

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering when shutting down.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd-nspawn gained a new --overlay= switch for mounting

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering overlay file systems into the container using the new kernel

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering overlayfs support.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * When a container image is imported via systemd-importd and

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering the host file system is not btrfs, a loopback block device

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering file is created in /var/lib/machines.raw with a btrfs file

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering system inside. It is then mounted to /var/lib/machines to

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering enable btrfs features for container management. The loopback

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering file and btrfs file system is grown as needed when container

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering images are imported via systemd-importd.

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering * systemd-machined/systemd-importd gained support for btrfs

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering quota, to enforce container disk space limits on disk. This

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering is exposed in "machinectl set-limit".

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * systemd-importd now can import containers from local .tar,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering .raw and .qcow2 images, and export them to .tar and .raw. It

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering can also import dkr v2 images now from the network (on top

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering of v1 as before).

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * systemd-importd gained support for verifying downloaded

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering images with gpg2 (previously only gpg1 was supported).

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering * systemd-machined, systemd-logind, systemd: most bus calls

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering are now accessible to unprivileged processes via

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering PolicyKit. Also, systemd-logind will now allow users to kill

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering their own sessions without further privileges or

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering authorization.

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering * systemd-shutdownd has been removed. This service was

ddb4b0d3eb57292c38a76f9b977f73cea15448fbLennart Poettering previously responsible for implementing scheduled shutdowns

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering as exposed in /usr/bin/shutdown's time parameter. This

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering functionality has now been moved into systemd-logind and is

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering accessible via a bus interface.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * "systemctl reboot" gained a new switch --firmware-setup that

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering can be used to reboot into the EFI firmware setup, if that

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering is available. systemd-logind now exposes an API on the bus

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering to trigger such reboots, in case graphical desktop UIs want

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering to cover this functionality.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * "systemctl enable", "systemctl disable" and "systemctl mask"

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering now support a new "--now" switch. If specified the the units

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering that are enabled will also be started, and the ones

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering disabled/masked also stopped.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * The Gummiboot EFI boot loader tool has been merged into

815bb5bd565b4edc05a426d24353a9ba68482834Thomas Hindoe Paaboel Andersen systemd, and renamed to "sd-boot". The bootctl tool has been

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering updated to support sd-boot.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * An EFI kernel stub has been added that may be used to create

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering kernel EFI binaries that contain not only the actual kernel,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering but also an initrd, boot splash, command line and OS release

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering information. This combined binary can then be signed as a

815bb5bd565b4edc05a426d24353a9ba68482834Thomas Hindoe Paaboel Andersen single image, so that the firmware can verify it all in one

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering step. sd-boot has special support for EFI binaries created

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering like this and can extract OS release information from them

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering and show them in the boot menu. This functionality is useful

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering to implement cryptographically verified boot schemes.

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering * Optional support has been added to systemd-fsck to pass

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering fsck's progress report to an AF_UNIX socket in the file

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering system.

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering * udev will no longer create device symlinks for all block

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering devices by default. A blacklist for excluding special block

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering devices from this logic has been turned into a whitelist

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering that requires picking block devices explicitly that require

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering device symlinks.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * A new (currently still internal) API sd-device.h has been

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering added to libsystemd. This modernized API is supposed to

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering replace libudev eventually. In fact, already much of libudev

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering is now just a wrapper around sd-device.h.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * A new hwdb database for storing metadata about pointing

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering stick devices has been added.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * systemd-tmpfiles gained support for setting file attributes

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering similar to the "chattr" tool with new 'h' and 'H' lines.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * systemd-journald will no longer unconditionally set the

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering btrfs NOCOW flag on new journal files. This is instead done

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering with tmpfiles snippet using the new 'h' line type. This

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering allows easy disabling of this logic, by masking the

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering journal-nocow.conf tmpfiles file.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * systemd-journald will now translate audit message types to

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering human readable identifiers when writing them to the

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering journal. This should improve readability of audit messages.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * The LUKS logic gained support for the offset= and skip=

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering options in /etc/crypttab, as previously implemented by

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering Debian.

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering

b9e2f7eb00643f28390cedf883f516f4ba7193bbLennart Poettering * /usr/lib/os-release gained a new optional field VARIANT= for

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering distributions that support multiple variants (such as a

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering desktop edition, a server edition, ...)

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Mack, Daniel Mustieles, daurnimator, Davide Bettio, David

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Michael Biebl, Michael Marineau, Michael Olbrich, Michal

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering -- Berlin, 2015-05-??

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart Poettering

f1f8a5a5e110f485257e8702ad30b9997e529a74Lennart PoetteringCHANGES WITH 219:

28c85daf0ae80d1d5f8b878efa4bdad690e1f29bLennart Poettering

dd050decb6ad131ebdeabb71c4f9ecb4733269c0David Herrmann * Introduce a new API "sd-hwdb.h" for querying the hardware

a11c7ea52cc31a8c95e46e781469d3a104f48090Lennart Poettering metadata database. With this minimal interface one can query

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack and enumerate the udev hwdb, decoupled from the old libudev

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack library. libudev's interface for this is now only a wrapper

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack around sd-hwdb. A new tool systemd-hwdb has been added to

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack interface with and update the database.

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack * When any of systemd's tools copies files (for example due to

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack tmpfiles' C lines) a btrfs reflink will attempted first,

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack before bytewise copying is done.

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack * systemd-nspawn gained a new --ephemeral switch. When

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack specified a btrfs snapshot is taken of the container's root

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack directory, and immediately removed when the container

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack terminates again. Thus, a container can be started whose

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering changes never alter the container's root directory, and are

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering lost on container termination. This switch can also be used

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack for starting a container off the root file system of the

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack host without affecting the host OS. This switch is only

6fd5517b11d2c258b3c09baf571bae71b9ac98a7Zbigniew Jędrzejewski-Szmek available on btrfs file systems.

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack * systemd-nspawn gained a new --template= switch. It takes the

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering path to a container tree to use as template for the tree

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering specified via --directory=, should that directory be

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering missing. This allows instantiating containers dynamically,

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering on first run. This switch is only available on btrfs file

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering systems.

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack * When a .mount unit refers to a mount point on which multiple

6fd5517b11d2c258b3c09baf571bae71b9ac98a7Zbigniew Jędrzejewski-Szmek mounts are stacked, and the .mount unit is stopped all of

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack the stacked mount points will now be unmounted until no

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack mount point remains.

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack * systemd now has an explicit notion of supported and

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack unsupported unit types. Jobs enqueued for unsupported unit

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack types will now fail with an "unsupported" error code. More

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack specifically .swap, .automount and .device units are not

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack supported in containers, .busname units are not supported on

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack non-kdbus systems. .swap and .automount are also not

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack supported if their respective kernel compile time options

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack are disabled.

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack * machinectl gained support for two new "copy-from" and

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack "copy-to" commands for copying files from a running

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack container to the host or vice versa.

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering * machinectl gained support for a new "bind" command to bind

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering mount host directories into local containers. This is

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering currently only supported for nspawn containers.

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack * networkd gained support for configuring bridge forwarding

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering database entries (fdb) from .network files.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * A new tiny daemon "systemd-importd" has been added that can

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack download container images in tar, raw, qcow2 or dkr formats,

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering and make them available locally in /var/lib/machines, so

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering that they can run as nspawn containers. The daemon can GPG

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering verify the downloads (not supported for dkr, since it has no

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering provisions for verifying downloads). It will transparently

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering decompress bz2, xz, gzip compressed downloads if necessary,

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering and restore sparse files on disk. The daemon uses privilege

21d86c613d85a5ffb23decaf9876b9f42696e718Daniel Mack separation to ensure the actual download logic runs with

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering fewer privileges than the deamon itself. machinectl has

8b5f9d156ceec7284eeabe79fcbf51f503eb50f5Daniel Mack gained new commands "pull-tar", "pull-raw" and "pull-dkr" to

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering make the functionality of importd available to the

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering user. With this in place the Fedora and Ubuntu "Cloud"

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering images can be downloaded and booted as containers unmodified

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering (the Fedora images lack the appropriate GPG signature files

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering currently, so they cannot be verified, but this will change

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering soon, hopefully). Note that downloading images is currently

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering only fully supported on btrfs.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * machinectl is now able to list container images found in

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering /var/lib/machines, along with some metadata about sizes of

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering disk and similar. If the directory is located on btrfs and

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering quota is enabled, this includes quota display. A new command

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering "image-status" has been added that shows additional

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering information about images.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * machinectl is now able to clone container images

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering efficiently, if the underlying file system (btrfs) supports

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering it, with the new "machinectl list-images" command. It also

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering gained commands for renaming and removing images, as well as

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering marking them read-only or read-write (supported also on

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering legacy file systems).

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * networkd gained support for collecting LLDP network

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering announcements, from hardware that supports this. This is

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering shown in networkctl output.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * systemd-run gained support for a new -t (--pty) switch for

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering invoking a binary on a pty whose input and output is

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering connected to the invoking terminal. This allows executing

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering processes as system services while interactively

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering communicating with them via the terminal. Most interestingly

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering this is supported across container boundaries. Invoking

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering "systemd-run -t /bin/bash" is an alternative to running a

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering full login session, the difference being that the former

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering will not register a session, nor go through the PAM session

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering setup.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * tmpfiles gained support for a new "v" line type for creating

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering btrfs subvolumes. If the underlying file system is a legacy

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering file system, this automatically degrades to creating a

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering normal directory. Among others /var/lib/machines is now

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack created like this at boot, should it be missing.

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack * The directory /var/lib/containers/ has been deprecated and

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack been replaced by /var/lib/machines. The term "machines" has

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack been used in the systemd context as generic term for both

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack VMs and containers, and hence appears more appropriate for

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack this, as the directory can also contain raw images bootable

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering via qemu/kvm.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * systemd-nspawn when invoked with -M but without --directory=

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering or --image= is now capable of searching for the container

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering root directory, subvolume or disk image automatically, in

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack /var/lib/machines. systemd-nspawn@.service has been updated

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack to make use of this, thus allowing it to be used for raw

a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt disk images, too.

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack * A new machines.target unit has been introduced that is

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack supposed to group all containers/VMs invoked as services on

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering the system. systemd-nspawn@.service has been updated to

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering integrate with that.

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering * machinectl gained a new "start" command, for invoking a

edf4126f60561cc6236e46d07f4845dbc6935fa2Tom Gundersen container as a service. "machinectl start foo" is mostly

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering equivalent to "systemctl start systemd-nspawn@foo.service",

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering but handles escaping in a nicer way.

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering * systemd-nspawn will now mount most of the cgroupfs tree

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering read-only into each container, with the exception of the

edf4126f60561cc6236e46d07f4845dbc6935fa2Tom Gundersen container's own subtree in the name=systemd hierarchy.

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack * journald now sets the special FS_NOCOW file flag for its

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack journal files. This should improve performance on btrfs, by

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack avoiding heavy fragmentation when journald's write-pattern

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack is used on COW file systems. It degrades btrfs' data

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack integrity guarantees for the files to the same levels as for

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack ext3/ext4 however. This should be OK though as journald does

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack its own data integrity checks and all its objects are

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack checksummed on disk. Also, journald should handle btrfs disk

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack full events a lot more gracefully now, by processing SIGBUS

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack errors, and not relying on fallocate() anymore.

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack * When journald detects that journal files it is writing to

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack have been deleted it will immediately start new journal

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack files.

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering * systemd now provides a way to store file descriptors

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering per-service in PID 1.This is useful for daemons to ensure

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering that fds they require are not lost during a daemon

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering restart. The fds are passed to the deamon on the next

fe08a30b58bba0e04fb3e43122e0b157af5846a1Lennart Poettering invocation in the same way socket activation fds are

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack passed. This is now used by journald to ensure that the

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering various sockets connected to all the system's stdout/stderr

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering are not lost when journald is restarted. File descriptors

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering may be stored in PID 1 via the sd_pid_notify_with_fds() API,

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering an extension to sd_notify(). Note that a limit is enforced

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering on the number of fds a service can store in PID 1, and it

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering defaults to 0, so that no fds may be stored, unless this is

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering explicitly turned on.

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering * The default TERM variable to use for units connected to a

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering terminal, when no other value is explicitly is set is now

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering vt220 rather than vt102. This should be fairly safe still,

91d0d699121f9cf29e3ba45380ce503b8ea505feLennart Poettering but allows PgUp/PgDn work.

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering * The /etc/crypttab option header= as known from Debian is now

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering supported.

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering * "loginctl user-status" and "loginctl session-status" will

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering now show the last 10 lines of log messages of the

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering user/session following the status output. Similar,

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering "machinectl status" will show the last 10 log lines

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering associated with a virtual machine or container

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering service. (Note that this is usually not the log messages

d046fb936658e7239c8e2635ecb7fb32748ef535Lennart Poettering done in the VM/container itself, but simply what the

c48eb61fa72205615e3a2bec9fb6576a5973fc6bTom Gundersen container manager logs. For nspawn this includes all console

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack output however.)

bdba9227ec6462198b63af69098a003aa2292c0fDaniel Mack

c30f086f047a2a34474de29e4b87ad4464594440Lennart Poettering * "loginctl session-status" without further argument will now

efce0ffeac5ea1b71f61094914d4c00e97da53ecDaniel Machon show the status of the session of the caller. Similar,

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack "lock-session", "unlock-session", "activate",

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering "enable-linger", "disable-linger" may now be called without

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering session/user parameter in which case they apply to the

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering caller's session/user.

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering * An X11 session scriptlet is now shipped that uploads

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering $DISPLAY and $XAUTHORITY into the environment of the systemd

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering --user daemon if a session begins. This should improve

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering compatibility with X11 enabled applications run as systemd

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering user services.

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering * Generators are now subject to masking via /etc and /run, the

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering same way as unit files.

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering * networkd .network files gained support for configuring

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering per-link IPv4/IPv6 packet forwarding as well as IPv4

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering masquerading. This is by default turned on for veth links to

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering containers, as registered by systemd-nspawn. This means that

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering nspawn containers run with --network-veth will now get

61e6771c4ac5e8418a9537a0f3efa1e51c45e5b9Lennart Poettering automatic routed access to the host's networks without any

1e0adaa45d2c1a300199069bfdeb494281b54086Daniel Mack further configuration or setup, as long as networkd runs on

c97e586d8a18db5dc505d76059ed1d9add234925Daniel Mack the host.

c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann

c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann * systemd-nspawn gained the --port= (-p) switch to expose TCP

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering or UDP posts of a container on the host. With this in place

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering it is possible to run containers with private veth links

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering (--network-veth), and have their functionality exposed on

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering the host as if their services were running directly on the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering host.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-nspawn's --network-veth switch now gained a short

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering version "-n", since with the changes above it is now truly

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering useful out-of-the-box. The systemd-nspawn@.service has been

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering updated to make use of it too by default.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-nspawn will now maintain a per-image R/W lock, to

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering ensure that the same image is not started more than once

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering writable. (It's OK to run an image multiple times

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering simultaneously in read-only mode.)

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-nspawn's --image= option is now capable of

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering dissecting and booting MBR and GPT disk images that contain

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering only a single active Linux partition. Previously it

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering supported only GPT disk images with proper GPT type

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering IDs. This allows running cloud images from major

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering distributions directly with systemd-nspawn, without

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering modification.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * In addition to collecting mouse dpi data in the udev

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering hardware database, there's now support for collecting angle

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering information for mouse scroll wheels. The database is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering supposed to guarantee similar scrolling behavior on mice

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering that it knows about. There's also support for collecting

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering information about Touchpad types.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * udev's input_id built-in will now also collect touch screen

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering dimension data and attach it to probed devices.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * /etc/os-release gained support for a Distribution Privacy

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Policy link field.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * networkd gained support for creating "ipvlan", "gretap",

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering "ip6gre", "ip6gretap" and "ip6tnl" network devices.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-tmpfiles gained support for "a" lines for setting

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering ACLs on files.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-nspawn will now mount /tmp in the container to

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering tmpfs, automatically.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd now exposes the memory.usage_in_bytes cgroup

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering attribute and shows it for each service in the "systemctl

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering status" output, if available.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * When the user presses Ctrl-Alt-Del more than 7x within 2s an

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering immediate reboot is triggered. This useful if shutdown is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering hung and is unable to complete, to expedite the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering operation. Note that this kind of reboot will still unmount

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering all file systems, and hence should not result in fsck being

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering run on next reboot.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * A .device unit for an optical block device will now be

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering considered active only when a medium is in the drive. Also,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering mount units are now bound to their backing devices thus

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering triggering automatic unmounting when devices become

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering unavailable. With this in place systemd will now

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering automatically unmount left-over mounts when a CD-ROM is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering ejected or an USB stick is yanked from the system.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * networkd-wait-online now has support for waiting for

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering specific interfaces only (with globbing), and for giving up

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering after a configurable timeout.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * networkd now exits when idle. It will be automatically

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering restarted as soon as interfaces show up, are removed or

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering change state. networkd will stay around as long as there is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering at least one DHCP state machine or similar around, that keep

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering it non-idle.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * networkd may now configure IPv6 link-local addressing in

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering addition to IPv4 link-local addressing.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * The IPv6 "token" for use in SLAAC may now be configured for

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering each .network interface in networkd.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * Routes configured with networkd may now be assigned a scope

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering in .network files.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * networkd's [Match] sections now support globbing and lists

c626bf1d306735a2442800c03ec10cf55442af55Daniel Mack of multiple space-separated matches per item.

c626bf1d306735a2442800c03ec10cf55442af55Daniel Mack

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Morata Castillo, Chris Atkinson, Chris J. Arges, Christian

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko

c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,

47f5a38cdf98a220d6a0d4eb11a710a0a42ae5c4Lennart Poettering Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering Hoffmann, Zbigniew Jędrzejewski-Szmek

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering -- Berlin, 2015-02-16

2f77decc5ba25d0463f137aa7f64ce6684917cf1Lennart Poettering

23d08d1b2bfd7f4b3c0a9408c9ccd65c3fb80fc2David HerrmannCHANGES WITH 218:

c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann

23d08d1b2bfd7f4b3c0a9408c9ccd65c3fb80fc2David Herrmann * When querying unit file enablement status (for example via

c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann "systemctl is-enabled"), a new state "indirect" is now known

ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack which indicates that a unit might not be enabled itself, but

ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack another unit listed in its Alias= setting might be.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * Similar to the various existing ConditionXYZ= settings for

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering units there are now matching AssertXYZ= settings. While

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering failing conditions cause a unit to be skipped, but its job

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering to succeed, failing assertions declared like this will cause

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering a unit start operation and its job to fail.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * hostnamed now knows a new chassis type "embedded".

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemctl gained a new "edit" command. When used on a unit

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering file this allows extending unit files with .d/ drop-in

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering configuration snippets or editing the full file (after

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering copying it from /usr/lib to /etc). This will invoke the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering user's editor (as configured with $EDITOR), and reload the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering modified configuration after editing.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * "systemctl status" now shows the suggested enablement state

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering for a unit, as declared in the (usually vendor-supplied)

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering system preset files.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * nss-myhostname will now resolve the single-label host name

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering "gateway" to the locally configured default IP routing

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering gateways, ordered by their metrics. This assigns a stable

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering name to the used gateways, regardless which ones are

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering currently configured. Note that the name will only be

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering resolved after all other name sources (if nss-myhostname is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering configured properly) and should hence not negatively impact

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering systems that use the single-label host name "gateway" in

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering other contexts.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * systemd-inhibit now allows filtering by mode when listing

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering inhibitors.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * Scope and service units gained a new "Delegate" boolean

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering property, which when set allows processes running inside the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering unit to further partition resources. This is primarily

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering useful for systemd user instances as well as container

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering managers.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * journald will now pick up audit messages directly from

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering the kernel, and log them like any other log message. The

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering audit fields are split up and fully indexed. This means that

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering journalctl in many ways is now a (nicer!) alternative to

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering ausearch, the traditional audit client. Note that this

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering implements only a minimal audit client, if you want the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering special audit modes like reboot-on-log-overflow, please use

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering the traditional auditd instead, which can be used in

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering parallel to journald.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * The ConditionSecurity= unit file option now understands the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering special string "audit" to check whether auditing is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering available.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * journalctl gained two new commands --vacuum-size= and

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering --vacuum-time= to delete old journal files until the

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering remaining ones take up no more the specified size on disk,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering or are not older than the specified time.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * A new, native PPPoE library has been added to sd-network,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering systemd's library of light-weight networking protocols. This

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering library will be used in a future version of networkd to

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering enable PPPoE communication without an external pppd daemon.

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering * The busctl tool now understands a new "capture" verb that

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering works similar to "monitor", but writes a packet capture

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering trace to STDOUT that can be redirected to a file which is

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering compatible with libcap's capture file format. This can then

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering be loaded in Wireshark and similar tools to inspect bus

e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann communication.

e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann

ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack * The busctl tool now understands a new "tree" verb that shows

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann the object trees of a specific service on the bus, or of all

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann services.

10fa421cd2abdc2ae1a07f7c13bfaa4ee6d6de4fDavid Herrmann

10fa421cd2abdc2ae1a07f7c13bfaa4ee6d6de4fDavid Herrmann * The busctl tool now understands a new "introspect" verb that

10fa421cd2abdc2ae1a07f7c13bfaa4ee6d6de4fDavid Herrmann shows all interfaces and members of objects on the bus,

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering including their signature and values. This is particularly

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering useful to get more information about bus objects shown by

5e8d4254f916eb7115ae14de42e7eccf6bc83786Lennart Poettering the new "busctl tree" command.

10fa421cd2abdc2ae1a07f7c13bfaa4ee6d6de4fDavid Herrmann

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann * The busctl tool now understands new verbs "call",

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann "set-property" and "get-property" for invoking bus method

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann calls, setting and getting bus object properties in a

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann friendly way.

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann

11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann * busctl gained a new --augment-creds= argument that controls

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann whether the tool shall augment credential information it

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann gets from the bus with data from /proc, in a possibly

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann race-ful way.

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann * nspawn's --link-journal= switch gained two new values

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann "try-guest" and "try-host" that work like "guest" and

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann "host", but do not fail if the host has no persistent

01608bc86a104423d192364f9534b83d0c75db7fKay Sievers journalling enabled. -j is now equivalent to

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann --link-journal=try-guest.

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann * macvlan network devices created by nspawn will now have

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann stable MAC addresses.

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack * A new SmackProcessLabel= unit setting has been added, which

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack controls the SMACK security label processes forked off by

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack the respective unit shall use.

37d54b938faeefd0a5a74f9197a33d78bbb8d6bfDaniel Mack

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack * If compiled with --enable-xkbcommon, systemd-localed will

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack verify x11 keymap settings by compiling the given keymap. It

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack will spew out warnings if the compilation fails. This

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack requires libxkbcommon to be installed.

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack * When a coredump is collected a larger number of metadata

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack fields is now collected and included in the journal records

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack created for it. More specifically control group membership,

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack environment variables, memory maps, working directory,

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack chroot directory, /proc/$PID/status, and a list of open file

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack descriptors is now stored in the log entry.

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack * The udev hwdb now contains DPI information for mice. For

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack details see:

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack * All systemd programs that read standalone configuration

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack files in /etc now also support a corresponding series of

931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack .conf.d configuration directories in /etc/, /run/,

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann /usr/local/lib/, /usr/lib/, and (if configured with

f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann --enable-split-usr) /lib/. In particular, the following

f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann configuration files now have corresponding configuration

f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann directories: system.conf user.conf, logind.conf,

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann journald.conf, sleep.conf, bootchart.conf, coredump.conf,

01608bc86a104423d192364f9534b83d0c75db7fKay Sievers resolved.conf, timesyncd.conf, journal-remote.conf, and

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann journal-upload.conf. Note that distributions should use the

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann configuration directories in /usr/lib/; the directories in

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann /etc/ are reserved for the system administrator.

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann * systemd-rfkill will no longer take the rfkill device name

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann into account when storing rfkill state on disk, as the name

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann might be dynamically assigned and not stable. Instead, the

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann ID_PATH udev variable combined with the rfkill type (wlan,

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann bluetooth, ...) is used.

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann * A new service systemd-machine-id-commit.service has been

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann added. When used on systems where /etc is read-only during

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann boot, and /etc/machine-id is not initialized (but an empty

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann file), this service will copy the temporary machine ID

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann created as replacement into /etc after the system is fully

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann booted up. This is useful for systems that are freshly

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann installed with a non-initialized machine ID, but should get

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann a fixed machine ID for subsequent boots.

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann * networkd's .netdev files now provide a large set of

e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann configuration parameters for VXLAN devices. Similar, the

e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann bridge port cost parameter is now configurable in .network

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann files. There's also new support for configuring IP source

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann routing. networkd .link files gained support for a new

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers OriginalName= match that is useful to match against the

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers original interface name the kernel assigned. .network files

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers may include MTU= and MACAddress= fields for altering the MTU

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers and MAC address while being connected to a specific network

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers interface.

861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann * The LUKS logic gained supported for configuring

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann UUID-specific key files. There's also new support for naming

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann LUKS device from the kernel command line, using the new

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann luks.name= argument.

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann * Timer units may now be transiently created via the bus API

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann (this was previously already available for scope and service

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann units). In addition it is now possible to create multiple

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann transient units at the same time with a single bus call. The

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann "systemd-run" tool has been updated to make use of this for

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann running commands on a specified time, in at(1)-style.

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack * tmpfiles gained support for "t" lines, for assigning

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack extended attributes to files. Among other uses this may be

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack used to assign SMACK labels to files.

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack Contributions from: Alin Rauta, Alison Chaiken, Andrej

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris

9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,

5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Michael Biebl, Michael Chapman, Michael Marineau, Michal

2d1ca11270e66777c90a449096203afebc37ec9cDavid Herrmann Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter

2d1ca11270e66777c90a449096203afebc37ec9cDavid Herrmann Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross

2d1ca11270e66777c90a449096203afebc37ec9cDavid Herrmann Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,

0db83ad7334809a6605501e24bad55f3b652c072David Herrmann Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,

0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert

0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

5f92d24fa85d6652c4754e3b3b2a3393026bd0b9Kay Sievers -- Berlin, 2014-12-10

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart PoetteringCHANGES WITH 217:

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * journalctl gained the new options -t/--identifier= to match

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering on the syslog identifier (aka "tag"), as well as --utc to

0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen show log timestamps in the UTC timezone. journalctl now also

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering accepts -n/--lines=all to disable line capping in a pager.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

5f92d24fa85d6652c4754e3b3b2a3393026bd0b9Kay Sievers * journalctl gained a new switch, --flush, that synchronously

0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt flushes logs from /run/log/journal to /var/log/journal if

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering persistent storage is enabled. systemd-journal-flush.service

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering now waits until the operation is complete.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

c65514649680e5d5ee6a118db6e5b20438cb1710Ronny Chevalier * Services can notify the manager before they start a reload

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering (by sending RELOADING=1) or shutdown (by sending

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering STOPPING=1). This allows the manager to track and show the

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering internal state of daemons and closes a race condition when

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering the process is still running but has closed its D-Bus

0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen connection.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * Services with Type=oneshot do not have to have any ExecStart

0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt commands anymore.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * User units are now loaded also from

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering $XDG_RUNTIME_DIR/systemd/user/. This is similar to the

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering /run/systemd/user directory that was already previously

0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen supported, but is under the control of the user.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * Job timeouts (i.e. time-outs on the time a job that is

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering queued stays in the run queue) can now optionally result in

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering immediate reboot or power-off actions (JobTimeoutAction= and

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering JobTimeoutRebootArgument=). This is useful on ".target"

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering units, to limit the maximum time a target remains

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering undispatched in the run queue, and to trigger an emergency

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering operation in such a case. This is now used by default to

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering turn off the system if boot-up (as defined by everything in

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering basic.target) hangs and does not complete for at least

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering 15min. Also, if power-off or reboot hang for at least 30min

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering an immediate power-off/reboot operation is triggered. This

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering functionality is particularly useful to increase reliability

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering on embedded devices, but also on laptops which might

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering accidentally get powered on when carried in a backpack and

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering whose boot stays stuck in a hard disk encryption passphrase

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering question.

0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * systemd-logind can be configured to also handle lid switch

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering events even when the machine is docked or multiple displays

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering are attached (HandleLidSwitchDocked= option).

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * A helper binary and a service have been added which can be

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering used to resume from hibernation in the initramfs. A

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering generator will parse the resume= option on the kernel

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering command line to trigger resume.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * A user console daemon systemd-consoled has been

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering added. Currently, it is a preview, and will so far open a

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering single terminal on each session of the user marked as

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Desktop=systemd-console.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * Route metrics can be specified for DHCP routes added by

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering systemd-networkd.

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering * The SELinux context of socket-activated services can be set

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering from the information provided by the networking stack

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering (SELinuxContextFromNet= option).

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering * Userspace firmware loading support has been removed and

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering the minimum supported kernel version is thus bumped to 3.7.

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering * Timeout for udev workers has been increased from 1 to 3

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering minutes, but a warning will be printed after 1 minute to

470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering help diagnose kernel modules that take a long time to load.

b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering

0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt * Udev rules can now remove tags on devices with TAG-="foobar".

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemd's readahead implementation has been removed. In many

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann circumstances it didn't give expected benefits even for

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann rotational disk drives and was becoming less relevant in the

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann age of SSDs. As none of the developers has been using

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann rotating media anymore, and nobody stepped up to actively

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann maintain this component of systemd it has now been removed.

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann * Swap units can use Options= to specify discard options.

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann Discard options specified for swaps in /etc/fstab are now

f7a73a2558bceffd983eb7642680e718cd981122David Herrmann respected.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * Docker containers are now detected as a separate type of

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering virtualization.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * The Password Agent protocol gained support for queries where

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering the user input is shown, useful e.g. for user names.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering systemd-ask-password gained a new --echo option to turn that

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering on.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

29d1fcb4a3c921a3d4490353474e9775f7b13b0eZbigniew Jędrzejewski-Szmek * The default sysctl.d/ snippets will now set:

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering net.core.default_qdisc = fq_codel

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering This selects Fair Queuing Controlled Delay as the default

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering queuing discipline for network interfaces. fq_codel helps

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering fight the network bufferbloat problem. It is believed to be

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering a good default with no tuning required for most workloads.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Downstream distributions may override this choice. On 10Gbit

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering servers that do not do forwarding, "fq" may perform better.

29d1fcb4a3c921a3d4490353474e9775f7b13b0eZbigniew Jędrzejewski-Szmek Systems without a good clocksource should use "pfifo_fast".

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * If kdbus is enabled during build a new option BusPolicy= is

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering available for service units, that allows locking all service

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering processes into a stricter bus policy, in order to limit

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering access to various bus services, or even hide most of them

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering from the service's view entirely.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * networkctl will now show the .network and .link file

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering networkd has applied to a specific interface.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * sd-login gained a new API call sd_session_get_desktop() to

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering query which desktop environment has been selected for a

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering session.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * UNIX utmp support is now compile-time optional to support

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering legacy-free systems.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemctl gained two new commands "add-wants" and

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering "add-requires" for pulling in units from specific targets

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering easily.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * If the word "rescue" is specified on the kernel command line

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering the system will now boot into rescue mode (aka

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering rescue.target), which was previously available only by

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering specifying "1" or "systemd.unit=rescue.target" on the kernel

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering command line. This new kernel command line option nicely

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering mirrors the already existing "emergency" kernel command line

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering option.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * New kernel command line options mount.usr=, mount.usrflags=,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering mount.usrfstype= have been added that match root=, rootflags=,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering rootfstype= but allow mounting a specific file system to

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering /usr.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * The $NOTIFY_SOCKET is now also passed to control processes of

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering services, not only the main process.

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering * This version reenables support for fsck's -l switch. This

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering means at least version v2.25 of util-linux is required for

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering operation, otherwise dead-locks on device nodes may

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering occur. Again: you need to update util-linux to at least

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering v2.25 when updating systemd to v217.

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering * The "multi-seat-x" tool has been removed from systemd, as

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering its functionality has been integrated into X servers 1.16,

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering and the tool is hence redundant. It is recommended to update

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering display managers invoking this tool to simply invoke X

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering directly from now on, again.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering message flag has been added for all of systemd's PolicyKit

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering authenticated method calls has been added. In particular

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering this now allows optional interactive authorization via

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering PolicyKit for many of PID1's privileged operations such as

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering unit file enabling and disabling.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * "udevadm hwdb --update" learnt a new switch "--usr" for

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering placing the rebuilt hardware database in /usr instead of

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering /etc. When used only hardware database entries stored in

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering /usr will be used, and any user database entries in /etc are

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering ignored. This functionality is useful for vendors to ship a

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering pre-built database on systems where local configuration is

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering unnecessary or unlikely.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * Calendar time specifications in .timer units now also

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering understand the strings "semi-annually", "quarterly" and

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering "minutely" as shortcuts (in addition to the preexisting

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering "anually", "hourly", ...).

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemd-tmpfiles will now correctly create files in /dev

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering at boot which are marked for creation only at boot. It is

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering recommended to always create static device nodes with 'c!'

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and 'b!', so that they are created only at boot and not

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering overwritten at runtime.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * When the watchdog logic is used for a service (WatchdogSec=)

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and the watchdog timeout is hit the service will now be

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering terminated with SIGABRT (instead of just SIGTERM), in order

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering to make sure a proper coredump and backtrace is

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering generated. This ensures that hanging services will result in

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering similar coredump/backtrace behaviour as services that hit a

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering segmentation fault.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Contributions from: Andreas Henriksson, Andrei Borzenkov,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Herrmann, David Sommerseth, David Strauss, Emil Renner

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Michael Marineau, Michael Olbrich, Michael Scherer, Michal

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Jędrzejewski-Szmek

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering -- Berlin, 2014-10-28

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart PoetteringCHANGES WITH 216:

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * timedated no longer reads NTP implementation unit names from

1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering implementations should add a

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Conflicts=systemd-timesyncd.service

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

1a2d5fbe7efa04181a2d5518bc510b84b280baf9David Herrmann to their unit files to take over and replace systemd's NTP

1a2d5fbe7efa04181a2d5518bc510b84b280baf9David Herrmann default functionality.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemd-sysusers gained a new line type "r" for configuring

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering which UID/GID ranges to allocate system users/groups

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering from. Lines of type "u" may now add an additional column

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering that specifies the home directory for the system user to be

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering created. Also, systemd-sysusers may now optionally read user

1a2d5fbe7efa04181a2d5518bc510b84b280baf9David Herrmann information from STDIN instead of a file. This is useful for

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering invoking it from RPM preinst scriptlets that need to create

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering users before the first RPM file is installed since these

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering files might need to be owned by them. A new

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering %sysusers_create_inline RPM macro has been introduced to do

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering just that. systemd-sysusers now updates the shadow files as

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering well as the user/group databases, which should enhance

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering compatibility with certain tools like grpck.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * A number of bus APIs of PID 1 now optionally consult

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering PolicyKit to permit access for otherwise unprivileged

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering clients under certain conditions. Note that this currently

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering doesn't support interactive authentication yet, but this is

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering expected to be added eventually, too.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * /etc/machine-info now has new fields for configuring the

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering deployment environment of the machine, as well as the

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering location of the machine. hostnamectl has been updated with

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering new command to update these fields.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemd-timesyncd has been updated to automatically acquire

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering NTP server information from systemd-networkd, which might

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering have been discovered via DHCP.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * systemd-resolved now includes a caching DNS stub resolver

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and a complete LLMNR name resolution implementation. A new

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering NSS module "nss-resolve" has been added which can be used

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering instead of glibc's own "nss-dns" to resolve hostnames via

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering systemd-resolved. Hostnames, addresses and arbitrary RRs may

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering be resolved via systemd-resolved D-Bus APIs. In contrast to

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering the glibc internal resolver systemd-resolved is aware of

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering multi-homed system, and keeps DNS server and caches separate

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and per-interface. Queries are sent simultaneously on all

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering interfaces that have DNS servers configured, in order to

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering properly handle VPNs and local LANs which might resolve

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering separate sets of domain names. systemd-resolved may acquire

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering DNS server information from systemd-networkd automatically,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering which in turn might have discovered them via DHCP. A tool

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering "systemd-resolve-host" has been added that may be used to

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering query the DNS logic in resolved. systemd-resolved implements

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering IDNA and automatically uses IDNA or UTF-8 encoding depending

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering on whether classic DNS or LLMNR is used as transport. In the

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering next releases we intend to add a DNSSEC and mDNS/DNS-SD

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering implementation to systemd-resolved.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * A new NSS module nss-mymachines has been added, that

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering automatically resolves the names of all local registered

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering containers to their respective IP addresses.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * A new client tool "networkctl" for systemd-networkd has been

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering added. It currently is entirely passive and will query

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering networking configuration from udev, rtnetlink and networkd,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and present it to the user in a very friendly

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering way. Eventually, we hope to extend it to become a full

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering control utility for networkd.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * .socket units gained a new DeferAcceptSec= setting that

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering controls the kernels' TCP_DEFER_ACCEPT sockopt for

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering TCP. Similar, support for controlling TCP keep-alive

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering settings has been added (KeepAliveTimeSec=,

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering turning off Nagle's algorithm on TCP has been added

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering (NoDelay=).

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * logind learned a new session type "web", for use in projects

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering like Cockpit which register web clients as PAM sessions.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering * timer units with at least one OnCalendar= setting will now

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering be started only after timer-sync.target has been

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering reached. This way they will not elapse before the system

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering clock has been corrected by a local NTP client or

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering similar. This is particular useful on RTC-less embedded

39315f9f8dd5a16b4561c5efffc6114c75835011Lennart Poettering machines, that come up with an invalid system clock.

481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-nspawn's --network-veth= switch should now result in

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering stable MAC addresses for both the outer and the inner side

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering of the link.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-nspawn gained a new --volatile= switch for running

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering container instances with /etc or /var unpopulated.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * The kdbus client code has been updated to use the new Linux

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering 3.17 memfd subsystem instead of the old kdbus-specific one.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-networkd's DHCP client and server now support

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering FORCERENEW. There are also new configuration options to

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering configure the vendor client identifier and broadcast mode

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering for DHCP.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd will no longer inform the kernel about the current

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering timezone, as this is necessarily incorrect and racy as the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering kernel has no understanding of DST and similar

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering concepts. This hence means FAT timestamps will be always

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering considered UTC, similar to what Android is already

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering doing. Also, when the RTC is configured to the local time

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering (rather than UTC) systemd will never synchronize back to it,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering as this might confuse Windows at a later boot.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-analyze gained a new command "verify" for offline

7edecf218e5884ec8d1549707b4c7a0572c2d93bThomas Hindoe Paaboel Andersen validation of unit files.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-networkd gained support for a couple of additional

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering settings for bonding networking setups. Also, the metric for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering statically configured routes may now be configured. For

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering network interfaces where this is appropriate the peer IP

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering address may now be configured.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-networkd's DHCP client will no longer request

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering broadcasting by default, as this tripped up some networks.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering For hardware where broadcast is required the feature should

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering be switched back on using RequestBroadcast=yes.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-networkd will now set up IPv4LL addresses (when

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering enabled) even if DHCP is configured successfully.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * udev will now default to respect network device names given

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering by the kernel when the kernel indicates that these are

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering predictable. This behavior can be tweaked by changing

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering NamePolicy= in the relevant .link file.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new library systemd-terminal has been added that

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering implements full TTY stream parsing and rendering. This

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering library is supposed to be used later on for implementing a

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering full userspace VT subsystem, replacing the current kernel

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering implementation.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new tool systemd-journal-upload has been added to push

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering journal data to a remote system running

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering systemd-journal-remote.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * journald will no longer forward all local data to another

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering running syslog daemon. This change has been made because

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering rsyslog (which appears to be the most commonly used syslog

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering implementation these days) no longer makes use of this, and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering instead pulls the data out of the journal on its own. Since

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering forwarding the messages to a non-existent syslog server is

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering more expensive than we assumed we have now turned this

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering off. If you run a syslog server that is not a recent rsyslog

94e5ba370aa12b47571f08112986d0b91935dee9Torstein Husebø version, you have to turn this option on again

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering (ForwardToSyslog= in journald.conf).

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * journald now optionally supports the LZ4 compressor for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering larger journal fields. This compressor should perform much

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering better than XZ which was the previous default.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * machinectl now shows the IP addresses of local containers,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering if it knows them, plus the interface name of the container.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new tool "systemd-escape" has been added that makes it

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering easy to escape strings to build unit names and similar.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * sd_notify() messages may now include a new ERRNO= field

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering which is parsed and collected by systemd and shown among the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering "systemctl status" output for a service.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new component "systemd-firstboot" has been added that

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering queries the most basic systemd information (timezone,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering hostname, root password) interactively on first

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering boot. Alternatively it may also be used to provision these

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering things offline on OS images installed into directories.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * The default sysctl.d/ snippets will now set

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering net.ipv4.conf.default.promote_secondaries=1

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering This has the benefit of no flushing secondary IP addresses

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering when primary addresses are removed.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Contributions from: Ansgar Burchardt, Bastien Nocera, Colin

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Mack, Dan Williams, Dave Reisner, David Herrmann, Denis

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering -- Berlin, 2014-08-19

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart PoetteringCHANGES WITH 215:

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new tool systemd-sysusers has been added. This tool

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering creates system users and groups in /etc/passwd and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering /etc/group, based on static declarative system user/group

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering definitions in /usr/lib/sysusers.d/. This is useful to

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering enable factory resets and volatile systems that boot up with

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering an empty /etc directory, and thus need system users and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering groups created during early boot. systemd now also ships

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering with two default sysusers.d/ files for the most basic

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering users and groups systemd and the core operating system

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering require.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new tmpfiles snippet has been added that rebuilds the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering essential files in /etc on boot, should they be missing.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A directive for ensuring automatic clean-up of

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering /var/cache/man/ has been removed from the default

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering configuration. This line should now be shipped by the man

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering implementation. The necessary change has been made to the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering man-db implementation. Note that you need to update your man

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering implementation to one that ships this line, otherwise no

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering automatic clean-up of /var/cache/man will take place.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new condition ConditionNeedsUpdate= has been added that

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering may conditionalize services to only run when /etc or /var

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering are "older" than the vendor operating system resources in

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering /usr. This is useful for reconstructing or updating /etc

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering after an offline update of /usr or a factory reset, on the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering next reboot. Services that want to run once after such an

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering update or reset should use this condition and order

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering themselves before the new systemd-update-done.service, which

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering will mark the two directories as fully updated. A number of

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering service files have been added making use of this, to rebuild

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the udev hardware database, the journald message catalog and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering dynamic loader cache (ldconfig). The systemd-sysusers tool

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering described above also makes use of this now. With this in

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering place it is now possible to start up a minimal operating

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering system with /etc empty cleanly. For more information on the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering concepts involved see this recent blog story:

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering http://0pointer.de/blog/projects/stateless.html

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

94e5ba370aa12b47571f08112986d0b91935dee9Torstein Husebø * A new system group "input" has been introduced, and all

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering input device nodes get this group assigned. This is useful

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering for system-level software to get access to input devices. It

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering complements what is already done for "audio" and "video".

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-networkd learnt minimal DHCPv4 server support in

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering addition to the existing DHCPv4 client support. It also

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering learnt DHCPv6 client and IPv6 Router Solicitation client

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering support. The DHCPv4 client gained support for static routes

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering passed in from the server. Note that the [DHCPv4] section

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering known in older systemd-networkd versions has been renamed to

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering [DHCP] and is now also used by the DHCPv6 client. Existing

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering .network files using settings of this section should be

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering updated, though compatibility is maintained. Optionally, the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering client hostname may now be sent to the DHCP server.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * networkd gained support for vxlan virtual networks as well

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering as tun/tap and dummy devices.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * networkd gained support for automatic allocation of address

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering ranges for interfaces from a system-wide pool of

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering addresses. This is useful for dynamically managing a large

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering number of interfaces with a single network configuration

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering file. In particular this is useful to easily assign

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering appropriate IP addresses to the veth links of a large number

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering of nspawn instances.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * RPM macros for processing sysusers, sysctl and binfmt

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering drop-in snippets at package installation time have been

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering added.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * The /etc/os-release file should now be placed in

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering /usr/lib/os-release. The old location is automatically

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering created as symlink. /usr/lib is the more appropriate

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering location of this file, since it shall actually describe the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering vendor operating system shipped in /usr, and not the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering configuration stored in /etc.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * .mount units gained a new boolean SloppyOptions= setting

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that maps to mount(8)'s -s option which enables permissive

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering parsing of unknown mount options.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * tmpfiles learnt a new "L+" directive which creates a symlink

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering but (unlike "L") deletes a pre-existing file first, should

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering it already exist and not already be the correct

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering symlink. Similar, "b+", "c+" and "p+" directives have been

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering added as well, which create block and character devices, as

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering well as fifos in the filesystem, possibly removing any

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering pre-existing files of different types.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * For tmpfiles' "L", "L+", "C" and "C+" directives the final

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering 'argument' field (which so far specified the source to

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering symlink/copy the files from) is now optional. If omitted the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering same file os copied from /usr/share/factory/ suffixed by the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering full destination path. This is useful for populating /etc

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering with essential files, by copying them from vendor defaults

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering shipped in /usr/share/factory/etc.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new command "systemctl preset-all" has been added that

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering applies the service preset settings to all installed unit

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering files. A new switch --preset-mode= has been added that

dd2fd155901a965ec0efa3adc460b33d2048d4c2Lennart Poettering controls whether only enable or only disable operations

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering shall be executed.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new command "systemctl is-system-running" has been added

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that allows checking the overall state of the system, for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering example whether it is fully up and running.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * When the system boots up with an empty /etc, the equivalent

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to "systemctl preset-all" is executed during early boot, to

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering make sure all default services are enabled after a factory

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering reset.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd now contains a minimal preset file that enables the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering most basic services systemd ships by default.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * Unit files' [Install] section gained a new DefaultInstance=

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering field for defining the default instance to create if a

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering template unit is enabled with no instance specified.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new passive target cryptsetup-pre.target has been added

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that may be used by services that need to make they run and

7edecf218e5884ec8d1549707b4c7a0572c2d93bThomas Hindoe Paaboel Andersen finish before the first LUKS cryptographic device is set up.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * The /dev/loop-control and /dev/btrfs-control device nodes

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering are now owned by the "disk" group by default, opening up

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering access to this group.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-coredump will now automatically generate a

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering stack trace of all core dumps taking place on the system,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering based on elfutils' libdw library. This stack trace is logged

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to the journal.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-coredump may now optionally store coredumps directly

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering on disk (in /var/lib/systemd/coredump, possibly compressed),

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering instead of storing them unconditionally in the journal. This

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering mode is the new default. A new configuration file

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering /etc/systemd/coredump.conf has been added to configure this

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering and other parameters of systemd-coredump.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * coredumpctl gained a new "info" verb to show details about a

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering specific coredump. A new switch "-1" has also been added

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that makes sure to only show information about the most

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering recent entry instead of all entries. Also, as the tool is

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering generally useful now the "systemd-" prefix of the binary

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering name has been removed. Distributions that want to maintain

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering compatibility with the old name should add a symlink from

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the old name to the new name.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * journald's SplitMode= now defaults to "uid". This makes sure

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that unprivileged users can access their own coredumps with

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering coredumpctl without restrictions.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * New kernel command line options "systemd.wants=" (for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering pulling an additional unit during boot), "systemd.mask="

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering (for masking a specific unit for the boot), and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering "systemd.debug-shell" (for enabling the debug shell on tty9)

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering have been added. This is implemented in the new generator

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering "systemd-debug-generator".

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * systemd-nspawn will now by default filter a couple of

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering syscalls for containers, among them those required for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering kernel module loading, direct x86 IO port access, swap

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering management, and kexec. Most importantly though

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering open_by_handle_at() is now prohibited for containers,

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering closing a hole similar to a recently discussed vulnerability

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering in docker regarding access to files on file hierarchies the

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering container should normally not have access to. Note that for

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering nspawn we generally make no security claims anyway (and

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering this is explicitly documented in the man page), so this is

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering just a fix for one of the most obvious problems.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * A new man page file-hierarchy(7) has been added that

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering contains a minimized, modernized version of the file system

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering layout systemd expects, similar in style to the FHS

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering specification or hier(5). A new tool systemd-path(1) has

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering been added to query many of these paths for the local

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering machine and user.

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering longer done. Since the directory now has a per-user size

615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering limit, and is cleaned on logout this appears unnecessary,

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering in particular since this now brings the lifecycle of this

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering directory closer in line with how IPC objects are handled.

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering * systemd.pc now exports a number of additional directories,

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering including $libdir (which is useful to identify the library

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering path for the primary architecture of the system), and a

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering couple of drop-in directories.

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering * udev's predictable network interface names now use the dev_port

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering sysfs attribute, introduced in linux 3.15 instead of dev_id to

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering distinguish between ports of the same PCI function. dev_id should

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering only be used for ports using the same HW address, hence the need

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering for dev_port.

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering * machined has been updated to export the OS version of a

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering container (read from /etc/os-release and

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering /usr/lib/os-release) on the bus. This is now shown in

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering "machinectl status" for a machine.

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering * A new service setting RestartForceExitStatus= has been

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering added. If configured to a set of exit signals or process

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering return values, the service will be restarted when the main

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering daemon process exits with any of them, regardless of the

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering Restart= setting.

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering

d2c643c662e2cb3b6d1445c17c80b4b2998d5c61Lennart Poettering * systemctl's -H switch for connecting to remote systemd

11ea2781eea4b912d2feb26785ece475e504c57bLennart Poettering machines has been extended so that it may be used to

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann directly connect to a specific container on the

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann host. "systemctl -H root@foobar:waldi" will now connect as

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering user "root" to host "foobar", and then proceed directly to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the container named "waldi". Note that currently you have to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering authenticate as user "root" for this to work, as entering

c7683ffb53da4ad4334cc9f813e39cffed7e0d0bEvgeny Vereshchagin containers is a privileged operation.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Contributions from: Andreas Henriksson, Benjamin Steinwender,

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt Carl Schaefer, Christian Hesse, Colin Ian King, Cristian

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering -- Berlin, 2014-07-03

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart PoetteringCHANGES WITH 214:

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * As an experimental feature, udev now tries to lock the

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering disk device node (flock(LOCK_SH|LOCK_NB)) while it

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering executes events for the disk or any of its partitions.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Applications like partitioning programs can lock the

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering disk device node (flock(LOCK_EX)) and claim temporary

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering device ownership that way; udev will entirely skip all event

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering handling for this disk and its partitions. If the disk

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering was opened for writing, the close will trigger a partition

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering table rescan in udev's "watch" facility, and if needed

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering synthesize "change" events for the disk and all its partitions.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering This is now unconditionally enabled, and if it turns out to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering cause major problems, we might turn it on only for specific

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering devices, or might need to disable it entirely. Device Mapper

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering devices are excluded from this logic.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering * We temporarily dropped the "-l" switch for fsck invocations,

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt since they collide with the flock() logic above. util-linux

122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering upstream has been changed already to avoid this conflict,

122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering and we will readd "-l" as soon as util-linux with this

122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering change has been released.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The dependency on libattr has been removed. Since a long

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering time, the extended attribute calls have moved to glibc, and

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering libattr is thus unnecessary.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Virtualization detection works without priviliges now. This

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt means the systemd-detect-virt binary no longer requires

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering CAP_SYS_PTRACE file capabilities, and our daemons can run

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering with fewer privileges.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * systemd-networkd now runs under its own "systemd-network"

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering loses the ability to write to files owned by root this way.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Similar, systemd-resolved now runs under its own

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering "systemd-resolve" user with no capabilities remaining.

a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Similar, systemd-bus-proxyd now runs under its own

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * systemd-networkd gained support for setting up "veth"

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering virtual ethernet devices for container connectivity, as well

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering as GRE and VTI tunnels.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * systemd-networkd will no longer automatically attempt to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering manually load kernel modules necessary for certain tunnel

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering transports. Instead, it is assumed the kernel loads them

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering automatically when required. This only works correctly on

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering very new kernels. On older kernels, please consider adding

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the kernel modules to /etc/modules-load.d/ as a work-around.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The resolv.conf file systemd-resolved generates has been

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering moved to /run/systemd/resolve/. If you have a symlink from

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering /etc/resolv.conf, it might be necessary to correct it.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Two new service settings, ProtectHome= and ProtectSystem=,

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering have been added. When enabled, they will make the user data

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering (such as /home) inaccessible or read-only and the system

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering (such as /usr) read-only, for specific services. This allows

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering very light-weight per-service sandboxing to avoid

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering modifications of user data or system files from

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering services. These two new switches have been enabled for all

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering of systemd's long-running services, where appropriate.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Socket units gained new SocketUser= and SocketGroup=

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering settings to set the owner user and group of AF_UNIX sockets

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering and FIFOs in the file system.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Socket units gained a new RemoveOnStop= setting. If enabled,

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering all FIFOS and sockets in the file system will be removed

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering when the specific socket unit is stopped.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Socket units gained a new Symlinks= setting. It takes a list

17c29493dc5c4c3ca886adfdc632d297c5eb06ebRonny Chevalier of symlinks to create to file system sockets or FIFOs

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering created by the specific Unix sockets. This is useful to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering manage symlinks to socket nodes with the same life-cycle as

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the socket itself.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The /dev/log socket and /dev/initctl FIFO have been moved to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering /run, and have been replaced by symlinks. This allows

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering connecting to these facilities even if PrivateDevices=yes is

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering used for a service (which makes /dev/log itself unavailable,

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering but /run is left). This also has the benefit of ensuring

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering that /dev only contains device nodes, directories and

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann symlinks, and nothing else.

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann * sd-daemon gained two new calls sd_pid_notify() and

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann sd_pid_notifyf(). They are similar to sd_notify() and

d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann sd_notifyf(), but allow overriding of the source PID of

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt notification messages if permissions permit this. This is

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering useful to send notify messages on behalf of a different

b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt process (for example, the parent process). The

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering systemd-notify tool has been updated to make use of this

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering when sending messages (so that notification messages now

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering originate from the shell script invoking systemd-notify and

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering not the systemd-notify process itself. This should minimize

17c29493dc5c4c3ca886adfdc632d297c5eb06ebRonny Chevalier a race where systemd fails to associate notification

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering messages to services when the originating process already

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering vanished.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * A new "on-abnormal" setting for Restart= has been added. If

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering set, it will result in automatic restarts on all "abnormal"

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering reasons for a process to exit, which includes unclean

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett signals, core dumps, timeouts and watchdog timeouts, but

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett does not include clean and unclean exit codes or clean

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett signals. Restart=on-abnormal is an alternative for

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett Restart=on-failure for services that shall be able to

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett terminate and avoid restarts on certain errors, by

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett indicating so with an unclean exit code. Restart=on-failure

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett or Restart=on-abnormal is now the recommended setting for

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett all long-running services.

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett * If the InaccessibleDirectories= service setting points to a

997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett mount point (or if there are any submounts contained within

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering it), it is now attempted to completely unmount it, to make

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the file systems truly unavailable for the respective

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering service.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The ReadOnlyDirectories= service setting and

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering systemd-nspawn's --read-only parameter are now recursively

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering applied to all submounts, too.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Mount units may now be created transiently via the bus APIs.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The support for SysV and LSB init scripts has been removed

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering from the systemd daemon itself. Instead, it is now

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering implemented as a generator that creates native systemd units

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering from these scripts when needed. This enables us to remove a

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering substantial amount of legacy code from PID 1, following the

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering fact that many distributions only ship a very small number

a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt of LSB/SysV init scripts nowadays.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * Privileged Xen (dom0) domains are not considered

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering virtualization anymore by the virtualization detection

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering logic. After all, they generally have unrestricted access to

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the hardware and usually are used to manage the unprivileged

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering (domU) domains.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * systemd-tmpfiles gained a new "C" line type, for copying

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering files or entire directories.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * systemd-tmpfiles "m" lines are now fully equivalent to "z"

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering lines. So far, they have been non-globbing versions of the

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering latter, and have thus been redundant. In future, it is

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering recommended to only use "z". "m" has hence been removed

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering from the documentation, even though it stays supported.

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * A tmpfiles snippet to recreate the most basic structure in

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering /var has been added. This is enough to create the /var/run →

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering /run symlink and create a couple of structural

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering directories. This allows systems to boot up with an empty or

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering volatile /var. Of course, while with this change, the core OS

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering now is capable with dealing with a volatile /var, not all

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering user services are ready for it. However, we hope that sooner

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering or later, many service daemons will be changed upstream so

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering that they are able to automatically create their necessary

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering directories in /var at boot, should they be missing. This is

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering the first step to allow state-less systems that only require

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering the vendor image for /usr to boot.

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering * systemd-nspawn has gained a new --tmpfs= switch to mount an

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering empty tmpfs instance to a specific directory. This is

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering particularly useful for making use of the automatic

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering reconstruction of /var (see above), by passing --tmpfs=/var.

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering * Access modes specified in tmpfiles snippets may now be

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering prefixed with "~", which indicates that they shall be masked

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering by whether the existing file or directory is currently

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering writable, readable or executable at all. Also, if specified,

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering the sgid/suid/sticky bits will be masked for all

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering non-directories.

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering * A new passive target unit "network-pre.target" has been

7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering added which is useful for services that shall run before any

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering network is configured, for example firewall scripts.

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering

f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering * The "floppy" group that previously owned the /dev/fd*

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek devices is no longer used. The "disk" group is now used

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek instead. Distributions should probably deprecate usage of

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering this group.

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,

a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny

a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel

a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew

a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek Jędrzejewski-Szmek

2a97b03b3b087e724867e7501ae0c1535ee35031Umut Tezduyar Lindskog

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek -- Berlin, 2014-06-11

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart PoetteringCHANGES WITH 213:

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering * A new "systemd-timesyncd" daemon has been added for

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering synchronizing the system clock across the network. It

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek implements an SNTP client. In contrast to NTP

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering implementations such as chrony or the NTP reference server,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering this only implements a client side, and does not bother with

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek the full NTP complexity, focusing only on querying time from

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek one remote server and synchronizing the local clock to

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek it. Unless you intend to serve NTP to networked clients or

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek want to connect to local hardware clocks, this simple NTP

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek client should be more than appropriate for most

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek installations. The daemon runs with minimal privileges, and

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering has been hooked up with networkd to only operate when

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering network connectivity is available. The daemon saves the

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering current clock to disk every time a new NTP sync has been

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering acquired, and uses this to possibly correct the system clock

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering early at bootup, in order to accommodate for systems that

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering lack an RTC such as the Raspberry Pi and embedded devices,

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering and to make sure that time monotonically progresses on these

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering systems, even if it is not always correct. To make use of

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering this daemon, a new system user and group "systemd-timesync"

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering needs to be created on installation of systemd.

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering * The queue "seqnum" interface of libudev has been disabled, as

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering it was generally incompatible with device namespacing as

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering sequence numbers of devices go "missing" if the devices are

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering part of a different namespace.

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering

4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering * "systemctl list-timers" and "systemctl list-sockets" gained

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek a --recursive switch for showing units of these types also

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek for all local containers, similar in style to the already

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek supported --recursive switch for "systemctl list-units".

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * A new RebootArgument= setting has been added for service

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek units, which may be used to specify a kernel reboot argument

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek to use when triggering reboots with StartLimitAction=.

81c7dd897c6af68e66b58e97abce676641edc197Lennart Poettering

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * A new FailureAction= setting has been added for service

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering units which may be used to specify an operation to trigger

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering when a service fails. This works similarly to

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering StartLimitAction=, but unlike it, controls what is done

090771492f155cebe7075171530e96c1cd515d71Lennart Poettering immediately rather than only after several attempts to

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek restart the service in question.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * hostnamed got updated to also expose the kernel name,

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek release, and version on the bus. This is useful for

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers executing commands like hostnamectl with the -H switch.

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering systemd-analyze makes use of this to properly display

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek details when running non-locally.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * The bootchart tool can now show cgroup information in the

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek graphs it generates.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * The CFS CPU quota cgroup attribute is now exposed for

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek services. The new CPUQuota= switch has been added for this

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek which takes a percentage value. Setting this will have the

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek result that a service may never get more CPU time than the

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering specified percentage, even if the machine is otherwise idle.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering * systemd-networkd learned IPIP and SIT tunnel support.

f6d1de8547b1e957773f8b6764420579c8378aafRonny Chevalier

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * LSB init scripts exposing a dependency on $network will now

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering get a dependency on network-online.target rather than simply

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering network.target. This should bring LSB handling closer to

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering what it was on SysV systems.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

c4ac990007cd0069bb7e76ec15dd731320f382fdLennart Poettering * A new fsck.repair= kernel option has been added to control

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek how fsck shall deal with unclean file systems at boot.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek * The (.ini) configuration file parser will now silently

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek ignore sections whose name begins with "X-". This may be

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek used to maintain application-specific extension sections in unit

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek files.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers * machined gained a new API to query the IP addresses of

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering registered containers. "machinectl status" has been updated

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering to show these addresses in its output.

b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt * A new call sd_uid_get_display() has been added to the

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt sd-login APIs for querying the "primary" session of a

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt user. The "primary" session of the user is elected from the

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt user's sessions and generally a graphical session is

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers preferred over a text one.

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt * A minimal systemd-resolved daemon has been added. It

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt currently simply acts as a companion to systemd-networkd and

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt manages resolv.conf based on per-interface DNS

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt configuration, possibly supplied via DHCP. In the long run

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt we hope to extend this into a local DNSSEC enabled DNS and

e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt mDNS cache.

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering * The systemd-networkd-wait-online tool is now enabled by

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering default. It will delay network-online.target until a network

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering connection has been configured. The tool primarily integrates

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering with networkd, but will also make a best effort to make sense

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering of network configuration performed in some other way.

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering * Two new service options StartupCPUShares= and

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering StartupBlockIOWeight= have been added that work similarly to

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering CPUShares= and BlockIOWeight= however only apply during

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering system startup. This is useful to prioritize certain services

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering differently during bootup than during normal runtime.

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering * hostnamed has been changed to prefer the statically

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering configured hostname in /etc/hostname (unless set to

4bdc60cb6fab336d455abbbd269e5bfccf760c91Lennart Poettering 'localhost' or empty) over any dynamic one supplied by

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering dhcp. With this change, the rules for picking the hostname

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering match more closely the rules of other configuration settings

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering where the local administrator's configuration in /etc always

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering overrides any other settings.

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering David Strauss, Dimitris Spingos, Djalal Harouni, Eelco

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,

f6d1de8547b1e957773f8b6764420579c8378aafRonny Chevalier Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Lindskog, WaLyong Cho, Will Woods, Zbigniew

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering Jędrzejewski-Szmek

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering -- Beijing, 2014-05-28

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering

78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart PoetteringCHANGES WITH 212:

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets * When restoring the screen brightness at boot, stay away from

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets the darkest setting or from the lowest 5% of the available

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets range, depending on which is the larger value of both. This

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets should effectively protect the user from rebooting into a

3769415e6573da64fb80e31f4bb3f850cd99031eTimofey Titovets black screen, should the brightness have been set to minimum

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering by accident.

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering * sd-login gained a new sd_machine_get_class() call to

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering determine the class ("vm" or "container") of a machine

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers registered with machined.

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering

fae9332b140ffa3c1b04c80ac4cd3f2796e8cf3cLennart Poettering * sd-login gained new calls

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering to query the identity of the peer of a local AF_UNIX

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering connection. They operate similarly to their sd_pid_get_xyz()

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering counterparts.

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering * PID 1 will now maintain a system-wide system state engine

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering with the states "starting", "running", "degraded",

cfa1571b7f5a45927f76e54790974183a273d17aLennart Poettering "maintenance", "stopping". These states are bound to system

7e63dd1015c9ac6fc2042e45b0a87a3f9f8b9336Lennart Poettering startup, normal runtime, runtime with at least one failed

7e63dd1015c9ac6fc2042e45b0a87a3f9f8b9336Lennart Poettering service, rescue/emergency mode and system shutdown. This

ba8df74bb643c0f7c343fef78bba3661b0f9c31cKay Sievers state is shown in the "systemctl status" output when no unit

7e63dd1015c9ac6fc2042e45b0a87a3f9f8b9336Lennart Poettering name is passed. It is useful to determine system state, in

7e63dd1015c9ac6fc2042e45b0a87a3f9f8b9336Lennart Poettering particularly when doing so for many systems or containers at

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen once.

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen * A new command "list-machines" has been added to "systemctl"

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen that lists all local OS containers and shows their system

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen state (see above), if systemd runs inside of them.

d4474c41ca3854db1b7a7b30765bb59fc570e1c4Tom Gundersen

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering * systemctl gained a new "-r" switch to recursively enumerate

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering units on all local containers, when used with the

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering "list-unit" command (which is the default one that is

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering executed when no parameters are specified).

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering * The GPT automatic partition discovery logic will now honour

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering two GPT partition flags: one may be set on a partition to

3b187c5cee0a9584d7c31e10f9fe008b94cf6d58Lennart Poettering cause it to be mounted read-only, and the other may be set

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering on a partition to ignore it during automatic discovery.

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering * Two new GPT type UUIDs have been added for automatic root

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering partition discovery, for 32-bit and 64-bit ARM. This is not

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering particularly useful for discovering the root directory on

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering these architectures during bare-metal boots (since UEFI is

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering not common there), but still very useful to allow booting of

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering ARM disk images in nspawn with the -i option.

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering * MAC addresses of interfaces created with nspawn's

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering --network-interface= switch will now be generated from the

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering machine name, and thus be stable between multiple invocations

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering of the container.

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering * logind will now automatically remove all IPC objects owned

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering by a user if she or he fully logs out. This makes sure that

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering users who are logged out cannot continue to consume IPC

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering resources. This covers SysV memory, semaphores and message

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering queues as well as POSIX shared memory and message

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering queues. Traditionally, SysV and POSIX IPC had no life-cycle

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering limits. With this functionality, that is corrected. This may

13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering be turned off by using the RemoveIPC= switch of logind.conf.

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering * The systemd-machine-id-setup and tmpfiles tools gained a

4b08dd87eebb4b634bdd5708ac1ba68dcee205b3Lennart Poettering --root= switch to operate on a specific root directory,

b72ddf0f4f552dd53d6404b6ddbc9f17d02b8e12Kay Sievers instead of /.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * journald can now forward logged messages to the TTYs of all

b72ddf0f4f552dd53d6404b6ddbc9f17d02b8e12Kay Sievers logged in users ("wall"). This is the default for all

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering emergency messages now.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b72ddf0f4f552dd53d6404b6ddbc9f17d02b8e12Kay Sievers * A new tool systemd-journal-remote has been added to stream

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering journal log messages across the network.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * /sys/fs/cgroup/ is now mounted read-only after all cgroup

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering controller trees are mounted into it. Note that the

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering directories mounted beneath it are not read-only. This is a

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering security measure and is particularly useful because glibc

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering actually includes a search logic to pick any tmpfs it can

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering find to implement shm_open() if /dev/shm is not available

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering (which it might very well be in namespaced setups).

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * machinectl gained a new "poweroff" command to cleanly power

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering down a local OS container.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * The PrivateDevices= unit file setting will now also drop the

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering CAP_MKNOD capability from the capability bound set, and

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering imply DevicePolicy=closed.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering comprehensively on all long-running systemd services where

5f02e26ca7c039837dbaea63f3d3664fe45c26b9Thomas Hindoe Paaboel Andersen this is appropriate.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * systemd-udevd will now run in a disassociated mount

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering namespace. To mount directories from udev rules, make sure to

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering pull in mount units via SYSTEMD_WANTS properties.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * The kdbus support gained support for uploading policy into

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering the kernel. sd-bus gained support for creating "monitoring"

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering connections that can eavesdrop into all bus communication

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering for debugging purposes.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * Timestamps may now be specified in seconds since the UNIX

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering epoch Jan 1st, 1970 by specifying "@" followed by the value

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering in seconds.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * Native tcpwrap support in systemd has been removed. tcpwrap

daa05349dfefb12638c96e034c11be613bdc39b7Ansgar Burchardt is old code, not really maintained anymore and has serious

daa05349dfefb12638c96e034c11be613bdc39b7Ansgar Burchardt shortcomings, and better options such as firewalls

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering exist. For setups that require tcpwrap usage, please

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering consider invoking your socket-activated service via tcpd,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering like on traditional inetd.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

5f02e26ca7c039837dbaea63f3d3664fe45c26b9Thomas Hindoe Paaboel Andersen * A new system.conf configuration option

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering DefaultTimerAccuracySec= has been added that controls the

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering default AccuracySec= setting of .timer units.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

a1a4a25e7f6b515d0c8c25257714299853f261aaDaniel Mack * Timer units gained a new WakeSystem= switch. If enabled,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering timers configured this way will cause the system to resume

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering from system suspend (if the system supports that, which most

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering do these days).

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * Timer units gained a new Persistent= switch. If enabled,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering timers configured this way will save to disk when they have

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering been last triggered. This information is then used on next

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering reboot to possible execute overdue timer events, that

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering could not take place because the system was powered off.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering This enables simple anacron-like behaviour for timer units.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * systemctl's "list-timers" will now also list the time a

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering timer unit was last triggered in addition to the next time

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering it will be triggered.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

5f02e26ca7c039837dbaea63f3d3664fe45c26b9Thomas Hindoe Paaboel Andersen * systemd-networkd will now assign predictable IPv4LL

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering addresses to its local interfaces.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Dave Reisner, David Herrmann, Gerd Hoffmann, Greg

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh

a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering Jędrzejewski-Szmek

a1a4a25e7f6b515d0c8c25257714299853f261aaDaniel Mack

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering -- Berlin, 2014-03-25

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart PoetteringCHANGES WITH 211:

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * A new unit file setting RestrictAddressFamilies= has been

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering added to restrict which socket address families unit

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering processes gain access to. This takes address family names

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering like "AF_INET" or "AF_UNIX", and is useful to minimize the

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering attack surface of services via exotic protocol stacks. This

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering is built on seccomp system call filters.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * Two new unit file settings RuntimeDirectory= and

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering RuntimeDirectoryMode= have been added that may be used to

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering manage a per-daemon runtime directories below /run. This is

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering an alternative for setting up directory permissions with

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering tmpfiles snippets, and has the advantage that the runtime

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering directory's lifetime is bound to the daemon runtime and that

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering the daemon starts up with an empty directory each time. This

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering is particularly useful when writing services that drop

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering privileges using the User= or Group= setting.

01da80b1aa0e21f8785d467afc295e37fd00ffa1Lennart Poettering

01da80b1aa0e21f8785d467afc295e37fd00ffa1Lennart Poettering * The DeviceAllow= unit setting now supports globbing for

01da80b1aa0e21f8785d467afc295e37fd00ffa1Lennart Poettering matching against device group names.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * The systemd configuration file system.conf gained new

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering DefaultMemoryAccounting= to globally turn on/off accounting

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering for specific resources (cgroups) for all units. These

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering settings may still be overridden individually in each unit

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering though.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * systemd-gpt-auto-generator is now able to discover /srv and

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering root partitions in addition to /home and swap partitions. It

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering also supports LUKS-encrypted partitions now. With this in

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering place, automatic discovery of partitions to mount following

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering the Discoverable Partitions Specification

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering is now a lot more complete. This allows booting without

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering /etc/fstab and without root= on the kernel command line on

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering systems prepared appropriately.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * systemd-nspawn gained a new --image= switch which allows

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen booting up disk images and Linux installations on any block

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen device that follow the Discoverable Partitions Specification

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen (see above). This means that installations made with

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen appropriately updated installers may now be started and

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen deployed using container managers, completely

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen unmodified. (We hope that libvirt-lxc will add support for

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen this feature soon, too.)

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen * systemd-nspawn gained a new --network-macvlan= setting to

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen set up a private macvlan interface for the

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen container. Similarly, systemd-networkd gained a new

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen Kind=macvlan setting in .netdev files.

265684034fac5f2674723ab7ace55b2485a1b29fTom Gundersen

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * systemd-networkd now supports configuring local addresses

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering using IPv4LL.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * A new tool systemd-network-wait-online has been added to

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering synchronously wait for network connectivity using

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering systemd-networkd.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * The sd-bus.h bus API gained a new sd_bus_track object for

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering tracking the life-cycle of bus peers. Note that sd-bus.h is

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering still not a public API though (unless you specify

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering --enable-kdbus on the configure command line, which however

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering voids your warranty and you get no API stability guarantee).

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * The $XDG_RUNTIME_DIR runtime directories for each user are

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering now individual tmpfs instances, which has the benefit of

5f02e26ca7c039837dbaea63f3d3664fe45c26b9Thomas Hindoe Paaboel Andersen introducing separate pools for each user, with individual

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering size limits, and thus making sure that unprivileged clients

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering can no longer negatively impact the system or other users by

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering filling up their $XDG_RUNTIME_DIR. A new logind.conf setting

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering RuntimeDirectorySize= has been introduced that allows

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering controlling the default size limit for all users. It

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering defaults to 10% of the available physical memory. This is no

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering replacement for quotas on tmpfs though (which the kernel

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering still does not support), as /dev/shm and /tmp are still

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering shared resources used by both the system and unprivileged

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering users.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering * logind will now automatically turn off automatic suspending

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering on laptop lid close when more than one display is

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering connected. This was previously expected to be implemented

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering individually in desktop environments (such as GNOME),

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering however has been added to logind now, in order to fix a

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering boot-time race where a desktop environment might not have

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering been started yet and thus not been able to take an inhibitor

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering lock at the time where logind already suspends the system

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering due to a closed lid.

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering

a1a4a25e7f6b515d0c8c25257714299853f261aaDaniel Mack * logind will now wait at least 30s after each system

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering suspend/resume cycle, and 3min after system boot before

b2ca0d63277b10c9382d5bcfcdf320dbb712511bLennart Poettering suspending the system due to a closed laptop lid. This