NEWS revision 4bdc60cb6fab336d455abbbd269e5bfccf760c91
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poetteringsystemd System and Service Manager
1fab57c209035f7e66198343074e9cee06718bdaKay SieversCHANGES WITH 217:
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers * journalctl gained option -t/--identifier to match on the
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers syslog identifier and --utc option to show timestamps in UTC
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers timezone. journalctl now also accepts -n/--lines=all to
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers disable line cap under a pager.
7c66aeba0f28cb82027d6015405ed71afa3b6059Kay Sievers * Services can notify the manager before they start a reload
7c66aeba0f28cb82027d6015405ed71afa3b6059Kay Sievers (by sending RELOADING=1) or shutdown (by sending
c904f64d84db8c4eebedf210ba10893f19ba05edLennart Poettering STOPPING=1). This allows the manager to track and show the
c904f64d84db8c4eebedf210ba10893f19ba05edLennart Poettering internal state of daemons and closes a race condition when
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers the process is still running but has closed its d-bus
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers * Services with Type=oneshot do not have to have any
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering ExecStart commands anymore.
a40593a0d0d740efa387e35411e1e456a6c5aba7Lennart Poettering * User units are now loaded also from
20ffc4c4a9226b0e45cc02ad9c0108981626c0bbKay Sievers $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
a6f0104a16350a4c2660837da6e0e5c2e50e2389Zbigniew Jędrzejewski-Szmek /run/systemd/user directory that was already previously
a6f0104a16350a4c2660837da6e0e5c2e50e2389Zbigniew Jędrzejewski-Szmek supported, but is under the control of the user.
a6f0104a16350a4c2660837da6e0e5c2e50e2389Zbigniew Jędrzejewski-Szmek * A timeout for the start of the system can be configured. The
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski system can be configured to reboot or poweroff if the basic
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski system default target is not reached before the timeout (new
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski StartTimeoutSec=, StartTimeoutAction=,
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek StartTimeoutRebootArgument= options).
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek * systemd-logind can be configured to also handle lid switch
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek events even when the machine is docked or multiple displays
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers are attached (HandleLidSwitchDocked= option).
dc7adf202b82fc0054c457ce6ca3bcedb88dde57Lennart Poettering * A helper binary and a service have been added which can be
7b4da18c1717f811bae67ea3d39290495857c03eLennart Poettering used to resume from hibernation in the initramfs. A
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering generator will parse the resume= option on the kernel
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering command-line to trigger resume.
55d32caf94d8df547ca763be52b0c35bb6388606Lennart Poettering * A user console daemon systemd-consoled has been added. It is
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers a preview, and will so far open a single terminal on each
55d32caf94d8df547ca763be52b0c35bb6388606Lennart Poettering session of the user marked as Desktop=SYSTEMD-CONSOLE.
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering * Route metrics can be specified for DHCP routes added by
94bbc9915a4272a20feda86c5f97b8a587482aa1Lennart Poettering systemd-networkd.
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering * SELinux context of socket-actived services can be set from
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering the information provided by the remote peer
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering (SELinuxContextFromNet= option).
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering * Userspace firmware loading support has been removed and
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering the minimum supported kernel version is thus bumped to 3.7.
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering * Timeout for udev workers has been increased from 1 to 3
049b4474b35d0b854f87b0795a5113665413f6a4Lennart Poettering minutes, but a warning will be printed after 1 minute to
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering help diagnose kernel modules that take a long time to load.
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering * Udev rules can now remove tags with TAG-="foobar".
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering * systemd's readahead implementation has been removed. In many
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering circumstatances it didn't give expected benefits even for
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering rotational disk drives and was becoming less relevant in the
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering * Swap units can use Discard= to specify discard options.
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering Discard options specified for swaps in /etc/fstab are now
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering * Docker containers are now detected as a separate type of
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering virtualization.
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering * The Password Agent protocol gained support for queries where
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering the user input is shown, useful e.g. for usernames.
7b617155b50fdaad5d06359eb03e98f0c7b3087bLennart Poettering systemd-ask-password gained a new --echo option to turn
4c3a31668e4f3be9a35177a35d5b9794cdff663eLennart Poettering * The default sysctl.d/ snippets will now set:
94bbc9915a4272a20feda86c5f97b8a587482aa1Lennart Poettering This selects Fair Queueing Controlled Delay as the default
07beec1244817a0e6e9d79798f7c65bd89b23549Lennart Poettering queueing discipline for network interfaces. fq_codel helps
07beec1244817a0e6e9d79798f7c65bd89b23549Lennart Poettering fight the network bufferbloat problem. It is believed to be
5a4555ba6bc8ea086823fb71cb1cb92d4ec087a2Lennart Poettering a good default with no tuning required for most workloads.
5a4555ba6bc8ea086823fb71cb1cb92d4ec087a2Lennart Poettering Downstream distributions may override this choice. On 10Gbit
afaba0234727db6a82e323665d7d86f971f3090cLennart Poettering servers that do not do forwarding, "fq" may perform better.
afaba0234727db6a82e323665d7d86f971f3090cLennart Poettering Systems without a good clocksource should use "pfifo_fast".
4c4ae27d4d314d0dc1c42cd6bfc7b9ae31660885Lennart Poettering * If kdbus is enabled during build a new option BusPolicy= is
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering available for service units, that allows locking all service
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering processes into a stricter bus policy, in order to limit
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering access to various bus services, or even hide most of them
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering from the service's view entirely.
6aaa8c2f783cd1b3ac27c5ce40625d032e7e3d71Zbigniew Jędrzejewski-Szmek * networkctl will now show the .network and .link file
c3bb87dbab8b79bb9253407cb5b7f3e6fe8db395Lennart Poettering networkd has applied to a specific interface.
e7256c5c137e58fb3dc1ebca8e5845733a5f733cLennart Poettering * sd-login gained a new API call sd_session_get_desktop() to
042e33ae3a7feb08c8105f1345fd244315109405Lennart Poettering query which desktop environment has been selected for a
18d4e7c26e7806ac363d19989df7144d5058ce41Lennart Poettering * UNIX utmp support is now compile-time optional to support
36c0868b67a9387d39c97983d3d22cfce0fedc62Lennart Poettering legacy-free systems.
fa7deadb074dfbe473cf3bd942768dbd94cbf7c3Lennart PoetteringCHANGES WITH 216:
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering * timedated no longer reads NTP implementation unit names from
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering implementations should add a
d907c2086716681936755f28ac80b3445c6d0196Lennart Poettering to their unit files to take over and replace systemd's NTP
d907c2086716681936755f28ac80b3445c6d0196Lennart Poettering default functionality.
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering * systemd-sysusers gained a new line type "r" for configuring
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering which UID/GID ranges to allocate system users/groups
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering from. Lines of type "u" may now add an additional column
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering that specifies the home directory for the system user to be
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering created. Also, systemd-sysusers may now optionally read user
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering information from STDIN instead of a file. This is useful for
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering invoking it from RPM preinst scriptlets that need to create
fb6becb4436ae4078337011b2017ce294e7361cfLennart Poettering users before the first RPM file is installed since these
fb6becb4436ae4078337011b2017ce294e7361cfLennart Poettering files might need to be owned by them. A new
6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering %sysusers_create_inline RPM macro has been introduced to do
6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering just that. systemd-sysusers now updates the shadow files as
11ddb6f48e367ae4b51c31d199b28f5be041a301Lennart Poettering well as the user/group databases, which should enhance
11ddb6f48e367ae4b51c31d199b28f5be041a301Lennart Poettering compatibility with certain tools like grpck.
7041efe9600e569da6089c36d00fa3ff58e33178Lennart Poettering * A number of bus APIs of PID 1 now optionally consult
b42defe3b8ed3947d85db654a6cdb1b9999f394dLennart Poettering PolicyKit to permit access for otherwise unprivileged
b42defe3b8ed3947d85db654a6cdb1b9999f394dLennart Poettering clients under certain conditions. Note that this currently
4ad490007b70e6ac18d3cb04fa2ed92eba1451faLennart Poettering doesn't support interactive authentication yet, but this is
3d3ee759e682701fce77b6559508e697e9e60fbfLennart Poettering expected to be added eventually, too.
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering * /etc/machine-info now has new fields for configuring the
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering deployment environment of the machine, as well as the
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering location of the machine. hostnamectl has been updated with
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek new command to update these fields.
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers * systemd-timesyncd has been updated to automatically acquire
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers NTP server information from systemd-networkd, which might
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering have been discovered via DHCP.
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering * systemd-resolved now includes a caching DNS stub resolver
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering and a complete LLMNR name resolution implementation. A new
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering NSS module "nss-resolve" has been added which can be used
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering instead of glibc's own "nss-dns" to resolve hostnames via
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering systemd-resolved. Hostnames, addresses and arbitrary RRs may
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering be resolved via systemd-resolved D-Bus APIs. In contrast to
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering the glibc internal resolver systemd-resolved is aware of
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering multi-homed system, and keeps DNS server and caches separate
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering and per-interface. Queries are sent simultaneously on all
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering interfaces that have DNS servers configured, in order to
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering properly handle VPNs and local LANs which might resolve
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering separate sets of domain names. systemd-resolved may acquire
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering DNS server information from systemd-networkd automatically,
a65f06bb27688a6738f2f94b7f055f4c66768d63Zbigniew Jędrzejewski-Szmek which in turn might have discovered them via DHCP. A tool
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering "systemd-resolve-host" has been added that may be used to
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering query the DNS logic in resolved. systemd-resolved implements
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering IDNA and automatically uses IDNA or UTF-8 encoding depending
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering on whether classic DNS or LLMNR is used as transport. In the
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering next releases we intend to add a DNSSEC and mDNS/DNS-SD
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering implementation to systemd-resolved.
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering * A new NSS module nss-mymachines has been added, that
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering automatically resolves the names of all local registered
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering containers to their respective IP addresses.
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering * A new client tool "networkctl" for systemd-networkd has been
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering added. It currently is entirely passive and will query
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering networking configuration from udev, rtnetlink and networkd,
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering and present it to the user in a very friendly
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering way. Eventually, we hope to extend it to become a full
e4ee6e5cc3e8e23e1ecc0d9fa756d9cc2534d218Lennart Poettering control utility for networkd.
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering * .socket units gained a new DeferAcceptSec= setting that
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering controls the kernels' TCP_DEFER_ACCEPT sockopt for
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering TCP. Similar, support for controlling TCP keep-alive
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering settings has been added (KeepAliveTimeSec=,
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering turning off Nagle's algorithm on TCP has been added
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering * logind learned a new session type "web", for use in projects
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering like Cockpit which register web clients as PAM sessions.
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering * timer units with at least one OnCalendar= setting will now
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering be started only after timer-sync.target has been
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering reached. This way they will not elapse before the system
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering clock has been corrected by a local NTP client or
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering similar. This is particular useful on RTC-less embedded
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering machines, that come up with an invalid system clock.
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering * systemd-nspawn's --network-veth= switch should now result in
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek stable MAC addresses for both the outer and the inner side
e8a7a315391a6a07897122725cd707f4e9ce63d7Lennart Poettering * systemd-nspawn gained a new --volatile= switch for running
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering container instances with /etc or /var unpopulated.
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering * The kdbus client code has been updated to use the new Linux
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering 3.17 memfd subsystem instead of the old kdbus-specific one.
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering * systemd-networkd's DHCP client and server now support
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering FORCERENEW. There are also new configuration options to
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering configure the vendor client identifier and broadcast mode
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering * systemd will no longer inform the kernel about the current
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering timezone, as this is necessarily incorrect and racy as the
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering kernel has no understanding of DST and similar
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering concepts. This hence means FAT timestamps will be always
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering considered UTC, similar to what Android is already
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering doing. Also, when the RTC is configured to the local time
4a449ed73d2c1cfb91a1c773b70231b3457b3046Lennart Poettering (rather than UTC) systemd will never synchronize back to it,
755123030a4b4c82251b49155aa0e7f523081558Harald Hoyer as this might confuse Windows at a later boot.
4a449ed73d2c1cfb91a1c773b70231b3457b3046Lennart Poettering * systemd-analyze gained a new command "verify" for offline
4ff49cb63075aba646b578f2516b37a8dfd5a65bLennart Poettering validation of unit files.
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek * systemd-networkd gained support for a couple of additional
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek settings for bonding networking setups. Also, the metric for
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek statically configured routes may now be configured. For
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek network interfaces where this is appropriate the peer IP
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering address may now be configured.
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering * systemd-networkd's DHCP client will no longer request
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering broadcasting by default, as this tripped up some networks.
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering For hardware where broadcast is required the feature should
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering be switched back on using RequestBroadcast=yes.
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering * systemd-networkd will now set up IPv4LL addresses (when
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering enabled) even if DHCP is configured successfully.
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering * udev will now default to respect network device names given
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering by the kernel when the kernel indicates that these are
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering predictable. This behavior can be tweaked by changing
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering NamePolicy= in the relevant .link file.
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering * A new library systemd-terminal has been added that
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering implements full TTY stream parsing and rendering. This
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering library is supposed to be used later on for implementing a
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering full userspace VT subsystem, replacing the current kernel
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett implementation.
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett * A new tool systemd-journal-upload has been added to push
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett journal data to a remote system running
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett systemd-journal-remote.
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering * journald will no longer forward all local data to another
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering running syslog daemon. This change has been made because
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering rsyslog (which appears to be the most commonly used syslog
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering implementation these days) no longer makes use of this, and
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering instead pulls the data out of the journal on its own. Since
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering forwarding the messages to a non-existent syslog server is
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering more expensive than we assumed we have now turned this
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering off. If you run a syslog server that is not a recent rsyslog
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering version, you have to turn this option on again
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering (ForwardToSyslog= in journald.conf).
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering * journald now optionally supports the LZ4 compressor for
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering larger journal fields. This compressor should perform much
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering better than XZ which was the previous default.
487060c2394b7703e59650ef332053645ffae2a3Lennart Poettering * machinectl now shows the IP addresses of local containers,
e5ec62c56963d997edaffa904af5dc45dac23988Lennart Poettering if it knows them, plus the interface name of the container.
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering * A new tool "systemd-escape" has been added that makes it
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering easy to escape strings to build unit names and similar.
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering * sd_notify() messages may now include a new ERRNO= field
8973790ee6f62132b1b57de15c4edaef2c097004Lennart Poettering which is parsed and collected by systemd and shown among the
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering "systemctl status" output for a service.
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering * A new component "systemd-firstboot" has been added that
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering queries the most basic systemd information (timezone,
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering hostname, root password) interactively on first
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering boot. Alternatively it may also be used to provision these
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering things offline on OS images installed into directories.
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering * The default sysctl.d/ snippets will now set
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering net.ipv4.conf.default.promote_secondaries=1
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering This has the benefit of no flushing secondary IP addresses
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering when primary addresses are removed.
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
cbb7712189527f9f483321607e44c4ead3dd11b8Lennart Poettering Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
cbb7712189527f9f483321607e44c4ead3dd11b8Lennart Poettering Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
d01a73b6396f57792113c1b5df6e8492fc703e5eLennart Poettering Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
d01a73b6396f57792113c1b5df6e8492fc703e5eLennart Poettering Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering -- Berlin, 2014-08-19
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart PoetteringCHANGES WITH 215:
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering * A new tool systemd-sysusers has been added. This tool
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering creates system users and groups in /etc/passwd and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /etc/group, based on static declarative system user/group
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering definitions in /usr/lib/sysusers.d/. This is useful to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering enable factory resets and volatile systems that boot up with
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering an empty /etc directory, and thus need system users and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering groups created during early boot. systemd now also ships
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers with two default sysusers.d/ files for the most basic
e41814846c19a48f4490169d82e359e005c4db45Lennart Poettering users and groups systemd and the core operating system
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new tmpfiles snippet has been added that rebuilds the
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering essential files in /etc on boot, should they be missing.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A directive for ensuring automatic clean-up of
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering /var/cache/man/ has been removed from the default
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering configuration. This line should now be shipped by the man
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering implementation. The necessary change has been made to the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering man-db implementation. Note that you need to update your man
e6c6e7afffa80ad74efdb1ddfa815294624f1608Lennart Poettering implementation to one that ships this line, otherwise no
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering automatic clean-up of /var/cache/man will take place.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new condition ConditionNeedsUpdate= has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering may conditionalize services to only run when /etc or /var
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering are "older" than the vendor operating system resources in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /usr. This is useful for reconstructing or updating /etc
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering after an offline update of /usr or a factory reset, on the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering next reboot. Services that want to run once after such an
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering update or reset should use this condition and order
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering themselves before the new systemd-update-done.service, which
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering will mark the two directories as fully updated. A number of
e5ec62c56963d997edaffa904af5dc45dac23988Lennart Poettering service files have been added making use of this, to rebuild
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering the udev hardware database, the journald message catalog and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering dynamic loader cache (ldconfig). The systemd-sysusers tool
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering described above also makes use of this now. With this in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering place it is now possible to start up a minimal operating
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering system with /etc empty cleanly. For more information on the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering concepts involved see this recent blog story:
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering http://0pointer.de/blog/projects/stateless.html
b87b8b2b5205c0584da220f73322ea4732d44013Kay Sievers * A new system group "input" has been introduced, and all
b87b8b2b5205c0584da220f73322ea4732d44013Kay Sievers input device nodes get this group assigned. This is useful
c06bf414042cd1bf94e0af63e9e2a0c291bfc546Kay Sievers for system-level software to get access to input devices. It
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering complements what is already done for "audio" and "video".
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-networkd learnt minimal DHCPv4 server support in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering addition to the existing DHCPv4 client support. It also
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering learnt DHCPv6 client and IPv6 Router Solicitation client
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering support. The DHCPv4 client gained support for static routes
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering passed in from the server. Note that the [DHCPv4] section
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering known in older systemd-networkd versions has been renamed to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering [DHCP] and is now also used by the DHCPv6 client. Existing
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering .network files using settings of this section should be
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering updated, though compatibility is maintained. Optionally, the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering client hostname may now be sent to the DHCP server.
f47ec8ebb3858553dec870e1c596e39525f46360Lennart Poettering * networkd gained support for vxlan virtual networks as well
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering as tun/tap and dummy devices.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * networkd gained support for automatic allocation of address
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering ranges for interfaces from a system-wide pool of
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering addresses. This is useful for dynamically managing a large
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering number of interfaces with a single network configuration
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering file. In particular this is useful to easily assign
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering appropriate IP addresses to the veth links of a large number
f47ec8ebb3858553dec870e1c596e39525f46360Lennart Poettering of nspawn instances.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * RPM macros for processing sysusers, sysctl and binfmt
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering drop-in snippets at package installation time have been
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The /etc/os-release file should now be placed in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /usr/lib/os-release. The old location is automatically
601d9d6fb394a780765e80581daab850623e9698Josh Triplett created as symlink. /usr/lib is the more appropriate
601d9d6fb394a780765e80581daab850623e9698Josh Triplett location of this file, since it shall actually describe the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering vendor operating system shipped in /usr, and not the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering configuration stored in /etc.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * .mount units gained a new boolean SloppyOptions= setting
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that maps to mount(8)'s -s option which enables permissive
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering parsing of unknown mount options.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * tmpfiles learnt a new "L+" directive which creates a symlink
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering but (unlike "L") deletes a pre-existing file first, should
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering it already exist and not already be the correct
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering symlink. Similar, "b+", "c+" and "p+" directives have been
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering added as well, which create block and character devices, as
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering well as fifos in the filesystem, possibly removing any
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering pre-existing files of different types.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * For tmpfiles' "L", "L+", "C" and "C+" directives the final
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering 'argument' field (which so far specified the source to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering symlink/copy the files from) is now optional. If omitted the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering same file os copied from /usr/share/factory/ suffixed by the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering full destination path. This is useful for populating /etc
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering with essential files, by copying them from vendor defaults
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new command "systemctl preset-all" has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering applies the service preset settings to all installed unit
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering files. A new switch --preset-mode= has been added that
8b04b925e587ff56568c62ff5ad3f2ea2b34ca7aLennart Poettering controls whether only enable or only disable operations
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering shall be executed.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new command "systemctl is-system-running" has been added
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering that allows checking the overall state of the system, for
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering example whether it is fully up and running.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * When the system boots up with an empty /etc, the equivalent
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering to "systemctl preset-all" is executed during early boot, to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering make sure all default services are enabled after a factory
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers * systemd now contains a minimal preset file that enables the
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers most basic services systemd ships by default.
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers * Unit files' [Install] section gained a new DefaultInstance=
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers field for defining the default instance to create if a
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers template unit is enabled with no instance specified.
7a43e910ce00eef22fd42925ae4c85cbea1b1320Kay Sievers * A new passive target cryptsetup-pre.target has been added
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers that may be used by services that need to make they run and
c55b1b59b837dfd924b704d457ed77c55f8bfeabLennart Poettering finish before the first LUKS cryptographic device is set up.
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering * The /dev/loop-control and /dev/btrfs-control device nodes
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering are now owned by the "disk" group by default, opening up
9ec82de1725ddaab333149171b790d62c47ae133Lennart Poettering access to this group.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering * systemd-coredump will now automatically generate a
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering stack trace of all core dumps taking place on the system,
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering based on elfutils' libdw library. This stack trace is logged
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering to the journal.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering * systemd-coredump may now optionally store coredumps directly
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering on disk (in /var/lib/systemd/coredump, possibly compressed),
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering instead of storing them unconditionally in the journal. This
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering mode is the new default. A new configuration file
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering /etc/systemd/coredump.conf has been added to configure this
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering and other parameters of systemd-coredump.
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering * coredumpctl gained a new "info" verb to show details about a
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering specific coredump. A new switch "-1" has also been added
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering that makes sure to only show information about the most
603cd8fe07cb03e8b11722d1a732e569e5a46347Lennart Poettering recent entry instead of all entries. Also, as the tool is
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering generally useful now the "systemd-" prefix of the binary
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering name has been removed. Distributions that want to maintain
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering compatibility with the old name should add a symlink from
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering the old name to the new name.
9b27910bb0c23e5225fc1177176e4f9bf9bf787bLennart Poettering * journald's SplitMode= now defaults to "uid". This makes sure
9b27910bb0c23e5225fc1177176e4f9bf9bf787bLennart Poettering that unprivileged users can access their own coredumps with
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering coredumpctl without restrictions.
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers * New kernel command line options "systemd.wants=" (for
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers pulling an additional unit during boot), "systemd.mask="
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers (for masking a specific unit for the boot), and
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers "systemd.debug-shell" (for enabling the debug shell on tty9)
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers have been added. This is implemented in the new generator
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers "systemd-debug-generator".
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers * systemd-nspawn will now by default filter a couple of
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers syscalls for containers, among them those required for
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering kernel module loading, direct x86 IO port access, swap
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering management, and kexec. Most importantly though
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering open_by_handle_at() is now prohibited for containers,
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering closing a hole similar to a recently discussed vulnerability
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering in docker regarding access to files on file hierarchies the
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering container should normally not have access to. Note that for
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering nspawn we generally make no security claims anyway (and
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering this is explicitly documented in the man page), so this is
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering just a fix for one of the most obvious problems.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new man page file-hierarchy(7) has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering contains a minimized, modernized version of the file system
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering layout systemd expects, similar in style to the FHS
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering specification or hier(5). A new tool systemd-path(1) has
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering been added to query many of these paths for the local
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering machine and user.
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering longer done. Since the directory now has a per-user size
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering limit, and is cleaned on logout this appears unnecessary,
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering in particular since this now brings the lifecycle of this
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering directory closer in line with how IPC objects are handled.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd.pc now exports a number of additional directories,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering including $libdir (which is useful to identify the library
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering path for the primary architecture of the system), and a
5f1dac6bf605871615b35891a3966fa474db5b20Lennart Poettering couple of drop-in directories.
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering * udev's predictable network interface names now use the dev_port
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering sysfs attribute, introduced in linux 3.15 instead of dev_id to
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering distinguish between ports of the same PCI function. dev_id should
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering only be used for ports using the same HW address, hence the need
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering * machined has been updated to export the OS version of a
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering container (read from /etc/os-release and
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering /usr/lib/os-release) on the bus. This is now shown in
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering "machinectl status" for a machine.
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering * A new service setting RestartForceExitStatus= has been
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering added. If configured to a set of exit signals or process
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering return values, the service will be restarted when the main
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering daemon process exits with any of them, regardless of the
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering Restart= setting.
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering * systemctl's -H switch for connecting to remote systemd
d87be9b0af81a6e07d4fb3028e45c4409100dc26Lennart Poettering machines has been extended so that it may be used to
d87be9b0af81a6e07d4fb3028e45c4409100dc26Lennart Poettering directly connect to a specific container on the
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering host. "systemctl -H root@foobar:waldi" will now connect as
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering user "root" to host "foobar", and then proceed directly to
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the container named "waldi". Note that currently you have to
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering authenticate as user "root" for this to work, as entering
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering containers is a privileged operation.
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering Contributions from: Andreas Henriksson, Benjamin Steinwender,
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
918943c75fbd9dee87ff396de3a7c63a8d228433Lennart Poettering -- Berlin, 2014-07-03
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart PoetteringCHANGES WITH 214:
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering * As an experimental feature, udev now tries to lock the
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering disk device node (flock(LOCK_SH|LOCK_NB)) while it
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering executes events for the disk or any of its partitions.
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering Applications like partitioning programs can lock the
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering disk device node (flock(LOCK_EX)) and claim temporary
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering device ownership that way; udev will entirely skip all event
88a6c5894c9d3f85d63b87b040c130366b4006ceKay Sievers handling for this disk and its partitions. If the disk
8351ceaea9480d9c2979aa2ff0f4982cfdfef58dLennart Poettering was opened for writing, the close will trigger a partition
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering table rescan in udev's "watch" facility, and if needed
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering synthesize "change" events for the disk and all its partitions.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering This is now unconditionally enabled, and if it turns out to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering cause major problems, we might turn it on only for specific
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering devices, or might need to disable it entirely. Device Mapper
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering devices are excluded from this logic.
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering * We temporarily dropped the "-l" switch for fsck invocations,
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering since they collide with the flock() logic above. util-linux
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering upstream has been changed already to avoid this conflict,
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering and we will readd "-l" as soon as util-linux with this
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering change has been released.
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering * The dependency on libattr has been removed. Since a long
59cea26a349cfa8db906b520dac72563dd773ff2Lennart Poettering time, the extended attribute calls have moved to glibc, and
35eb6b124ebdf82bd77aad6e44962a9a039c4d33Lennart Poettering libattr is thus unnecessary.
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering * Virtualization detection works without priviliges now. This
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering means the systemd-detect-virt binary no longer requires
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering CAP_SYS_PTRACE file capabilities, and our daemons can run
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers with fewer privileges.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * systemd-networkd now runs under its own "systemd-network"
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers loses the ability to write to files owned by root this way.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * Similar, systemd-resolved now runs under its own
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers "systemd-resolve" user with no capabilities remaining.
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering * Similar, systemd-bus-proxyd now runs under its own
06dab8e18aebf822392c7ca66c5bf3c1200fdec8Lennart Poettering "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
e01a15b71e18bf2008aec7e75041ffa42eb80b80Kay Sievers * systemd-networkd gained support for setting up "veth"
a888b352eb53b07daa24fa859ceeb254336b293dLennart Poettering virtual ethernet devices for container connectivity, as well
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers as GRE and VTI tunnels.
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers * systemd-networkd will no longer automatically attempt to
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers manually load kernel modules necessary for certain tunnel
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers transports. Instead, it is assumed the kernel loads them
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers automatically when required. This only works correctly on
b8217b7bd5fd171916a095b150fad4c3a37f5a41Kay Sievers very new kernels. On older kernels, please consider adding
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers the kernel modules to /etc/modules-load.d/ as a work-around.
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering * The resolv.conf file systemd-resolved generates has been
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering moved to /run/systemd/resolve/. If you have a symlink from
bd08f2422491169e92dc0899d5ba848fcae4c15cLennart Poettering /etc/resolv.conf, it might be necessary to correct it.
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering * Two new service settings, ProtectHome= and ProtectSystem=,
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering have been added. When enabled, they will make the user data
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering (such as /home) inaccessible or read-only and the system
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering (such as /usr) read-only, for specific services. This allows
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering very light-weight per-service sandboxing to avoid
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering modifications of user data or system files from
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering services. These two new switches have been enabled for all
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering of systemd's long-running services, where appropriate.
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering * Socket units gained new SocketUser= and SocketGroup=
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering settings to set the owner user and group of AF_UNIX sockets
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering and FIFOs in the file system.
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering * Socket units gained a new RemoveOnStop= setting. If enabled,
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering all FIFOS and sockets in the file system will be removed
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering when the specific socket unit is stopped.
4cbd9ecf45f64c3a9acc99d473fbf3be3687ae24Lennart Poettering * Socket units gained a new Symlinks= setting. It takes a list
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering of symlinks to create to file system sockets or FIFOs
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering created by the specific Unix sockets. This is useful to
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers manage symlinks to socket nodes with the same life-cycle as
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers the socket itself.
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering * The /dev/log socket and /dev/initctl FIFO have been moved to
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering /run, and have been replaced by symlinks. This allows
de6c78f8795743894431a099d26ec562a8acf3dfLennart Poettering connecting to these facilities even if PrivateDevices=yes is
7d441ddb5ca090b5a97f58ac4b4d97b3e84fa81eLennart Poettering used for a service (which makes /dev/log itself unavailable,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering but /run is left). This also has the benefit of ensuring
14e639ae7a1dbf156273ce697d30fbc6c6594209Lennart Poettering that /dev only contains device nodes, directories and
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering symlinks, and nothing else.
d3c7d7dd77b2b72315164b672462825cef6c0f9aKay Sievers * sd-daemon gained two new calls sd_pid_notify() and
72b9ed828bd22f3ddd74b6853c183eebf006d6d8Lennart Poettering sd_pid_notifyf(). They are similar to sd_notify() and
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering sd_notifyf(), but allow overriding of the source PID of
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering notification messages if permissions permit this. This is
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering useful to send notify messages on behalf of a different
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering process (for example, the parent process). The
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering systemd-notify tool has been updated to make use of this
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering when sending messages (so that notification messages now
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering originate from the shell script invoking systemd-notify and
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering not the systemd-notify process itself. This should minimize
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering a race where systemd fails to associate notification
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering messages to services when the originating process already
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering * A new "on-abnormal" setting for Restart= has been added. If
8d0e38a2b966799af884e78a54fd6a2dffa44788Lennart Poettering set, it will result in automatic restarts on all "abnormal"
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering reasons for a process to exit, which includes unclean
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering signals, core dumps, timeouts and watchdog timeouts, but
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering does not include clean and unclean exit codes or clean
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering signals. Restart=on-abnormal is an alternative for
a012ab5293a28af93454b3105ca85ca148b1c11fDave Reisner Restart=on-failure for services that shall be able to
a012ab5293a28af93454b3105ca85ca148b1c11fDave Reisner terminate and avoid restarts on certain errors, by
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering indicating so with an unclean exit code. Restart=on-failure
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering or Restart=on-abnormal is now the recommended setting for
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering all long-running services.
916abb21d0a6653e0187b91591e492026886b0a4Lennart Poettering * If the InaccessibleDirectories= service setting points to a
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering mount point (or if there are any submounts contained within
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering it), it is now attempted to completely unmount it, to make
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering the file systems truly unavailable for the respective
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The ReadOnlyDirectories= service setting and
b23de6af893c11da4286bc416455cd0926d1532eLennart Poettering systemd-nspawn's --read-only parameter are now recursively
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering applied to all submounts, too.
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering * Mount units may now be created transiently via the bus APIs.
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering * The support for SysV and LSB init scripts has been removed
796b06c21b62d13c9021e2fbd9c58a5c6edb2764Kay Sievers from the systemd daemon itself. Instead, it is now
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering implemented as a generator that creates native systemd units
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering from these scripts when needed. This enables us to remove a
7a2a0b907b5cc60f5d9a871997d7d6e7f62bf4d8Lennart Poettering substantial amount of legacy code from PID 1, following the
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering fact that many distributions only ship a very small number
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering of LSB/SysV init scripts nowadays.
8bbabc447b1d913bd21faf97c7b17d20d315d2b4Lennart Poettering * Priviliged Xen (dom0) domains are not considered
f530371f1f85a070d7d0fb5112146a43533ae00bLennart Poettering virtualization anymore by the virtualization detection
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering logic. After all, they generally have unrestricted access to
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering the hardware and usually are used to manage the unprivileged
a73d88fa024b5668ed7dde681e99547d41e6a864Lennart Poettering (domU) domains.
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering * systemd-tmpfiles gained a new "C" line type, for copying
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering files or entire directories.
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering * systemd-tmpfiles "m" lines are now fully equivalent to "z"
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering lines. So far, they have been non-globbing versions of the
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering latter, and have thus been redundant. In future, it is
73090dc815390f4fca4e3ed8a7e1d3806605daaaLennart Poettering recommended to only use "z". "m" has hence been removed
44143309dd0b37d61d7d842ca58f01a65646ec71Kay Sievers from the documentation, even though it stays supported.
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering * A tmpfiles snippet to recreate the most basic structure in
3f7a8c4e9f1d3ce48919e24eb2c9d56dd6fd88d8Kay Sievers /var has been added. This is enough to create the /var/run →
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering /run symlink and create a couple of structural
2791a8f8dc8764a9247cdba3562bd4c04010f144Lennart Poettering directories. This allows systems to boot up with an empty or
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering volatile /var. Of course, while with this change, the core OS
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering now is capable with dealing with a volatile /var, not all
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering user services are ready for it. However, we hope that sooner
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering or later, many service daemons will be changed upstream so
c32e0c40f7e706e3ebcd101187d5ced96f083491Lennart Poettering that they are able to automatically create their necessary