You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

7859 lines
398 KiB

systemd System and Service Manager
CHANGES WITH 236:
* The modprobe.d/ drop-in for the bonding.ko kernel module introduced
in v235 has been extended to also set the dummy.ko module option
numdummies=0, preventing the kernel from automatically creating
dummy0. All dummy interfaces must now be explicitly created.
* Unknown '%' specifiers in configuration files are now rejected. This
applies to units and tmpfiles.d configuration. Any percent characters
that are followed by a letter or digit that are not supposed to be
interpreted as the beginning of a specifier should be escaped by
doubling ("%%"). (So "size=5%" is still accepted, as well as
"size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
valid specifiers today.)
* systemd-resolved now maintains a new dynamic
/run/systemd/resolve/stub-resolv.conf compatibility file. It is
recommended to make /etc/resolv.conf a symlink to it. This file
points at the systemd-resolved stub DNS 127.0.0.53 resolver and
includes dynamically acquired search domains, achieving more correct
DNS resolution by software that bypasses local DNS APIs such as NSS.
* The "uaccess" udev tag has been dropped from /dev/kvm and
/dev/dri/renderD*. These devices now have the 0666 permissions by
default (but this may be changed at build-time). /dev/dri/renderD*
will now be owned by the "render" group along with /dev/kfd.
* "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
systemd-journal-gatewayd.service and
systemd-journal-upload.service. This means "nss-systemd" must be
enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
services are resolved properly.
* In /etc/fstab two new mount options are now understood:
x-systemd.makefs and x-systemd.growfs. The former has the effect that
the configured file system is formatted before it is mounted, the
latter that the file system is resized to the full block device size
after it is mounted (i.e. if the file system is smaller than the
partition it resides on, it's grown). This is similar to the fsck
logic in /etc/fstab, and pulls in systemd-makefs@.service and
systemd-growfs@.service as necessary, similar to
systemd-fsck@.service. Resizing is currently only supported on ext4
and btrfs.
* In systemd-networkd, the IPv6 RA logic now optionally may announce
DNS server and domain information.
* Support for the LUKS2 on-disk format for encrypted partitions has
been added. This requires libcryptsetup2 during compilation and
runtime.
* The systemd --user instance will now signal "readiness" when its
basic.target unit has been reached, instead of when the run queue ran
empty for the first time.
* Tmpfiles.d with user configuration are now also supported.
systemd-tmpfiles gained a new --user switch, and snippets placed in
~/.config/user-tmpfiles.d/ and corresponding directories will be
executed by systemd-tmpfiles --user running in the new
systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
running in the user session.
* Unit files and tmpfiles.d snippets learnt three new % specifiers:
%S resolves to the top-level state directory (/var/lib for the system
instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
top-level cache directory (/var/cache for the system instance,
$XDG_CACHE_HOME for the user instance), %L resolves to the top-level
logs directory (/var/log for the system instance,
$XDG_CONFIG_HOME/log/ for the user instance). This matches the
existing %t specifier, that resolves to the top-level runtime
directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
user instance).
* journalctl learnt a new parameter --output-fields= for limiting the
set of journal fields to output in verbose and JSON output modes.
* systemd-timesyncd's configuration file gained a new option
RootDistanceMaxSec= for setting the maximum root distance of servers
it'll use, as well as the new options PollIntervalMinSec= and
PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
* bootctl gained a new command "list" for listing all available boot
menu items on systems that follow the boot loader specification.
* systemctl gained a new --dry-run switch that shows what would be done
instead of doing it, and is currently supported by the shutdown and
sleep verbs.
* ConditionSecurity= can now detect the TOMOYO security module.
* Unit file [Install] sections are now also respected in unit drop-in
files. This is intended to be used by drop-ins under /usr/lib/.
* systemd-firstboot may now also set the initial keyboard mapping.
* Udev "changed" events for devices which are exposed as systemd
.device units are now propagated to units specified in
ReloadPropagatedFrom= as reload requests.
* If a udev device has a SYSTEMD_WANTS= property containing a systemd
unit template name (i.e. a name in the form of 'foobar@.service',
without the instance component between the '@' and - the '.'), then
the escaped sysfs path of the device is automatically used as the
instance.
* SystemCallFilter= in unit files has been extended so that an "errno"
can be specified individually for each system call. Example:
SystemCallFilter=~uname:EILSEQ.
* The cgroup delegation logic has been substantially updated. Delegate=
now optionally takes a list of controllers (instead of a boolean, as
before), which lists the controllers to delegate at least.
* The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
* A new LogLevelMax= setting configures the maximum log level any
process of the service may log at (i.e. anything with a lesser
priority than what is specified is automatically dropped). A new
LogExtraFields= setting allows configuration of additional journal
fields to attach to all log records generated by any of the unit's
processes.
* New StandardInputData= and StandardInputText= settings along with the
new option StandardInput=data may be used to configure textual or
binary data that shall be passed to the executed service process via
standard input, encoded in-line in the unit file.
* StandardInput=, StandardOutput= and StandardError= may now be used to
connect stdin/stdout/stderr of executed processes directly with a
file or AF_UNIX socket in the file system, using the new "file:" option.
* A new unit file option CollectMode= has been added, that allows
tweaking the garbage collection logic for units. It may be used to
tell systemd to garbage collect units that have failed automatically
(normally it only GCs units that exited successfully). systemd-run
and systemd-mount expose this new functionality with a new -G option.
* "machinectl bind" may now be used to bind mount non-directories
(i.e. regularfiles, devices, fifos, sockets).
* systemd-analyze gained a new verb "calendar" for validating and
testing calendar time specifications to use for OnCalendar= in timer
units. Besides validating the expression it will calculate the next
time the specified expression would elapse.
* In addition to the pre-existing FailureAction= unit file setting
there's now SuccessAction=, for configuring a shutdown action to
execute when a unit completes successfully. This is useful in
particular inside containers that shall terminate after some workload
has been completed. Also, both options are now supported for all unit
types, not just services.
* networkds's IP rule support gained two new options
IncomingInterface= and OutgoingInterface= for configuring the incoming
and outgoing interfaces of configured rules. systemd-networkd also
gained support for "vxcan" network devices.
* networkd gained a new setting RequiredForOnline=, taking a
boolean. If set, systemd-wait-online will take it into consideration
when determining that the system is up, otherwise it will ignore the
interface for this purpose.
* The sd_notify() protocol gained support for a new operation: with
FDSTOREREMOVE=1 file descriptors may be removed from the per-service
store again, ahead of POLLHUP or POLLERR when they are removed
anyway.
* A new document UIDS-GIDS.md has been added to the source tree, that
documents the UID/GID range and assignment assumptions and
requirements of systemd.
* The watchdog device PID 1 will ping may now be configured through the
WatchdogDevice= configuration file setting, or by setting the
systemd.watchdog_service= kernel commandline option.
* systemd-resolved's gained support for registering DNS-SD services on
the local network using MulticastDNS. Services may either be
registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
the same dir below /run, /usr/lib), or through its D-Bus API.
* The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
extend the effective start, runtime, and stop time. The service must
continue to send EXTEND_TIMEOUT_USEC within the period specified to
prevent the service manager from making the service as timedout.
* systemd-resolved's DNSSEC support gained support for RFC 8080
(Ed25519 keys and signatures).
* The systemd-resolve command line tool gained a new set of options
--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
--set-nta= and --revert to configure per-interface DNS configuration
dynamically during runtime. It's useful for pushing DNS information
into systemd-resolved from DNS hook scripts that various interface
managing software supports (such as pppd).
* systemd-nspawn gained a new --network-namespace-path= command line
option, which may be used to make a container join an existing
network namespace, by specifying a path to a "netns" file.
Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek, Zeal Jagannatha
— Berlin, 2017-12-14
CHANGES WITH 235:
* INCOMPATIBILITY: systemd-logind.service and other long-running
services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
communication with the outside. This generally improves security of
the system, and is in almost all cases a safe and good choice, as
these services do not and should not provide any network-facing
functionality. However, systemd-logind uses the glibc NSS API to
query the user database. This creates problems on systems where NSS
is set up to directly consult network services for user database
lookups. In particular, this creates incompatibilities with the
"nss-nis" module, which attempts to directly contact the NIS/YP
network servers it is configured for, and will now consistently
fail. In such cases, it is possible to turn off IP sandboxing for
systemd-logind.service (set IPAddressDeny= in its [Service] section
to the empty string, via a .d/ unit file drop-in). Downstream
distributions might want to update their nss-nis packaging to include
such a drop-in snippet, accordingly, to hide this incompatibility
from the user. Another option is to make use of glibc's nscd service
to proxy such network requests through a privilege-separated, minimal
local caching daemon, or to switch to more modern technologies such
sssd, whose NSS hook-ups generally do not involve direct network
access. In general, we think it's definitely time to question the
implementation choices of nss-nis, i.e. whether it's a good idea
today to embed a network-facing loadable module into all local
processes that need to query the user database, including the most
trivial and benign ones, such as "ls". For more details about
IPAddressDeny= see below.
* A new modprobe.d drop-in is now shipped by default that sets the
bonding module option max_bonds=0. This overrides the kernel default,
to avoid conflicts and ambiguity as to whether or not bond0 should be
managed by systemd-networkd or not. This resolves multiple issues
with bond0 properties not being applied, when bond0 is configured
with systemd-networkd. Distributors may choose to not package this,
however in that case users will be prevented from correctly managing
bond0 interface using systemd-networkd.
* systemd-analyze gained new verbs "get-log-level" and "get-log-target"
which print the logging level and target of the system manager. They
complement the existing "set-log-level" and "set-log-target" verbs
used to change those values.
* journald.conf gained a new boolean setting ReadKMsg= which defaults
to on. If turned off kernel log messages will not be read by
systemd-journald or included in the logs. It also gained a new
setting LineMax= for configuring the maximum line length in
STDOUT/STDERR log streams. The new default for this value is 48K, up
from the previous hardcoded 2048.
* A new unit setting RuntimeDirectoryPreserve= has been added, which
allows more detailed control of what to do with a runtime directory
configured with RuntimeDirectory= (i.e. a directory below /run or
$XDG_RUNTIME_DIR) after a unit is stopped.
* The RuntimeDirectory= setting for units gained support for creating
deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
one top-level directory.
* Units gained new options StateDirectory=, CacheDirectory=,
LogsDirectory= and ConfigurationDirectory= which are closely related
to RuntimeDirectory= but manage per-service directories below
/var/lib, /var/cache, /var/log and /etc. By making use of them it is
possible to write unit files which when activated automatically gain
properly owned service specific directories in these locations, thus
making unit files self-contained and increasing compatibility with
stateless systems and factory reset where /etc or /var are
unpopulated at boot. Matching these new settings there's also
StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
ConfigurationDirectoryMode= for configuring the access mode of these
directories. These settings are particularly useful in combination
with DynamicUser=yes as they provide secure, properly-owned,
writable, and stateful locations for storage, excluded from the
sandbox that such services live in otherwise.
* Automake support has been removed from this release. systemd is now
Meson-only.
* systemd-journald will now aggressively cache client metadata during
runtime, speeding up log write performance under pressure. This comes
at a small price though: as much of the metadata is read
asynchronously from /proc/ (and isn't implicitly attached to log
datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
metadata stored alongside a log entry might be slightly
out-of-date. Previously it could only be slightly newer than the log
message. The time window is small however, and given that the kernel
is unlikely to be improved anytime soon in this regard, this appears
acceptable to us.
* nss-myhostname/systemd-resolved will now by default synthesize an
A/AAAA resource record for the "_gateway" hostname, pointing to the
current default IP gateway. Previously it did that for the "gateway"
name, hampering adoption, as some distributions wanted to leave that
host name open for local use. The old behaviour may still be
requested at build time.
* systemd-networkd's [Address] section in .network files gained a new
Scope= setting for configuring the IP address scope. The [Network]
section gained a new boolean setting ConfigureWithoutCarrier= that
tells systemd-networkd to ignore link sensing when configuring the
device. The [DHCP] section gained a new Anonymize= boolean option for
turning on a number of options suggested in RFC 7844. A new
[RoutingPolicyRule] section has been added for configuring the IP
routing policy. The [Route] section has gained support for a new
Type= setting which permits configuring
blackhole/unreachable/prohibit routes.
* The [VRF] section in .netdev files gained a new Table= setting for
configuring the routing table to use. The [Tunnel] section gained a
new Independent= boolean field for configuring tunnels independent of
an underlying network interface. The [Bridge] section gained a new
GroupForwardMask= option for configuration of propagation of link
local frames between bridge ports.
* The WakeOnLan= setting in .link files gained support for a number of
new modes. A new TCP6SegmentationOffload= setting has been added for
configuring TCP/IPv6 hardware segmentation offload.
* The IPv6 RA sender implementation may now optionally send out RDNSS
and RDNSSL records to supply DNS configuration to peers.
* systemd-nspawn gained support for a new --system-call-filter= command
line option for adding and removing entries in the default system
call filter it applies. Moreover systemd-nspawn has been changed to
implement a system call whitelist instead of a blacklist.
* systemd-run gained support for a new --pipe command line option. If
used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
are directly passed on to the activated transient service
executable. This allows invoking arbitrary processes as systemd
services (for example to take benefit of dependency management,
accounting management, resource management or log management that is
done automatically for services) — while still allowing them to be
integrated in a classic UNIX shell pipeline.
* When a service sends RELOAD=1 via sd_notify() and reload propagation
using ReloadPropagationTo= is configured, a reload is now propagated
to configured units. (Previously this was only done on explicitly
requested reloads, using "systemctl reload" or an equivalent
command.)
* For each service unit a restart counter is now kept: it is increased
each time the service is restarted due to Restart=, and may be
queried using "systemctl show -p NRestarts …".
* New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
@signal and @timer have been added, for usage with SystemCallFilter=
in unit files and the new --system-call-filter= command line option
of systemd-nspawn (see above).
* ExecStart= lines in unit files gained two new modifiers: when a
command line is prefixed with "!" the command will be executed as
configured, except for the credentials applied by
setuid()/setgid()/setgroups(). It is very similar to the pre-existing
"+", but does still apply namespacing options unlike "+". There's
also "!!" now, which is mostly identical, but becomes a NOP on
systems that support ambient capabilities. This is useful to write
unit files that work with ambient capabilities where possible but
automatically fall back to traditional privilege dropping mechanisms
on systems where this is not supported.
* ListenNetlink= settings in socket units now support RDMA netlink
sockets.
* A new unit file setting LockPersonality= has been added which permits
locking down the chosen execution domain ("personality") of a service
during runtime.
* A new special target "getty-pre.target" has been added, which is
ordered before all text logins, and may be used to order services
before textual logins acquire access to the console.
* systemd will now attempt to load the virtio-rng.ko kernel module very
early on if a VM environment supporting this is detected. This should
improve entropy during early boot in virtualized environments.
* A _netdev option is now supported in /etc/crypttab that operates in a
similar way as the same option in /etc/fstab: it permits configuring
encrypted devices that need to be ordered after the network is up.
Following this logic, two new special targets
remote-cryptsetup-pre.target and remote-cryptsetup.target have been
added that are to cryptsetup.target what remote-fs.target and
remote-fs-pre.target are to local-fs.target.
* Service units gained a new UnsetEnvironment= setting which permits
unsetting specific environment variables for services that are
normally passed to it (for example in order to mask out locale
settings for specific services that can't deal with it).
* Units acquired a new boolean option IPAccounting=. When turned on, IP
traffic accounting (packet count as well as byte count) is done for
the service, and shown as part of "systemctl status" or "systemd-run
--wait".
* Service units acquired two new options IPAddressAllow= and
IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
for configuring a simple IP access control list for all sockets of
the unit. These options are available also on .slice and .socket
units, permitting flexible access list configuration for individual
services as well as groups of services (as defined by a slice unit),
including system-wide. Note that IP ACLs configured this way are
enforced on every single IPv4 and IPv6 socket created by any process
of the service unit, and apply to ingress as well as egress traffic.
* If CPUAccounting= or IPAccounting= is turned on for a unit a new
structured log message is generated each time the unit is stopped,
containing information about the consumed resources of this
invocation.
* A new setting KeyringMode= has been added to unit files, which may be
used to control how the kernel keyring is set up for executed
processes.
* "systemctl poweroff", "systemctl reboot", "systemctl halt",
"systemctl kexec" and "systemctl exit" are now always asynchronous in
behaviour (that is: these commands return immediately after the
operation was enqueued instead of waiting for the operation to
complete). Previously, "systemctl poweroff" and "systemctl reboot"
were asynchronous on systems using systemd-logind (i.e. almost
always, and like they were on sysvinit), and the other three commands
were unconditionally synchronous. With this release this is cleaned
up, and callers will see the same asynchronous behaviour on all
systems for all five operations.
* systemd-logind gained new Halt() and CanHalt() bus calls for halting
the system.
* .timer units now accept calendar specifications in other timezones
than UTC or the local timezone.
* The tmpfiles snippet var.conf has been changed to create
/var/log/btmp with access mode 0660 instead of 0600. It was owned by
the "utmp" group already, and it appears to be generally understood
that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
databases. Previously this was implemented correctly for all these
databases excepts btmp, which has been opened up like this now
too. Note that while the other databases are world-readable
(i.e. 0644), btmp is not and remains more restrictive.
* The systemd-resolve tool gained a new --reset-server-features
switch. When invoked like this systemd-resolved will forget
everything it learnt about the features supported by the configured
upstream DNS servers, and restarts the feature probing logic on the
next resolver look-up for them at the highest feature level
again.
* The status dump systemd-resolved sends to the logs upon receiving
SIGUSR1 now also includes information about all DNS servers it is
configured to use, and the features levels it probed for them.
Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2017-10-06
CHANGES WITH 234:
* Meson is now supported as build system in addition to Automake. It is
our plan to remove Automake in one of our next releases, so that
Meson becomes our exclusive build system. Hence, please start using
the Meson build system in your downstream packaging. There's plenty
of documentation around how to use Meson, the extremely brief
summary:
./autogen.sh && ./configure && make && sudo make install
becomes:
meson build && ninja -C build && sudo ninja -C build install
* Unit files gained support for a new JobRunningTimeoutUSec= setting,
which permits configuring a timeout on the time a job is
running. This is particularly useful for setting timeouts on jobs for
.device units.
* Unit files gained two new options ConditionUser= and ConditionGroup=
for conditionalizing units based on the identity of the user/group
running a systemd user instance.
* systemd-networkd now understands a new FlowLabel= setting in the
[VXLAN] section of .network files, as well as a Priority= in
[Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
gained support for configuration of GENEVE links, and IPv6 address
labels. The [Network] section gained the new IPv6ProxyNDP= setting.
* .link files now understand a new Port= setting.
* systemd-networkd's DHCP support gained support for DHCP option 119
(domain search list).
* systemd-networkd gained support for serving IPv6 address ranges using
the Router Advertisment protocol. The new .network configuration
section [IPv6Prefix] may be used to configure the ranges to
serve. This is implemented based on a new, minimal, native server
implementation of RA.
* journalctl's --output= switch gained support for a new parameter
"short-iso-precise" for a mode where timestamps are shown as precise
ISO date values.
* systemd-udevd's "net_id" builtin may now generate stable network
interface names from IBM PowerVM VIO devices as well as ACPI platform
devices.
* MulticastDNS support in systemd-resolved may now be explicitly
enabled/disabled using the new MulticastDNS= configuration file
option.
* systemd-resolved may now optionally use libidn2 instead of the libidn
for processing internationalized domain names. Support for libidn2
should be considered experimental and should not be enabled by
default yet.
* "machinectl pull-tar" and related call may now do verification of
downloaded images using SUSE-style .sha256 checksum files in addition
to the already existing support for validating using Ubuntu-style
SHA256SUMS files.
* sd-bus gained support for a new sd_bus_message_appendv() call which
is va_list equivalent of sd_bus_message_append().
* sd-boot gained support for validating images using SHIM/MOK.
* The SMACK code learnt support for "onlycap".
* systemd-mount --umount is now much smarter in figuring out how to
properly unmount a device given its mount or device path.
* The code to call libnss_dns as a fallback from libnss_resolve when
the communication with systemd-resolved fails was removed. This
fallback was redundant and interfered with the [!UNAVAIL=return]
suffix. See nss-resolve(8) for the recommended configuration.
* systemd-logind may now be restarted without losing state. It stores
the file descriptors for devices it manages in the system manager
using the FDSTORE= mechanism. Please note that further changes in
other components may be required to make use of this (for example
Xorg has code to listen for stops of systemd-logind and terminate
itself when logind is stopped or restarted, in order to avoid using
stale file descriptors for graphical devices, which is now
counterproductive and must be reverted in order for restarts of
systemd-logind to be safe. See
https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
* All kernel install plugins are called with the environment variable
KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
/etc/machine-id. If the file is missing or empty, the variable is
empty and BOOT_DIR_ABS is the path of a temporary directory which is
removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID
is empty, all plugins should not put anything in BOOT_DIR_ABS.
Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
Георгиевски
— Berlin, 2017-07-12
CHANGES WITH 233:
* The "hybrid" control group mode has been modified to improve
compatibility with "legacy" cgroups-v1 setups. Specifically, the
"hybrid" setup of /sys/fs/cgroup is now pretty much identical to
"legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
cgroups-v1 hierarchy), the only externally visible change being that
the cgroups-v2 hierarchy is also mounted, to
/sys/fs/cgroup/unified. This should provide a large degree of
compatibility with "legacy" cgroups-v1, while taking benefit of the
better management capabilities of cgroups-v2.
* The default control group setup mode may be selected both a boot-time
via a set of kernel command line parameters (specifically:
systemd.unified_cgroup_hierarchy= and
systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
default selected on the configure command line
(--with-default-hierarchy=). The upstream default is "hybrid"
(i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
this will change in a future systemd version to be "unified" (pure
cgroups-v2 mode). The third option for the compile time option is
"legacy", to enter pure cgroups-v1 mode. We recommend downstream
distributions to default to "hybrid" mode for release distributions,
starting with v233. We recommend "unified" for development
distributions (specifically: distributions such as Fedora's rawhide)
as that's where things are headed in the long run. Use "legacy" for
greatest stability and compatibility only.
* Note one current limitation of "unified" and "hybrid" control group
setup modes: the kernel currently does not permit the systemd --user
instance (i.e. unprivileged code) to migrate processes between two
disconnected cgroup subtrees, even if both are managed and owned by
the user. This effectively means "systemd-run --user --scope" doesn't
work when invoked from outside of any "systemd --user" service or
scope. Specifically, it is not supported from session scopes. We are
working on fixing this in a future systemd version. (See #3388 for
further details about this.)
* DBus policy files are now installed into /usr rather than /etc. Make
sure your system has dbus >= 1.9.18 running before upgrading to this
version, or override the install path with --with-dbuspolicydir= .
* All python scripts shipped with systemd (specifically: the various
tests written in Python) now require Python 3.
* systemd unit tests can now run standalone (without the source or
build directories), and can be installed into /usr/lib/systemd/tests/
with 'make install-tests'.
* Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
kernel.
* Support for the %c, %r, %R specifiers in unit files has been
removed. Specifiers are not supposed to be dependent on configuration
in the unit file itself (so that they resolve the same regardless
where used in the unit files), but these specifiers were influenced
by the Slice= option.
* The shell invoked by debug-shell.service now defaults to /bin/sh in
all cases. If distributions want to use a different shell for this
purpose (for example Fedora's /sbin/sushell) they need to specify
this explicitly at configure time using --with-debug-shell=.
* The confirmation spawn prompt has been reworked to offer the
following choices:
(c)ontinue, proceed without asking anymore
(D)ump, show the state of the unit
(f)ail, don't execute the command and pretend it failed
(h)elp
(i)nfo, show a short summary of the unit
(j)obs, show jobs that are in progress
(s)kip, don't execute the command and pretend it succeeded
(y)es, execute the command
The 'n' choice for the confirmation spawn prompt has been removed,
because its meaning was confusing.
The prompt may now also be redirected to an alternative console by
specifying the console as parameter to systemd.confirm_spawn=.
* Services of Type=notify require a READY=1 notification to be sent
during startup. If no such message is sent, the service now fails,
even if the main process exited with a successful exit code.
* Services that fail to start up correctly now always have their
ExecStopPost= commands executed. Previously, they'd enter "failed"
state directly, without executing these commands.
* The option MulticastDNS= of network configuration files has acquired
an actual implementation. With MulticastDNS=yes a host can resolve
names of remote hosts and reply to mDNS A and AAAA requests.
* When units are about to be started an additional check is now done to
ensure that all dependencies of type BindsTo= (when used in
combination with After=) have been started.
* systemd-analyze gained a new verb "syscall-filter" which shows which
system call groups are defined for the SystemCallFilter= unit file
setting, and which system calls they contain.
* A new system call filter group "@filesystem" has been added,
consisting of various file system related system calls. Group
"@reboot" has been added, covering reboot, kexec and shutdown related
calls. Finally, group "@swap" has been added covering swap
configuration related calls.
* A new unit file option RestrictNamespaces= has been added that may be
used to restrict access to the various process namespace types the
Linux kernel provides. Specifically, it may be used to take away the
right for a service unit to create additional file system, network,
user, and other namespaces. This sandboxing option is particularly
relevant due to the high amount of recently discovered namespacing
related vulnerabilities in the kernel.
* systemd-udev's .link files gained support for a new AutoNegotiation=
setting for configuring Ethernet auto-negotiation.
* systemd-networkd's .network files gained support for a new
ListenPort= setting in the [DHCP] section to explicitly configure the
UDP client port the DHCP client shall listen on.
* .network files gained a new Unmanaged= boolean setting for explicitly
excluding one or more interfaces from management by systemd-networkd.
* The systemd-networkd ProxyARP= option has been renamed to
IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
renamed to ReduceARPProxy=. The old names continue to be available
for compatibility.
* systemd-networkd gained support for configuring IPv6 Proxy NDP
addresses via the new IPv6ProxyNDPAddress= .network file setting.
* systemd-networkd's bonding device support gained support for two new
configuration options ActiveSlave= and PrimarySlave=.
* The various options in the [Match] section of .network files gained
support for negative matching.
* New systemd-specific mount options are now understood in /etc/fstab:
x-systemd.mount-timeout= may be used to configure the maximum
permitted runtime of the mount command.
x-systemd.device-bound may be set to bind a mount point to its
backing device unit, in order to automatically remove a mount point
if its backing device is unplugged. This option may also be
configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
on the block device, which is now automatically set for all CDROM
drives, so that mounted CDs are automatically unmounted when they are
removed from the drive.
x-systemd.after= and x-systemd.before= may be used to explicitly
order a mount after or before another unit or mount point.
* Enqueued start jobs for device units are now automatically garbage
collected if there are no jobs waiting for them anymore.
* systemctl list-jobs gained two new switches: with --after, for every
queued job the jobs it's waiting for are shown; with --before the
jobs which it's blocking are shown.
* systemd-nspawn gained support for ephemeral boots from disk images
(or in other words: --ephemeral and --image= may now be
combined). Moreover, ephemeral boots are now supported for normal
directories, even if the backing file system is not btrfs. Of course,
if the file system does not support file system snapshots or
reflinks, the initial copy operation will be relatively expensive, but
this should still be suitable for many use cases.
* Calendar time specifications in .timer units now support
specifications relative to the end of a month by using "~" instead of
"-" as separator between month and day. For example, "*-02~03" means
"the third last day in February". In addition a new syntax for
repeated events has been added using the "/" character. For example,
"9..17/2:00" means "every two hours from 9am to 5pm".
* systemd-socket-proxyd gained a new parameter --connections-max= for
configuring the maximum number of concurrent connections.
* sd-id128 gained a new API for generating unique IDs for the host in a
way that does not leak the machine ID. Specifically,
sd_id128_get_machine_app_specific() derives an ID based on the
machine ID a in well-defined, non-reversible, stable way. This is
useful whenever an identifier for the host is needed but where the
identifier shall not be useful to identify the system beyond the
scope of the application itself. (Internally this uses HMAC-SHA256 as
keyed hash function using the machine ID as input.)
* NotifyAccess= gained a new supported value "exec". When set
notifications are accepted from all processes systemd itself invoked,
including all control processes.
* .nspawn files gained support for defining overlay mounts using the
Overlay= and OverlayReadOnly= options. Previously this functionality
was only available on the systemd-nspawn command line.
* systemd-nspawn's --bind= and --overlay= options gained support for
bind/overlay mounts whose source lies within the container tree by
prefixing the source path with "+".
* systemd-nspawn's --bind= and --overlay= options gained support for
automatically allocating a temporary source directory in /var/tmp
that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay
mount based on the original /var contained in the image, overlayed
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
* systemd-nspawn --image= option does now permit raw file system block
devices (in addition to images containing partition tables, as
before).
* The disk image dissection logic in systemd-nspawn gained support for
automatically setting up LUKS encrypted as well as Verity protected
partitions. When a container is booted from an encrypted image the
passphrase is queried at start-up time. When a container with Verity
data is started, the root hash is search in a ".roothash" file
accompanying the disk image (alternatively, pass the root hash via
the new --root-hash= command line option).
* A new tool /usr/lib/systemd/systemd-dissect has been added that may
be used to dissect disk images the same way as systemd-nspawn does
it, following the Bootable Partition Specification. It may even be
used to mount disk images with complex partition setups (including
LUKS and Verity partitions) to a local host directory, in order to
inspect them. This tool is not considered public API (yet), and is
thus not installed into /usr/bin. Please do not rely on its
existence, since it might go away or be changed in later systemd
versions.
* A new generator "systemd-verity-generator" has been added, similar in
style to "systemd-cryptsetup-generator", permitting automatic setup of
Verity root partitions when systemd boots up. In order to make use of
this your partition setup should follow the Discoverable Partitions
Specification, and the GPT partition ID of the root file system
partition should be identical to the upper 128bit of the Verity root
hash. The GPT partition ID of the Verity partition protecting it
should be the lower 128bit of the Verity root hash. If the partition
image follows this model it is sufficient to specify a single
"roothash=" kernel command line argument to both configure which root
image and verity partition to use as well as the root hash for
it. Note that systemd-nspawn's Verity support follows the same
semantics, meaning that disk images with proper Verity data in place
may be booted in containers with systemd-nspawn as well as on
physical systems via the verity generator. Also note that the "mkosi"
tool available at https://github.com/systemd/mkosi has been updated
to generate Verity protected disk images following this scheme. In
fact, it has been updated to generate disk images that optionally
implement a complete UEFI SecureBoot trust chain, involving a signed
kernel and initrd image that incorporates such a root hash as well as
a Verity-enabled root partition.
* The hardware database (hwdb) udev supports has been updated to carry
accelerometer quirks.
* All system services are now run with a fresh kernel keyring set up
for them. The invocation ID is stored by default in it, thus
providing a safe, non-overridable way to determine the invocation
ID of each service.
* Service unit files gained new BindPaths= and BindReadOnlyPaths=
options for bind mounting arbitrary paths in a service-specific
way. When these options are used, arbitrary host or service files and
directories may be mounted to arbitrary locations in the service's
view.
* Documentation has been added that lists all of systemd's low-level
environment variables:
https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md
* sd-daemon gained a new API sd_is_socket_sockaddr() for determining
whether a specific socket file descriptor matches a specified socket
address.
* systemd-firstboot has been updated to check for the
systemd.firstboot= kernel command line option. It accepts a boolean
and when set to false the first boot questions are skipped.
* systemd-fstab-generator has been updated to check for the
systemd.volatile= kernel command line option, which either takes an
optional boolean parameter or the special value "state". If used the
system may be booted in a "volatile" boot mode. Specifically,
"systemd.volatile" is used, the root directory will be mounted as
tmpfs, and only /usr is mounted from the actual root file system. If
"systemd.volatile=state" is used, the root directory will be mounted
as usual, but /var is mounted as tmpfs. This concept provides similar
functionality as systemd-nspawn's --volatile= option, but provides it
on physical boots. Use this option for implementing stateless
systems, or testing systems with all state and/or configuration reset
to the defaults. (Note though that many distributions are not
prepared to boot up without a populated /etc or /var, though.)
* systemd-gpt-auto-generator gained support for LUKS encrypted root
partitions. Previously it only supported LUKS encrypted partitions
for all other uses, except for the root partition itself.
* Socket units gained support for listening on AF_VSOCK sockets for
communication in virtualized QEMU environments.
* The "configure" script gained a new option --with-fallback-hostname=
for specifying the fallback hostname to use if none is configured in
/etc/hostname. For example, by specifying
--with-fallback-hostname=fedora it is possible to default to a
hostname of "fedora" on pristine installations.
* systemd-cgls gained support for a new --unit= switch for listing only
the control groups of a specific unit. Similar --user-unit= has been
added for listing only the control groups of a specific user unit.
* systemd-mount gained a new --umount switch for unmounting a mount or
automount point (and all mount/automount points below it).
* systemd will now refuse full configuration reloads (via systemctl
daemon-reload and related calls) unless at least 16MiB of free space
are available in /run. This is a safety precaution in order to ensure
that generators can safely operate after the reload completed.
* A new unit file option RootImage= has been added, which has a similar
effect as RootDirectory= but mounts the service's root directory from
a disk image instead of plain directory. This logic reuses the same
image dissection and mount logic that systemd-nspawn already uses,
and hence supports any disk images systemd-nspawn supports, including
those following the Discoverable Partition Specification, as well as
Verity enabled images. This option enables systemd to run system
services directly off disk images acting as resource bundles,
possibly even including full integrity data.
* A new MountAPIVFS= unit file option has been added, taking a boolean
argument. If enabled /proc, /sys and /dev (collectively called the
"API VFS") will be mounted for the service. This is only relevant if
RootDirectory= or RootImage= is used for the service, as these mounts
are of course in place in the host mount namespace anyway.
* systemd-nspawn gained support for a new --pivot-root= switch. If
specified the root directory within the container image is pivoted to
the specified mount point, while the original root disk is moved to a
different place. This option enables booting of ostree images
directly with systemd-nspawn.
* The systemd build scripts will no longer complain if the NTP server
addresses are not changed from the defaults. Google now supports
these NTP servers officially. We still recommend downstreams to
properly register an NTP pool with the NTP pool project though.
* coredumpctl gained a new "--reverse" option for printing the list
of coredumps in reverse order.
* coredumpctl will now show additional information about truncated and
inaccessible coredumps, as well as coredumps that are still being
processed. It also gained a new --quiet switch for suppressing
additional informational message in its output.
* coredumpctl gained support for only showing coredumps newer and/or
older than specific timestamps, using the new --since= and --until=
options, reminiscent of journalctl's options by the same name.
* The systemd-coredump logic has been improved so that it may be reused
to collect backtraces in non-compiled languages, for example in
scripting languages such as Python.
* machinectl will now show the UID shift of local containers, if user
namespacing is enabled for them.
* systemd will now optionally run "environment generator" binaries at
configuration load time. They may be used to add environment
variables to the environment block passed to services invoked. One
user environment generator is shipped by default that sets up
environment variables based on files dropped into /etc/environment.d
and ~/.config/environment.d/.
* systemd-resolved now includes the new, recently published 2017 DNSSEC
root key (KSK).
* hostnamed has been updated to report a new chassis type of
"convertible" to cover "foldable" laptops that can both act as a
tablet and as a laptop, such as various Lenovo Yoga devices.
Contributions from: Adrián López, Alexander Galanin, Alexander
Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
Тихонов
— Berlin, 2017-03-01
CHANGES WITH 232:
* udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
RestrictAddressFamilies= enabled. These sandboxing options should
generally be compatible with the various external udev call-out
binaries we are aware of, however there may be exceptions, in
particular when exotic languages for these call-outs are used. In
this case, consider turning off these settings locally.
* The new RemoveIPC= option can be used to remove IPC objects owned by
the user or group of a service when that service exits.
* The new ProtectKernelModules= option can be used to disable explicit
load and unload operations of kernel modules by a service. In
addition access to /usr/lib/modules is removed if this option is set.
* ProtectSystem= option gained a new value "strict", which causes the
whole file system tree with the exception of /dev, /proc, and /sys,
to be remounted read-only for a service.
* The new ProtectKernelTunables= option can be used to disable
modification of configuration files in /sys and /proc by a service.
Various directories and files are remounted read-only, so access is
restricted even if the file permissions would allow it.
* The new ProtectControlGroups= option can be used to disable write
access by a service to /sys/fs/cgroup.
* Various systemd services have been hardened with
ProtectKernelTunables=yes, ProtectControlGroups=yes,
RestrictAddressFamilies=.
* Support for dynamically creating users for the lifetime of a service
has been added. If DynamicUser=yes is specified, user and group IDs
will be allocated from the range 61184..65519 for the lifetime of the
service. They can be resolved using the new nss-systemd.so NSS
module. The module must be enabled in /etc/nsswitch.conf. Services
started in this way have PrivateTmp= and RemoveIPC= enabled, so that
any resources allocated by the service will be cleaned up when the
service exits. They also have ProtectHome=read-only and
ProtectSystem=strict enabled, so they are not able to make any
permanent modifications to the system.
* The nss-systemd module also always resolves root and nobody, making
it possible to have no /etc/passwd or /etc/group files in minimal
container or chroot environments.
* Services may be started with their own user namespace using the new
boolean PrivateUsers= option. Only root, nobody, and the uid/gid
under which the service is running are mapped. All other users are
mapped to nobody.
* Support for the cgroup namespace has been added to systemd-nspawn. If
supported by kernel, the container system started by systemd-nspawn
will have its own view of the cgroup hierarchy. This new behaviour
can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
* The new MemorySwapMax= option can be used to limit the maximum swap
usage under the unified cgroup hierarchy.
* Support for the CPU controller in the unified cgroup hierarchy has
been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
options. This controller requires out-of-tree patches for the kernel
and the support is provisional.
* Mount and automount units may now be created transiently
(i.e. dynamically at runtime via the bus API, instead of requiring
unit files in the file system).
* systemd-mount is a new tool which may mount file systems – much like
mount(8), optionally pulling in additional dependencies through
transient .mount and .automount units. For example, this tool
automatically runs fsck on a backing block device before mounting,
and allows the automount logic to be used dynamically from the
command line for establishing mount points. This tool is particularly
useful when dealing with removable media, as it will ensure fsck is
run – if necessary – before the first access and that the file system
is quickly unmounted after each access by utilizing the automount
logic. This maximizes the chance that the file system on the
removable media stays in a clean state, and if it isn't in a clean
state is fixed automatically.
* LazyUnmount=yes option for mount units has been added to expose the
umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
option.
* /efi will be used as the mount point of the EFI boot partition, if
the directory is present, and the mount point was not configured
through other means (e.g. fstab). If /efi directory does not exist,
/boot will be used as before. This makes it easier to automatically
mount the EFI partition on systems where /boot is used for something
else.
* When operating on GPT disk images for containers, systemd-nspawn will
now mount the ESP to /boot or /efi according to the same rules as PID
1 running on a host. This allows tools like "bootctl" to operate
correctly within such containers, in order to make container images
bootable on physical systems.
* disk/by-id and disk/by-path symlinks are now created for NVMe drives.
* Two new user session targets have been added to support running
graphical sessions under the systemd --user instance:
graphical-session.target and graphical-session-pre.target. See
systemd.special(7) for a description of how those targets should be
used.
* The vconsole initialization code has been significantly reworked to
use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
support unicode keymaps. Font and keymap configuration will now be
copied to all allocated virtual consoles.
* FreeBSD's bhyve virtualization is now detected.
* Information recorded in the journal for core dumps now includes the
contents of /proc/mountinfo and the command line of the process at
the top of the process hierarchy (which is usually the init process
of the container).
* systemd-journal-gatewayd learned the --directory= option to serve
files from the specified location.
* journalctl --root=… can be used to peruse the journal in the
/var/log/ directories inside of a container tree. This is similar to
the existing --machine= option, but does not require the container to
be active.
* The hardware database has been extended to support
ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
trackball devices.
MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
specify the click rate for mice which include a horizontal wheel with
a click rate that is different than the one for the vertical wheel.
* systemd-run gained a new --wait option that makes service execution
synchronous. (Specifically, the command will not return until the
specified service binary exited.)
* systemctl gained a new --wait option that causes the start command to
wait until the units being started have terminated again.
* A new journal output mode "short-full" has been added which displays
timestamps with abbreviated English day names and adds a timezone
suffix. Those timestamps include more information than the default
"short" output mode, and can be passed directly to journalctl's
--since= and --until= options.
* /etc/resolv.conf will be bind-mounted into containers started by
systemd-nspawn, if possible, so any changes to resolv.conf contents
are automatically propagated to the container.
* The number of instances for socket-activated services originating
from a single IP address can be limited with
MaxConnectionsPerSource=, extending the existing setting of
MaxConnections=.
* systemd-networkd gained support for vcan ("Virtual CAN") interface
configuration.
* .netdev and .network configuration can now be extended through
drop-ins.
* UDP Segmentation Offload, TCP Segmentation Offload, Generic
Segmentation Offload, Generic Receive Offload, Large Receive Offload
can be enabled and disabled using the new UDPSegmentationOffload=,
TCPSegmentationOffload=, GenericSegmentationOffload=,
GenericReceiveOffload=, LargeReceiveOffload= options in the
[Link] section of .link files.
* The Spanning Tree Protocol, Priority, Aging Time, and the Default
Port VLAN ID can be configured for bridge devices using the new STP=,
Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
section of .netdev files.
* The route table to which routes received over DHCP or RA should be
added can be configured with the new RouteTable= option in the [DHCP]
and [IPv6AcceptRA] sections of .network files.
* The Address Resolution Protocol can be disabled on links managed by
systemd-networkd using the ARP=no setting in the [Link] section of
.network files.
* New environment variables $SERVICE_RESULT, $EXIT_CODE and
$EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
encode information about the result and exit codes of the current
service runtime cycle.
* systemd-sysctl will now configure kernel parameters in the order
they occur in the configuration files. This matches what sysctl
has been traditionally doing.
* kernel-install "plugins" that are executed to perform various
tasks after a new kernel is added and before an old one is removed
can now return a special value to terminate the procedure and
prevent any later plugins from running.
* Journald's SplitMode=login setting has been deprecated. It has been
removed from documentation, and its use is discouraged. In a future
release it will be completely removed, and made equivalent to current
default of SplitMode=uid.
* Storage=both option setting in /etc/systemd/coredump.conf has been
removed. With fast LZ4 compression storing the core dump twice is not
useful.
* The --share-system systemd-nspawn option has been replaced with an
(undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
this functionality is discouraged. In addition the variables
$SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
$SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
individual namespaces.
* "machinectl list" now shows the IP address of running containers in
the output, as well as OS release information.