NEWS revision b938cb902c3b5bca807a94b277672c64d6767886
d657c51f14601d0235434ffb78cf6ac0f27cc83cLennart Poetteringsystemd System and Service Manager
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart PoetteringCHANGES WITH 227:
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * systemd now depends on util-linux v2.27. More specifically,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering the newly added mount monitor feature in libmount now
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering replaces systemd's former own implementation.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * libmount mandates /etc/mtab not to be regular file, and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering systemd now enforces this condition at early boot.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering /etc/mtab has been deprecated and warned about for a very
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering long time, so systems running systemd should already have
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering stopped having this file around as anything else than a
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Support for the "pids" cgroup controller has been added. It
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering allows accounting the number of tasks in a cgroup and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering enforcing limits on it. This adds two new setting
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering TasksAccounting= and TasksMax= to each unit, as well as a
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering global option DefaultTasksAccounting=.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Support for the "net_cls" cgroup controller has been added.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering It allows assigning a net class ID to each task in the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering cgroup, which can then be used in firewall rules and traffic
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering shaping configurations. Note that the kernel netfilter net
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering class code does not currently work reliably for ingress
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering packets on unestablished sockets.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering This adds a new config directive called NetClass= to CGroup
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering enabled units. Allowed values are positive numbers for fixed
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering assignments and "auto" for picking a free value
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering automatically.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * 'systemctl is-system-running' now returns 'offline' if the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering system is not booted with systemd. This command can now be
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering used as a substitute for 'systemd-notify --booted'.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Watchdog timeouts have been increased to 3 minutes for all
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering in-tree service files. Apparently, disk IO issues are more
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering frequent than we hoped, and user reported >1 minute waiting
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * 'machine-id-commit' functionality has been merged into
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering 'machine-id-setup --commit'. The separate binary has been
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The WorkingDirectory= directive in unit files may now be set
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering to the special value '~'. In this case, the working
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering directory is set to the home directory of the user
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering configured in User=.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * "machinectl shell" will now open the shell in the home
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering directory of the selected user by default.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The CrashChVT= configuration file setting is renamed to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering CrashChangeVT=, following our usual logic of not
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering abbreviating unnecessarily. The old directive is still
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering supported for compat reasons. Also, this directive now takes
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering an integer value between 1 and 63, or a boolean value. The
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering formerly supported '-1' value for disabling stays around for
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering compat reasons.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering NoNewPrivileges=, TTYPath=, WorkingDirectory= and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering RootDirectory= properties can now be set for transient
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering * The systemd-analyze tool gained a new "set-log-target" verb
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering to change the logging target the system manager logs to
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering dynamically during runtime. This is similar to how
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering "systemd-analyze set-log-level" already changes the log
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * In nspawn /sys is now mounted as tmpfs, with only a selected
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering set of subdirectories mounted in from the real sysfs. This
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering enhances security slightly, and is useful for ensuring user
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering namespaces work correctly.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * Support for USB FunctionFS activation has been added. This
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering allows implementation of USB gadget services that are
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering activated as soon as they are requested, so that they don't
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering have to run continously, similar to classic socket
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The "systemctl exit" command now optionally takes an
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering additional parameter that sets the exit code to return from
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering the systemd manager when exiting. This is only relevant when
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering running the systemd user instance, or when running the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering system instance in a container.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * sd-bus gained the new API calls sd_bus_path_encode_many()
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering and sd_bus_path_decode_many() that allow easy encoding and
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering decoding of multiple identifier strings inside a D-Bus
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering object path. Another new call sd_bus_default_flush_close()
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering has been added to flush and close per-thread default
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * systemd-cgtop gained support for a -M/--machine= switch to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering show the control groups within a certain container only.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * "systemctl kill" gained support for an optional --fail
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering switch. If specified the requested operation will fail of no
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering processes have been killed, because the unit had no
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering processes attached, or similar.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * A new systemd.crash_reboot=1 kernel command line option has
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering been added that triggers a reboot after crashing. This can
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering also be set through CrashReboot= in systemd.conf.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * The RuntimeDirectory= setting now understands unit
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering specifiers like %i or %f.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * A new (still internal) libary API sd-ipv4acd has been added,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering that implements address conflict detection for IPv4. It's
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering based on code from sd-ipv4ll, and will be useful for
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering detecting DHCP address conflicts.
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering * File descriptors passed during socket activation may now be
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering named. A new API sd_listen_fds_with_names() is added to
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering access the names. The default names may be overriden,
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering either in the .socket file using the FileDescriptorName=
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering parameter, or by passing FDNAME= when storing the file
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering descriptors using sd_notify().
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering * systemd-networkd gained support for:
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering - Setting the IPv6 Router Advertisment settings via
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering IPv6AcceptRouterAdvertisements= in .network files.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering - Configuring the HelloTimeSec=, MaxAgeSec= and
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering ForwardDelaySec= bridge parameters in .netdev files.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering - Configuring PreferredSource= for static routes in
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering .network files.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * The "ask-password" framework used to query for LUKS harddisk
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering passwords or SSL passwords during boot gained support for
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering caching passwords in the kernel keyring, if it is
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering available. This makes sure that the user only has to type in
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering a passphrase once if there are multiple objects to unlock
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering with the same one. Previously, such password caching was
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering available only when Plymouth was used; this moves the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering caching logic into the systemd codebase itself. The
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering "systemd-ask-password" utility gained a new --keyname=
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering switch to control which kernel keyring key to use for
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering caching a password in. This functionality is also useful for
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering enabling display managers such as gdm to automatically
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering unlock the user's GNOME keyring if its passphrase, the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering user's password and the harddisk password are the same, if
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering gdm-autologin is used.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * When downloading tar or raw images using "machinectl
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering pull-tar" or "machinectl pull-raw", a matching ".nspawn"
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering file is now also downloaded, if it is available and stored
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering next to the image file.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * Units of type ".socket" gained a new boolean setting
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Writable= which is only useful in conjunction with
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering ListenSpecial=. If true, enables opening the specified
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering special file in O_RDWR mode rather than O_RDONLY mode.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * systemd-rfkill has been reworked to become a singleton
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering service that is activated through /dev/rfkill on each rfkill
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering state change and saves the settings to disk. This way,
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering systemd-rfkill is now compatible with devices that exist
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering only intermittendly, and even restores state if the previous
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering system shutdown was abrupt rather than clean.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * The journal daemon gained support for vacuuming old journal
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering files controlled by the number of files that shall remain,
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering in addition to the already existing control by size and by
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering date. This is useful as journal interleaving performance
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering degrades with too many seperate journal files, and allows
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering putting an effective limit on them. The new setting defaults
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering to 100, but this may be changed by setting SystemMaxFiles=
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering and RuntimeMaxFiles= in journald.conf. Also, the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering "journalctl" tool gained the new --vacuum-files= switch to
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering manually vacuum journal files to leave only the specified
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering number of files in place.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * udev will now create /dev/disk/by-path links for ATA devices
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering on kernels where that is supported.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering * Galician, Serbian, Turkish and Korean translations were added.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering Zbigniew Jędrzejewski-Szmek, Марко М. Костић
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering -- Berlin, 2015-10-07
c269cec334f940d82146f70d69125b1caef08baaLennart PoetteringCHANGES WITH 226:
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * The DHCP implementation of systemd-networkd gained a set of
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering - The DHCP server now supports emitting DNS and NTP
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering information. It may be enabled and configured via
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering and NTP information is enabled, but no servers are
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering configured, the corresponding uplink information (if there
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering is any) is propagated.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering - Server and client now support transmission and reception
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering of timezone information. It can be configured via the
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering newly introduced network options UseTimezone=,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering EmitTimezone=, and Timezone=. Transmission of timezone
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering information is enabled between host and containers by
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering default now: the container will change its local timezone
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering to what the host has set.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering - Lease timeouts can now be configured via
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering - The DHCP server improved on the stability of
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering leases. Clients are more likely to get the same lease
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering information back, even if the server loses state.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering - The DHCP server supports two new configuration options to
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering control the lease address pool metrics, PoolOffset= and
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * The encapsulation limit of tunnels in systemd-networkd may
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering now be configured via 'EncapsulationLimit='. It allows
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering modifying the maximum additional levels of encapsulation
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering that are permitted to be prepended to a packet.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd now supports the concept of user buses replacing
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering session buses, if used with dbus-1.10 (and enabled via dbus
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering --enable-user-session). It previously only supported this on
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering kdbus-enabled systems, and this release expands this to
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering 'dbus-daemon' systems.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd-networkd now supports predictable interface names
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering for virtio devices.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering * systemd now optionally supports the new Linux kernel
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering "unified" control group hierarchy. If enabled via the kernel
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering command-line option 'systemd.unified_cgroup_hierarchy=1',
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering systemd will try to mount the unified cgroup hierarchy
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering directly on /sys/fs/cgroup. If not enabled, or not
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering available, systemd will fall back to the legacy cgroup
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering hierarchy setup, as before. Host system and containers can
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering mix and match legacy and unified hierarchies as they
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering wish. nspawn understands the $UNIFIED_CROUP_HIERARCHY
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering environment variable to individually select the hierarchy to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering use for executed containers. By default, nspawn will use the
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering unified hierarchy for the containers if the host uses the
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering unified hierarchy, and the legacy hierarchy otherwise.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Please note that at this point the unified hierarchy is an
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering experimental kernel feature and is likely to change in one
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering of the next kernel releases. Therefore, it should not be
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering enabled by default in downstream distributions yet. The
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering minimum required kernel version for the unified hierarchy to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering work is 4.2. Note that when the unified hierarchy is used
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering for the first time delegated access to controllers is
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering safe. Because of this systemd-nspawn containers will get
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering access to controllers now, as will systemd user
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering sessions. This means containers and user sessions may now
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering manage their own resources, partitioning up what the system
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * A new special scope unit "init.scope" has been introduced
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering that encapsulates PID 1 of the system. It may be used to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering determine resource usage and enforce resource limits on PID
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering 1 itself. PID 1 hence moved out of the root of the control
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * The cgtop tool gained support for filtering out kernel
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering threads when counting tasks in a control group. Also, the
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering count of processes is now recursively summed up by
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering default. Two options -k and --recursive= have been added to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering revert to old behaviour. The tool has also been updated to
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering work correctly in containers now.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * systemd-nspawn's --bind= and --bind-ro= options have been
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering extended to allow creation of non-recursive bind mounts.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * libsystemd gained two new calls sd_pid_get_cgroup() and
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering sd_peer_get_cgroup() which return the control group path of
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering a process or peer of a connected AF_UNIX socket. This
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering function call is particularly useful when implementing
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering delegated subtrees support in the control group hierarchy.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * The "sd-event" event loop API of libsystemd now supports
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering correct dequeuing of real-time signals, without losing
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering signal events.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * When systemd requests a PolicyKit decision when managing
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering units it will now add additional fields to the request,
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering including unit name and desired operation. This enables more
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering powerful PolicyKit policies, that make decisions depending
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering on these parameters.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering * nspawn learnt support for .nspawn settings files, that may
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering accompany the image files or directories of containers, and
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering may contain additional settings for the container. This is
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering an alternative to configuring container parameters via the
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering nspawn command line.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Contributions from: Cristian Rodríguez, Daniel Mack, David
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Andersen, Tom Gundersen, Torstein Husebø
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering -- Berlin, 2015-09-08
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringCHANGES WITH 225:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * machinectl gained a new verb 'shell' which opens a fresh
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering shell on the target container or the host. It is similar to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering the existing 'login' command of machinectl, but spawns the
d1f9edafe7b832c507931640f32069d001916b0eLennart Poettering shell directly without prompting for username or
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering password. The pseudo machine '.host' now refers to the local
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering host and is used by default. Hence, 'machinectl shell' can
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering be used as replacement for 'su -' which spawns a session as
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering a fresh systemd unit in a way that is fully isolated from
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering the originating session.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-networkd learned to cope with private-zone DHCP
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering options and allows other programs to query the values.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * SELinux access control when enabling/disabling units is no
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering longer enforced with this release. The previous
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering implementation was incorrect, and a new corrected
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering implementation is not yet available. As unit file operations
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering are still protected via PolicyKit and D-Bus policy this is
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering not a security problem. Yet, distributions which care about
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering optimal SELinux support should probably not stabilize on
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * sd-bus gained support for matches of type "arg0has=", that
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering test for membership of strings in string arrays sent in bus
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-resolved now dumps the contents of its DNS and LLMNR
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering caches to the logs on reception of the SIGUSR1 signal. This
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering is useful to debug DNS behaviour.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The coredumpctl tool gained a new --directory= option to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering operate on journal files in a specific directory.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * "systemctl reboot" and related commands gained a new
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "--message=" option which may be used to set a free-text
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering wall message when shutting down or rebooting the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering system. This message is also logged, which is useful for
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering figuring out the reason for a reboot or shutdown a
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The "systemd-resolve-host" tool's -i switch now takes
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering network interface numbers as alternative to interface names.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * A new unit file setting for services has been introduced:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering UtmpMode= allows configuration of how precisely systemd
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering handles utmp and wtmp entries for the service if this is
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering enabled. This allows writing services that appear similar to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering user sessions in the output of the "w", "who", "last" and
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "lastlog" tools.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-resolved will now locally synthesize DNS resource
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering records for the "localhost" and "gateway" domains as well as
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering the local hostname. This should ensure that clients querying
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering RRs via resolved will get similar results as those going via
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering NSS, if nss-myhostname is enabled.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Contributions from: Alastair Hughes, Alex Crawford, Daniel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering WaLyong Cho, Zbigniew Jędrzejewski-Szmek
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering -- Berlin, 2015-08-27
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringCHANGES WITH 224:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The systemd-efi-boot-generator functionality was merged into
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering systemd-gpt-auto-generator.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-networkd now supports Group Policy for vxlan
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering devices. It can be enabled via the new boolean configuration
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering option called 'GroupPolicyExtension='.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering -- Berlin, 2015-07-31
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringCHANGES WITH 223:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The python-systemd code has been removed from the systemd repository.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering A new repository has been created which accommodates the code from
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering now on, and we kindly ask distributions to create a separate package
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering for this: https://github.com/systemd/python-systemd
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * The systemd daemon will now reload its main configuration
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering (/etc/systemd/system.conf) on daemon-reload.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * sd-dhcp now exposes vendor specific extensions via
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering sd_dhcp_lease_get_vendor_specific().
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-networkd gained a number of new configuration options.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - A new boolean configuration option for TAP devices called
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering device, thus allowing to send and receive GSO packets.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - A new tunnel configuration option called 'CopyDSCP='.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering If enabled, the DSCP field of ip6 tunnels is copied into the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering decapsulated packet.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - A set of boolean bridge configuration options were added.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering and 'UnicastFlood=' are now parsed by networkd and applied to the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering respective bridge link device via the respective IFLA_BRPORT_*
5b00c0168be6e7b11db7b26fc1712cd6cda3c2e3Lennart Poettering netlink attribute.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - A new string configuration option to override the hostname sent
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering to a DHCP server, called 'Hostname='. If set and 'SendHostname='
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering is true, networkd will use the configured hostname instead of the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering system hostname when sending DHCP requests.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering networkd will configure the IPv6 flow-label of the tunnel device
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering according to RFC2460.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering - The 'macvtap' virtual network devices are now supported, similar to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering the already supported 'macvlan' devices.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering * systemd-resolved now implements RFC5452 to improve resilience against
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering cache poisoning. Additionally, source port randomization is enabled
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering by default to further protect against DNS spoofing attacks.
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering * nss-mymachines now supports translating UIDs and GIDs of running
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering containers with user-namespaces enabled. If a container 'foo'
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering translates a host uid 'UID' to the container uid 'TUID', then
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers mapped as 'vg-foo-TGID'.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers -- Berlin, 2015-07-29
2d1972857b7bd19b4a74a8f80865749a8082f32aKay SieversCHANGES WITH 222:
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering There are no known issues with current sysfs, and udev does not need
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering or should be used to work around such bugs.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering * udev does no longer enable USB HID power management. Several reports
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering indicate, that some devices cannot handle that setting.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering * The udev accelerometer helper was removed. The functionality
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering is now fully included in iio-sensor-proxy. But this means,
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering older iio-sensor-proxy versions will no longer provide
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering accelerometer/orientation data with this systemd version.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering Please upgrade iio-sensor-proxy to version 1.0.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering * networkd gained a new configuration option IPv6PrivacyExtensions=
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering for Stateless Address") on selected networks.
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering * For the sake of fewer build-time dependencies and less code in the
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering main repository, the python bindings are about to be removed in the
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering next release. A new repository has been created which accommodates
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering the code from now on, and we kindly ask distributions to create a
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers separate package for this. The removal will take place in v223.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
07cd4fc16806783d3b6b3008db222ac6a024805cKay Sievers daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
91cf7e5c37f97c6eb29966fac0afcbaa6662e05dTollef Fog Heen Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
64661ee70d5a10c6208a1cb66ecd8b158e2d8bc5Kay Sievers Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
2d13da8821b8197e62f819b5b996750800e910abKay Sievers Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
2d13da8821b8197e62f819b5b996750800e910abKay Sievers Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
2d13da8821b8197e62f819b5b996750800e910abKay Sievers Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers -- Berlin, 2015-07-07
194bbe33382f5365be3865ed1779147cb680f1d3Kay SieversCHANGES WITH 221:
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The sd-bus.h and sd-event.h APIs have now been declared
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers stable and have been added to the official interface of
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers libsystemd.so. sd-bus implements an alternative D-Bus client
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers library, that is relatively easy to use, very efficient and
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers supports both classic D-Bus as well as kdbus as transport
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers backend. sd-event is a generic event loop abstraction that
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers is built around Linux epoll, but adds features such as event
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers prioritization or efficient timer handling. Both APIs are good
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering choices for C programs looking for a bus and/or event loop
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers implementation that is minimal and does not have to be
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers portable to other kernels.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * kdbus support is no longer compile-time optional. It is now
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers always built-in. However, it can still be disabled at
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering runtime using the kdbus=0 kernel command line setting, and
9ae9afce6f53a872f4b01b9be13daa75833bd59eLennart Poettering that setting may be changed to default to off, by specifying
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers --disable-kdbus at build-time. Note though that the kernel
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers command line setting has no effect if the kdbus.ko kernel
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers module is not installed, in which case kdbus is (obviously)
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers also disabled. We encourage all downstream distributions to
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers begin testing kdbus by adding it to the kernel images in the
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers development distributions, and leaving kdbus support in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering systemd enabled.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The minimal required util-linux version has been bumped to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * Support for chkconfig (--enable-chkconfig) was removed in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering favor of calling an abstraction tool
49f43d5f91a99b23f745726aa351d8f159774357Ville Skyttä /lib/systemd/systemd-sysv-install. This needs to be
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering implemented for your distribution. See "SYSV INIT.D SCRIPTS"
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering in README for details.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * If there's a systemd unit and a SysV init script for the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering same service name, and the user executes "systemctl enable"
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering for it (or a related call), then this will now enable both
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering (or execute the related operation on both), not just the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The libudev API documentation has been converted from gtkdoc
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering into man pages.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * gudev has been removed from the systemd tree, it is now an
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering external project.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The systemd-cgtop tool learnt a new --raw switch to generate
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering "raw" (machine parsable) output.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * networkd's IPForwarding= .network file setting learnt the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering new setting "kernel", which ensures that networkd does not
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering change the IP forwarding sysctl from the default kernel
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The systemd-logind bus API now exposes a new boolean
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering property "Docked" that reports whether logind considers the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering system "docked", i.e. connected to a docking station or not.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Contributions from: Alex Crawford, Andreas Pokorny, Andrei
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
439d6dfd12f58d7230bcae06d73b841eb3bc588aLennart Poettering David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
439d6dfd12f58d7230bcae06d73b841eb3bc588aLennart Poettering Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Fink, Zbigniew Jędrzejewski-Szmek
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering -- Berlin, 2015-06-19
ea5943d3862cc690daa76e2ad336737407ec711cLennart PoetteringCHANGES WITH 220:
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The gudev library has been extracted into a separate repository
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering available at: https://git.gnome.org/browse/libgudev/
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering It is now managed as part of the Gnome project. Distributions
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering are recommended to pass --disable-gudev to systemd and use
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering gudev from the Gnome project instead. gudev is still included
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering in systemd, for now. It will be removed soon, though. Please
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering also see the announcement-thread on systemd-devel:
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd now exposes a CPUUsageNSec= property for each
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering service unit on the bus, that contains the overall consumed
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering CPU time of a service (the sum of what each process of the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering service consumed). This value is only available if
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering CPUAccounting= is turned on for a service, and is then shown
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering in the "systemctl status" output.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * Support for configuring alternative mappings of the old SysV
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering runlevels to systemd targets has been removed. They are now
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering hardcoded in a way that runlevels 2, 3, 4 all map to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering multi-user.target and 5 to graphical.target (which
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering previously was already the default behaviour).
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The auto-mounter logic gained support for mount point
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering expiry, using a new TimeoutIdleSec= setting in .automount
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * The EFI System Partition (ESP) as mounted to /boot by
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering systemd-efi-boot-generator will now be unmounted
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering automatically after 2 minutes of not being used. This should
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering minimize the risk of ESP corruptions.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * New /etc/fstab options x-systemd.requires= and
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering x-systemd.requires-mounts-for= are now supported to express
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering additional dependencies for mounts. This is useful for
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering journalling file systems that support external journal
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering devices or overlay file systems that require underlying file
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering systems to be mounted.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd does not support direct live-upgrades (via systemctl
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering daemon-reexec) from versions older than v44 anymore. As no
f8c0a2cb695e3b8140b51cb40637a09ba6eff48eLennart Poettering distribution we are aware of shipped such old versions in a
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering stable release this should not be problematic.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * When systemd forks off a new per-connection service instance
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering it will now set the $REMOTE_ADDR environment variable to the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering remote IP address, and $REMOTE_PORT environment variable to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering the remote IP port. This behaviour is similar to the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering corresponding environment variables defined by CGI.
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering * systemd-networkd gained support for uplink failure
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering detection. The BindCarrier= option allows binding interface
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering configuration dynamically to the link sense of other
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering interfaces. This is useful to achieve behaviour like in
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering network switches.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd-networkd gained support for configuring the DHCP
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering client identifier to use when requesting leases.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd-networkd now has a per-network UseNTP= option to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering configure whether NTP server information acquired via DHCP
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering is passed on to services like systemd-timesyncd.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * systemd-networkd gained support for vti6 tunnels.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering * Note that systemd-networkd manages the sysctl variable
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering it is configured for since v219. The variable controls IP
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering forwarding, and is a per-interface alternative to the global
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering /proc/sys/net/ipv[46]/ip_forward. This setting is
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering configurable in the IPForward= option, which defaults to
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering "no". This means if networkd is used for an interface it is
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering no longer sufficient to set the global sysctl option to turn
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering on IP forwarding! Instead, the .network file option
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering IPForward= needs to be turned on! Note that the
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering implementation of this behaviour was broken in v219 and has
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering been fixed in v220.
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering * Many bonding and vxlan options are now configurable in
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering systemd-networkd.
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering * systemd-nspawn gained a new --property= setting to set unit
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering properties for the container scope. This is useful for
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering setting resource parameters (e.g "CPUShares=500") on
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering containers started from the command line.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn gained a new --private-users= switch to make
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering use of user namespacing available on recent Linux kernels.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn may now be called as part of a shell pipeline
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering in which case the pipes used for stdin and stdout are passed
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering directly to the process invoked in the container, without
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering indirection via a pseudo tty.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn gained a new switch to control the UNIX
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering signal to use when killing the init process of the container
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering when shutting down.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-nspawn gained a new --overlay= switch for mounting
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering overlay file systems into the container using the new kernel
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering overlayfs support.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * When a container image is imported via systemd-importd and
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering the host file system is not btrfs, a loopback block device
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering file is created in /var/lib/machines.raw with a btrfs file
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering system inside. It is then mounted to /var/lib/machines to
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering enable btrfs features for container management. The loopback
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering file and btrfs file system is grown as needed when container
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering images are imported via systemd-importd.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-machined/systemd-importd gained support for btrfs
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering quota, to enforce container disk space limits on disk. This
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering is exposed in "machinectl set-limit".
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-importd now can import containers from local .tar,
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering .raw and .qcow2 images, and export them to .tar and .raw. It
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering can also import dkr v2 images now from the network (on top
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering of v1 as before).
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-importd gained support for verifying downloaded
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering images with gpg2 (previously only gpg1 was supported).
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-machined, systemd-logind, systemd: most bus calls
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering are now accessible to unprivileged processes via
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering PolicyKit. Also, systemd-logind will now allow users to kill
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering their own sessions without further privileges or
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering authorization.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering * systemd-shutdownd has been removed. This service was
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering previously responsible for implementing scheduled shutdowns
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering as exposed in /usr/bin/shutdown's time parameter. This
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering functionality has now been moved into systemd-logind and is
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering accessible via a bus interface.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering * "systemctl reboot" gained a new switch --firmware-setup that
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering can be used to reboot into the EFI firmware setup, if that
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering is available. systemd-logind now exposes an API on the bus
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering to trigger such reboots, in case graphical desktop UIs want
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering to cover this functionality.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering * "systemctl enable", "systemctl disable" and "systemctl mask"
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering now support a new "--now" switch. If specified the units
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering that are enabled will also be started, and the ones
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * The Gummiboot EFI boot loader tool has been merged into
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering systemd, and renamed to "systemd-boot". The bootctl tool has been
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering updated to support systemd-boot.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * An EFI kernel stub has been added that may be used to create
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering kernel EFI binaries that contain not only the actual kernel,
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering but also an initrd, boot splash, command line and OS release
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering information. This combined binary can then be signed as a
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering single image, so that the firmware can verify it all in one
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering step. systemd-boot has special support for EFI binaries created
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering like this and can extract OS release information from them
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering and show them in the boot menu. This functionality is useful
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering to implement cryptographically verified boot schemes.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * Optional support has been added to systemd-fsck to pass
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering fsck's progress report to an AF_UNIX socket in the file
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering * udev will no longer create device symlinks for all block
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering devices by default. A blacklist for excluding special block
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers devices from this logic has been turned into a whitelist
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers that requires picking block devices explicitly that require
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers device symlinks.
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers * A new (currently still internal) API sd-device.h has been
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering added to libsystemd. This modernized API is supposed to
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering replace libudev eventually. In fact, already much of libudev
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering is now just a wrapper around sd-device.h.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * A new hwdb database for storing metadata about pointing
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering stick devices has been added.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * systemd-tmpfiles gained support for setting file attributes
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering similar to the "chattr" tool with new 'h' and 'H' lines.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * systemd-journald will no longer unconditionally set the
ccd07a083e8040a5bb091c5036ab1b4493ff8363Lennart Poettering btrfs NOCOW flag on new journal files. This is instead done
ccd07a083e8040a5bb091c5036ab1b4493ff8363Lennart Poettering with tmpfiles snippet using the new 'h' line type. This
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering allows easy disabling of this logic, by masking the
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering * systemd-journald will now translate audit message types to
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering human readable identifiers when writing them to the
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering journal. This should improve readability of audit messages.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering * The LUKS logic gained support for the offset= and skip=
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering options in /etc/crypttab, as previously implemented by
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering * /usr/lib/os-release gained a new optional field VARIANT= for
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering distributions that support multiple variants (such as a
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering desktop edition, a server edition, ...)
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Michael Biebl, Michael Marineau, Michael Olbrich, Michal
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering -- Berlin, 2015-05-22
220a21d38f675eb835f5758e3d23e896573aa5eaLennart PoetteringCHANGES WITH 219:
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * Introduce a new API "sd-hwdb.h" for querying the hardware
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering metadata database. With this minimal interface one can query
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering and enumerate the udev hwdb, decoupled from the old libudev
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering library. libudev's interface for this is now only a wrapper
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering around sd-hwdb. A new tool systemd-hwdb has been added to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering interface with and update the database.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * When any of systemd's tools copies files (for example due to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering tmpfiles' C lines) a btrfs reflink will attempted first,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering before bytewise copying is done.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd-nspawn gained a new --ephemeral switch. When
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering specified a btrfs snapshot is taken of the container's root
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering directory, and immediately removed when the container
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering terminates again. Thus, a container can be started whose
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering changes never alter the container's root directory, and are
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering lost on container termination. This switch can also be used
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering for starting a container off the root file system of the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering host without affecting the host OS. This switch is only
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering available on btrfs file systems.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd-nspawn gained a new --template= switch. It takes the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering path to a container tree to use as template for the tree
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering specified via --directory=, should that directory be
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering missing. This allows instantiating containers dynamically,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering on first run. This switch is only available on btrfs file
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * When a .mount unit refers to a mount point on which multiple
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering mounts are stacked, and the .mount unit is stopped all of
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering the stacked mount points will now be unmounted until no
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering mount point remains.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd now has an explicit notion of supported and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering unsupported unit types. Jobs enqueued for unsupported unit
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering types will now fail with an "unsupported" error code. More
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering specifically .swap, .automount and .device units are not
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering supported in containers, .busname units are not supported on
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering non-kdbus systems. .swap and .automount are also not
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering supported if their respective kernel compile time options
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * machinectl gained support for two new "copy-from" and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering "copy-to" commands for copying files from a running
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering container to the host or vice versa.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * machinectl gained support for a new "bind" command to bind
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering mount host directories into local containers. This is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering currently only supported for nspawn containers.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * networkd gained support for configuring bridge forwarding
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering database entries (fdb) from .network files.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * A new tiny daemon "systemd-importd" has been added that can
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering download container images in tar, raw, qcow2 or dkr formats,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering and make them available locally in /var/lib/machines, so
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering that they can run as nspawn containers. The daemon can GPG
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering verify the downloads (not supported for dkr, since it has no
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering provisions for verifying downloads). It will transparently
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering decompress bz2, xz, gzip compressed downloads if necessary,
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering and restore sparse files on disk. The daemon uses privilege
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering separation to ensure the actual download logic runs with
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering fewer privileges than the daemon itself. machinectl has
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering make the functionality of importd available to the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering user. With this in place the Fedora and Ubuntu "Cloud"
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering images can be downloaded and booted as containers unmodified
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering (the Fedora images lack the appropriate GPG signature files
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering currently, so they cannot be verified, but this will change
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering soon, hopefully). Note that downloading images is currently
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering only fully supported on btrfs.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * machinectl is now able to list container images found in
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering /var/lib/machines, along with some metadata about sizes of
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering disk and similar. If the directory is located on btrfs and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering quota is enabled, this includes quota display. A new command
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering "image-status" has been added that shows additional
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering information about images.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * machinectl is now able to clone container images
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering efficiently, if the underlying file system (btrfs) supports
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering it, with the new "machinectl list-images" command. It also
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering gained commands for renaming and removing images, as well as
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering marking them read-only or read-write (supported also on
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering legacy file systems).
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * networkd gained support for collecting LLDP network
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering announcements, from hardware that supports this. This is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering shown in networkctl output.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd-run gained support for a new -t (--pty) switch for
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering invoking a binary on a pty whose input and output is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering connected to the invoking terminal. This allows executing
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering processes as system services while interactively
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering communicating with them via the terminal. Most interestingly
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering this is supported across container boundaries. Invoking
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering "systemd-run -t /bin/bash" is an alternative to running a
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering full login session, the difference being that the former
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering will not register a session, nor go through the PAM session
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * tmpfiles gained support for a new "v" line type for creating
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering btrfs subvolumes. If the underlying file system is a legacy
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering file system, this automatically degrades to creating a
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering normal directory. Among others /var/lib/machines is now
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering created like this at boot, should it be missing.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * The directory /var/lib/containers/ has been deprecated and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering been replaced by /var/lib/machines. The term "machines" has
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering been used in the systemd context as generic term for both
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering VMs and containers, and hence appears more appropriate for
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering this, as the directory can also contain raw images bootable
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * systemd-nspawn when invoked with -M but without --directory=
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering or --image= is now capable of searching for the container
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering root directory, subvolume or disk image automatically, in
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering /var/lib/machines. systemd-nspawn@.service has been updated
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering to make use of this, thus allowing it to be used for raw
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering disk images, too.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering * A new machines.target unit has been introduced that is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering supposed to group all containers/VMs invoked as services on
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering the system. systemd-nspawn@.service has been updated to
ext3/ext4 however. This should be OK though as journald does
per-service in PID 1.This is useful for daemons to ensure
various sockets connected to all the system's stdout/stderr
but allows PgUp/PgDn work.
* The /etc/crypttab option header= as known from Debian is now
user/session following the status output. Similar,
done in the VM/container itself, but simply what the
session/user parameter in which case they apply to the
caller's session/user.
per-link IPv4/IPv6 packet forwarding as well as IPv4
* /etc/os-release gained support for a Distribution Privacy
* systemd now exposes the memory.usage_in_bytes cgroup
copying it from /usr/lib to /etc). This will invoke the
chroot directory, /proc/$PID/status, and a list of open file
.conf.d configuration directories in /etc/, /run/,
journal-upload.conf. Note that distributions should use the
configuration directories in /usr/lib/; the directories in
* A new service systemd-machine-id-commit.service has been
boot, and /etc/machine-id is not initialized (but an empty
luks.name= argument.
Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
persistent storage is enabled. systemd-journal-flush.service
$XDG_RUNTIME_DIR/systemd/user/. This is similar to the
/run/systemd/user directory that was already previously
* Job timeouts (i.e. time-outs on the time a job that is
basic.target) hangs and does not complete for at least
an immediate power-off/reboot operation is triggered. This
Discard options specified for swaps in /etc/fstab are now
the user input is shown, useful e.g. for user names.
* The default sysctl.d/ snippets will now set:
net.core.default_qdisc = fq_codel
rescue.target), which was previously available only by
mount.usrfstype= have been added that match root=, rootflags=,
similar coredump/backtrace behaviour as services that hit a
/usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
Conflicts=systemd-timesyncd.service
well as the user/group databases, which should enhance
* /etc/machine-info now has new fields for configuring the
next releases we intend to add a DNSSEC and mDNS/DNS-SD
be started only after timer-sync.target has been
(ForwardToSyslog= in journald.conf).
* The default sysctl.d/ snippets will now set
creates system users and groups in /etc/passwd and
definitions in /usr/lib/sysusers.d/. This is useful to
with two default sysusers.d/ files for the most basic
/var/cache/man/ has been removed from the default
automatic clean-up of /var/cache/man will take place.
themselves before the new systemd-update-done.service, which
as tun/tap and dummy devices.
* The /etc/os-release file should now be placed in
/usr/lib/os-release. The old location is automatically
created as symlink. /usr/lib is the more appropriate
symlink/copy the files from) is now optional. If omitted the
same file os copied from /usr/share/factory/ suffixed by the
shipped in /usr/share/factory/etc.
* A new passive target cryptsetup-pre.target has been added
on disk (in /var/lib/systemd/coredump, possibly compressed),
/etc/systemd/coredump.conf has been added to configure this
* New kernel command line options "systemd.wants=" (for
pulling an additional unit during boot), "systemd.mask="
"systemd.debug-shell" (for enabling the debug shell on tty9)
* systemd.pc now exports a number of additional directories,
container (read from /etc/os-release and
/usr/lib/os-release) on the bus. This is now shown in
the kernel modules to /etc/modules-load.d/ as a work-around.
* The resolv.conf file systemd-resolved generates has been
moved to /run/systemd/resolve/. If you have a symlink from
/etc/resolv.conf, it might be necessary to correct it.
used for a service (which makes /dev/log itself unavailable,
of LSB/SysV init scripts nowadays.
/var has been added. This is enough to create the /var/run →
the sgid/suid/sticky bits will be masked for all
* A new passive target unit "network-pre.target" has been
* The "floppy" group that previously owned the /dev/fd*
get a dependency on network-online.target rather than simply
network.target. This should bring LSB handling closer to
* A new fsck.repair= kernel option has been added to control
manages resolv.conf based on per-interface DNS
default. It will delay network-online.target until a network
configured hostname in /etc/hostname (unless set to
service, rescue/emergency mode and system shutdown. This
be turned off by using the RemoveIPC= switch of logind.conf.
* /sys/fs/cgroup/ is now mounted read-only after all cgroup
find to implement shm_open() if /dev/shm is not available
* A new system.conf configuration option
* The systemd configuration file system.conf gained new
DefaultMemoryAccounting= to globally turn on/off accounting
/etc/fstab and without root= on the kernel command line on
* The sd-bus.h bus API gained a new sd_bus_track object for
tracking the life-cycle of bus peers. Note that sd-bus.h is
filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
still does not support), as /dev/shm and /tmp are still
suspend/resume cycle, and 3min after system boot before
according to SI conventions (i.e. to the base 1000) when
with IEC conventions (i.e. to the base 1024) for software
based on the /proc/devices listing. For example, with the
enabled/disabled using systemctl. It still is enabled by
* The compatibility libraries for libsystemd-journal.so,
libsystemd-daemon.so do not make use of IFUNC
anymore. Instead, we now build libsystemd.so multiple times
* Add a new tool to save/restore rfkill state on
* Save/restore state of keyboard backlights in addition to
display backlights on shutdown/boot.
from files in /etc/systemd/network/*.link. These files can
80-net-name-slot.rules udev configuration file has been
be adapated to override 99-default.link instead.
introspection data anymore to /usr/share/dbus-1/interfaces,
* A new API "sd-event.h" has been added that implements a
* A new API "sd-rntl.h" has been added that provides an API
style to "sd-bus.h".
* A new API "sd-dhcp-client.h" has been added that provides a
"systemd.restore_state=0|1". When set to "0", none of the
* The FsckPassNo= compatibility option in mount/service units
* /etc/systemd/system.conf gained new settings to configure
* The "sd-login.h" API gained three new calls:
* The udev hardware database now also carries vendor/product
* The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
example, a line that creates /run/nologin).
* A new API "sd-resolve.h" has been added which provides a simple
"sd-daemon.h" are no longer found in individual libraries
merged them into a single library, libsystemd.so, which
switch (see below). Note that "sd-dhcp-client.h" is not part
provides, services of/to other APIs). To make the transition
* All of the kdbus logic and the new APIs "sd-bus.h",
and "sd-utf8.h" are compile-time optional via the
systemd will automatically load the kdbus.ko kernel module. At
is specified, and the kdbus.ko kernel module is available, and
version of kdbus.ko or a newer systemd will not be compatible with
* When parsing /etc/crypttab, support for a new key-slot=
SystemCallArchitectures= setting in system.conf now to turn
* A new kernel command line option luks.options= is understood
encrypted partitions specified with luks.uuid=.
* tmpfiles.d(5) snippets may now use specifier expansion in
* A new tmpfiles.d(5) command "m" has been introduced which
may be used to change the owner/group/access mode of a file
cgroup attribute memory.soft_limit= is currently badly
* The memory.use_hierarchy cgroup attribute is now enabled for
would then dead lock. A tmpfiles.d(5) snippet included in
* Backlight and random seed files in /var/lib/ have moved into
the /var/lib/systemd/ directory, in order to centralize all
* If the option "tries=0" is set for an entry of /etc/crypttab
synonymous to "allow-discards" in /etc/crypttab. In fact,
* A minimal tool to save/restore the display backlight
/etc/fstab becomes optional for many setups as systemd can
line systemd.setenv= assignment.
/etc/sysctl.conf. If desired, the file should be symlinked
devices such as /dev/snd/sequencer whithout loading the
subslice of system.slice unless something else is explicitly
implicitly be placed in system-sshd.slice rather than
system.slice as before.
Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
default there are now three slices: system.slice (for all
system services), user.slice (for all user sessions),
machine.slice (for VMs and containers).
creates/removes/manages cgroups.
VMs/containers. nspawn has been updated accordingly, and
of meta information about the VMs/containers, and assign
and exposed in "ps" and similar tools. machined/machinectl
"systemd.log_level=debug" already did before.
added to configure the default.target symlink, which
/etc/systemd/system.conf to set environment variables for
processes. journactl/systemctl has been updated to make use
* systemd-nspawn will now create /etc/resolv.conf if
implicitly. This makes /etc/hosts an optional file and
* libsystemd-logind.so gained a new call
VMs/containers coming and going.
/var/lib/container/foobar it is now sufficient to run
* A new configuration file /etc/systemd/sleep.conf has been
* systemd gained a new unit 'systemd-static-nodes.service'
services, user processes and containers/virtual
name of the container/VM a specific process belongs to.
* The cryptsetup logic now understands the "luks.key=" kernel
* Python systemd.journal module was updated to wrap recently
changed to bring the low level interface in s.j._Reader
s.j.Reader was updated to wrap and convert all data about
* If /etc/crypttab refers to password files stored on
expressions for all time spans under 1min, i.e. "5.123456s"
more useful graphs. I.e. it is now possible to create simple
* /etc/os-release files gained a new BUILD_ID= field for usage
changed. The private /tmp and /var/tmp directories are now
with a new kernel command line switch: net.ifnames=0.
can be configured via SyncIntervalSec= in journald.conf.
* There's a new remote-fs-setup.target unit that can be used
from. This complements sockets.target with a similar
files without having to edit/override the unit files
change one value for a service file foobar.service he can
/etc/systemd/system/foobar.service.d/*.conf. The unit logic
them there; or creating a new file in /etc/systemd/system/
overriding semantics between /usr/lib, /etc and /run apply
$null. Also, the mail-transfer-agent.target unit backing
are implied anyway for normal services. syslog.target has
* The various "environment" files, such as /etc/locale.conf
seat. (i.e. the device of a seat that needs to be around for
* The log messages for lid events and power/sleep keypresses
journal output in reverse order (i.e. newest line first).
than just journal/log file access. This new group is now
up for /var/log/journal to give "adm" and "wheel" read
add read access to "adm" + "wheel" to /var/log/journal, and
all existing/future journal files. To normal users and
scripts need to create these system user/group at
systemd.time(7).
containers. i.e. think about autospawning an entire OS image
* logind can now automatically suspend/hibernate/shutdown the
* /etc/machine-info and hostnamed now also expose the chassis
user/vendor or is automatically determined from ACPI and DMI
devices as seat masters, i.e. as devices that are required
from an indexed database that is keyed by vendor/product IDs
userspace device metadata. Previously, data from the PCI/USB
(i.e. those for non-standard runlevels such as 'b' or 'S')
or ArchLinux /etc/rc.conf support. We recommend the
systemd without blkid and/or kmod support.
more than once. I.e. in addition to transitions from the
* We now install a README each in /var/log/ and
/etc/rc.d/init.d explaining where the system logs and init
* browse.html now allows filtering and showing detailed
* journald.conf's RuntimeMinSize=, PersistentMinSize= settings
* If /etc/vconsole.conf is non-existent or empty we will no
the userspace fonts/key maps we previously overloaded them
/etc/vconsole.conf with the appropriate contents.
"systemd-journal-gatewayd.service". This service provides
# systemctl start systemd-journal-gatewayd.service
/var/log/messages compatible format. The same as JSON:
* nspawn will now create a symlink /etc/localtime in the
changed to create/update the appropriate symlink.
systemd-journald.service" to see this information.
* HandleSleepKey= in logind.conf has been split up into
journald.conf which may be used to control how user journals
are split off. See journald.conf(5) for details.
* timedated will no longer write or process /etc/timezone,
anymore /etc/localtime always being a symlink is now safe,
and hence the information in /etc/timezone is not necessary
/dev/kmsg has now been added and is enabled by default.
* Support for reading kernel messages from /proc/kmsg has now
reading structured messages from /dev/kmsg (see
above). /proc/kmsg is now exclusive property of classic
warning/notice log levels in bright white. It also supports
* libsystemd-logind.so gained a new call sd_journal_perror()
* /etc/crypttab entries now understand the new keyfile-size=
* The prefdm.service file has been removed. Distributions
* /etc/crypttab entries now understand the new keyfile-offset=
systemd-journal-flush.service, rather than implicitly simply
by seeing /var/log/journal to be writable.
/usr/lib/systemd/systemd-readahead analyze /.readahead
systemctl enable debug-shell.service
udevadm info /dev/sda
udevadm info /sys/class/block/sda
* We now include RPM macros for service enabling/disabling
systemctl status /dev/sda
system.conf parsing.
* systemd.confirm_spawn= on the kernel command line should now
from /usr/lib/systemd/ntp-units.d/*.list,
systemd-timedated-ntp.target has been removed.
journald.conf. These options allow reducing the amount of
* TimerSlackNSec= can now be specified in system.conf for
/usr/bin/avahi-daemon" to get all log output of a specific
* CapabilityBoundingSet= in system.conf now also influences
* udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
in /usr/lib/systemd/. Standalone builds or non-systemd systems need
* The config files: /etc/systemd/systemd-logind.conf and
/etc/systemd/systemd-journald.conf have been renamed to
* logind now implements a sleep/shutdown/idle inhibiting logic
systemd-vconsole-setup.service) now detect properly if they
/etc/fstab are out of date due to changes in fstab that
between user/admin configuration and vendor defaults.
* PrivateTmp= now affects both /tmp and /var/tmp.
system.conf. Mounting file systems at boot has to take place
masked and /etc/fstab can override it.
* Show /etc/os-release data in systemd-analyze output
* sd-login.h is C++ comptaible again
* Extend the /etc/os-release format on request of the Debian
* systems lacking /etc/os-release are no longer supported.
* Various functionality updates to libsystemd-login.so
* The systemd binary is installed /usr/lib/systemd/systemd now;
An existing /sbin/init symlink needs to be adapted with the
* A new kernel command line option systemd.setenv= is
with STDERR/STDOUT connected to the journal. Can also act as
* Introduce remote-fs-pre.target which is ordered before all
fixed (i.e. PID file creation must have finished before the
* /etc/rc.local is now hooked in via a generator binary, and
of /usr/local by default.