picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NEWS: shorten/reword some things

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-10-05 13:29:37 +02:00
parent 5a8d00e8ca
commit b182195acc
1 changed files with 154 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

313
NEWS
View File

@ -8,14 +8,15 @@ CHANGES WITH 247 in spe:
and propagate these new event types. The introduction of these new
uevents (which are typically generated for USB devices and devices
needing a firmware upload before being functional) resulted in a
number of software issues, we so far didn't address (mostly because
there was hope the kernel maintainers would themselves address these
issues in some form which did not happen). To handle them properly,
many (if not most) udev rules files shipped in various packages need
updating, and so do many programs that monitor or enumerate devices
with libudev or sd-device, or otherwise process uevents. Please note
that this incompatibility is not fault of systemd or udev, but caused
by an incompatible kernel change that happened back in Linux 4.12.
number of issues which we so far didn't address. We hoped the kernel
maintainers would themselves address these issues in some form, but
that did not happen. To handle them properly, many (if not most) udev
rules files shipped in various packages need updating, and so do many
programs that monitor or enumerate devices with libudev or sd-device,
or otherwise process uevents. Please note that this incompatibility
is not fault of systemd or udev, but caused by an incompatible kernel
change that happened back in Linux 4.12, but is becoming more and
more visible as the new uvents are generated by more kernel drivers.
To minimize issues resulting from this kernel change (but not avoid
them entirely) starting with systemd-udevd 247 the udev "tags"
@ -40,8 +41,8 @@ CHANGES WITH 247 in spe:
device. To accommodate for this a new automatic property CURRENT_TAGS
has been added that works similar to the existing TAGS property but
only lists tags set by the most recent uevent/database
update. Similar, the libudev/sd-device API has been updated with new
functions to enumerate these 'current' tags, in addition to the
update. Similarly, the libudev/sd-device API has been updated with
new functions to enumerate these 'current' tags, in addition to the
existing APIs that now enumerate the 'sticky' ones.
To properly handle "bind"/"unbind" on Linux 4.12 and newer it is
@ -53,12 +54,12 @@ CHANGES WITH 247 in spe:
ACTION=="remove",GOTO="xyz_end" instead, so that the
properties/tags they add are also applied whenever "bind" (or
"unbind") is seen. (This is most important for all physical device
types — as that's for which "bind" and "unbind" are currently
usually generated, for all other device types this change is still
types — those for which "bind" and "unbind" are currently
generated, for all other device types this change is still
recommended but not as important — but certainly prepares for
future kernel uevent type additions).
• Similar, all code monitoring devices that contains an 'if' branch
• Similarly, all code monitoring devices that contains an 'if' branch
discerning the "add" + "change" uevent actions from all other
uevents actions (i.e. considering devices only relevant after "add"
or "change", and irrelevant on all other events) should be reworked
@ -86,10 +87,10 @@ CHANGES WITH 247 in spe:
behaviour change.
* The MountAPIVFS= service file setting now defaults to on if
RootImage= and RootDirectory= are used, ensuring that use of these
two settings ensures /proc/, /sys/ and /dev/ are properly set up for
services. By explicitly turning off these settings old behaviour may
be restored.
RootImage= and RootDirectory= are used, which means that with those
two settings /proc/, /sys/ and /dev/ are automatically properly set
up for services. Previous behaviour may be restored by explicitly
setting MountAPIVFS=off.
* Since PAM 1.2.0 (2015) configuration snippets may be placed in
/usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
@ -103,9 +104,7 @@ CHANGES WITH 247 in spe:
packages' vendor versions of their PAM stack definitions from
/etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
desired the location to which systemd installs its PAM stack
configuration file may be changed via the "pamconfdir" meson variable
at build time, optionally undoing this change of default paths
introduced with systemd 247.
configuration may be changed via the -Dpamconfdir Meson option.
* The runtime dependencies on libqrencode, libpcre2, libpwquality and
libcryptsetup have been changed to be based on dlopen(): instead of
@ -119,12 +118,11 @@ CHANGES WITH 247 in spe:
of these "weak" dependencies should they be installed. Since many
package managers automatically synthesize package dependencies from
ELF shared library dependencies, some additional manual packaging
work has to be done now to replace this (and the dependencies
downgraded slightly from "required" to "recommended" or whatever is
conceptually suitable for the used package manager). Note that this
change does not alter build-time behaviour: as before the build-time
dependencies have to be installed during build, even if they now are
optional during runtime.
work has to be done now to replace those (slightly downgraded from
"required" to "recommended" or whatever is conceptually suitable for
the package manager). Note that this change does not alter build-time
behaviour: as before the build-time dependencies have to be installed
during build, even if they now are optional during runtime.
* sd-event.h gained a new call sd_event_add_time_relative() for
installing timers relative to the current time. This is mostly a
@ -139,8 +137,8 @@ CHANGES WITH 247 in spe:
mounting additional disk images into the file system tree accessible
to the service.
* systemd-repart now optionally outputs what it does in JSON format,
using the new --json= switch.
* systemd-repart now generates JSON output when requested with the new
--json= switch.
* systemd-machined's OpenMachineShell() bus call will now pass
additional policy metadata data fields to the PolicyKit
@ -154,21 +152,21 @@ CHANGES WITH 247 in spe:
created or modified, since those mount points should probably remain
empty.
* systemd-tmpfiles gained a new --image= switch which is like --root=
but takes a disk image instead of a directory as argument. If
specified the disk image is mounted (inside a temporary mount
namespace) and the tmpfiles.d/ drop-ins stored in the image executed
and applied to the image. Similar, systemd-sysusers gained a new
--image= switch, that allows applying the sysusers.d/ drop-ins stored
in the image onto the image.
* systemd-tmpfiles gained a new --image= switch which is like --root=,
but takes a disk image instead of a directory as argument. The
specified disk image is mounted inside a temporary mount namespace
and the tmpfiles.d/ drop-ins stored in the image are executed and
applied to the image. systemd-sysusers similarly gained a new
--image= switch, that allows the sysusers.d/ drop-ins stored in the
image to be applied onto the image.
* Similar, the journalctl command also gained an --image= switch, which
is a quick one-step solution to look at the log data included in OS
disk images.
* Similarly, the journalctl command also gained an --image= switch,
which is a quick one-step solution to look at the log data included
in OS disk images.
* journalctl's --output=cat option (which outputs the log content
without any metadata, just the pure text messages) will now make use
of terminal colors when run on a suitable terminal, similar to the
of terminal colors when run on a suitable terminal, similarly to the
other output modes.
* JSON group records now support a "description" string that may be
@ -178,15 +176,14 @@ CHANGES WITH 247 in spe:
* The "systemd-dissect" tool that may be used to inspect OS disk images
and that was previously installed to /usr/lib/systemd/ has now been
moved to /usr/bin/, reflecting that it's now considered an officially
moved to /usr/bin/, reflecting its updated status of an officially
supported tool with a stable interface. It gained support for a new
--mkdir switch which when combined with --mount has the effect of
creating the directory to mount the image to if it is missing
first. It also gained two new commands --copy-from and --copy-to for
copying files and directories in and out of an OS image without the
need to manually mount it. It also acquired support for a new option
--json= which controls whether to generate JSON output when
inspecting an OS image.
--json= to generate JSON output when inspecting an OS image.
* The cgroup2 file system is now mounted with the
"memory_recursiveprot" mount option, supported since kernel 5.7. This
@ -195,28 +192,27 @@ CHANGES WITH 247 in spe:
* systemd-homed now defaults to using the btrfs file system — if
available — when creating home directories in LUKS volumes. This may
be changed with the DefaultFileSystemType= setting in
homed.conf. It's now the default file system in various major
distributions and has the major benefit for homed that it can be both
grown and shrunk while mounted, unlike the other contenders ext4 and
xfs, which can both be grown online, but not shrunk (in fact xfs is
the technically most limited option here, as it cannot be shrunk at
all).
be changed with the DefaultFileSystemType= setting in homed.conf.
It's now the default file system in various major distributions and
has the major benefit for homed that it can be grown and shrunk while
mounted, unlike the other contenders ext4 and xfs, which can both be
grown online, but not shrunk (in fact xfs is the technically most
limited option here, as it cannot be shrunk at all).
* JSON user records managed by systemd-homed gained support for
"recovery keys". These are basically secondary passphrases that can
unlock user accounts/home directories, which are computer-generated
rather than user-chosen, and typically have greater
entropy. homectl's --recovery-key= option may be used to add a
recovery key to a user account. The generated recovery key is
displayed as QR code, so that it can be scanned off screen to be kept
at a safe place. This concept is particularly useful in combination
with systemd-homed's support for FIDO2 or PKCS#11 authentication, as
a secure fallback in case the security tokens are lost. Recovery keys
may be entered wherever the system asks for a password.
unlock user accounts/home directories. They are computer-generated
rather than user-chosen, and typically have greater entropy.
homectl's --recovery-key= option may be used to add a recovery key to
a user account. The generated recovery key is displayed as a QR code,
so that it can be scanned to be kept in a safe place. This feature is
particularly useful in combination with systemd-homed's support for
FIDO2 or PKCS#11 authentication, as a secure fallback in case the
security tokens are lost. Recovery keys may be entered wherever the
system asks for a password.
* systemd-homed now maintains a "dirty" flag for each LUKS encrypted
home directory that indicates whether a home directory has been
home directory which indicates that a home directory has not been
deactivated cleanly when offline. This flag is useful to identify
home directories for which the offline discard logic did not run when
offlining, and where it would be a good idea to log in again to catch
@ -231,29 +227,28 @@ CHANGES WITH 247 in spe:
* systemd-nspawn has been reworked to use the /run/host/incoming/ as
place to use for propagating external mounts into the
container. Similar /run/host/notify is now used as socket path for
container payloads to communicate with the container manager using
sd_notify(). In the /run/host/inaccessible/ directory the container
manager now places "inaccessible" file nodes of all relevant types
which may be used by the container payload as bind mount source to
over-mount inodes that shall be made inaccessible
with. /run/host/container-manager will now be initialized to the same
string that the $container environment variable passed to the
container's PID 1 contains. /run/host/container-uuid will be
initialized to the same string $container_uuid is set to. This means
the /run/host/ hierarchy is now the primary way how host resources
are made available to containers. The Container Interface documents
these new files and directories:
container. Similarly /run/host/notify is now used as the socket path
for container payloads to communicate with the container manager
using sd_notify(). The container manager now uses the
/run/host/inaccessible/ directory to place "inaccessible" file nodes
of all relevant types which may be used by the container payload as
bind mount source to over-mount inodes to make them inaccessible.
/run/host/container-manager will now be initialized with the same
string as the $container environment variable passed to the
container's PID 1. /run/host/container-uuid will be initialized with
the same string as $container_uuid. This means the /run/host/
hierarchy is now the primary way to make host resources available to
the container. The Container Interface documents these new files and
directories:
https://systemd.io/CONTAINER_INTERFACE
* Support for the "ConditionNull=" unit file condition has been
removed. It has been deprecated and undocumented for 6 years
now. systemd started to warn about its use 1.5 years ago. It has now
been removed entirely.
deprecated and undocumented for 6 years. systemd started to warn
about its use 1.5 years ago. It has now been removed entirely.
* If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
systemd-nspawn all system call filter collisions will be logged by
systemd-nspawn all system call filter violations will be logged by
the kernel (audit). This is useful for tracking down system calls
invoked by container payloads that are prohibited by the container's
system call filter policy.
@ -264,7 +259,7 @@ CHANGES WITH 247 in spe:
useful in cases where multiple errors shall be handled the same way.
* A new system call filter list "@known" has been added, that contains
all system calls known at build-time of systemd.
all system calls known at the time systemd was built.
* Behaviour of system call filter allow lists has changed slightly:
system calls that are contained in @known will result in a EPERM by
@ -276,24 +271,22 @@ CHANGES WITH 247 in spe:
applications.
* Two new unit file settings ProtectProc= and ProcSubset= have been
added that expose the hidepid= and subset= mount options of
procfs. When used on services all processes inside it will only see
processes in /proc that are are owned by the service's user
themselves. This is an important new sandboxing option that is
recommended to be set on all system services where that's
possible. All long-running system services that are included in
systemd itself set this option now. This option is only supported on
kernel 5.8 and above, since the hidepid= option supported on older
kernels was not a per-mount option but actually applied to the whole
PID namespace.
added that expose the hidepid= and subset= mount options of procfs.
All processes of the unit will only see processes in /proc that are
are owned by the unit's user. This is an important new sandboxing
option that is recommended to be set on all system services. All
long-running system services that are included in systemd itself set
this option now. This option is only supported on kernel 5.8 and
above, since the hidepid= option supported on older kernels was not a
per-mount option but actually applied to the whole PID namespace.
* Socket units gained a new boolean setting FlushPending=. If enabled
all pending socket data/connections are flushed whenever the socket
unit enters the "listening" state, i.e. after the associated service
exited.
* The unit file setting NUMAMask= gained a new "all" value: if set, all
existing NUMA nodes are added to the NUMA mask.
* The unit file setting NUMAMask= gained a new "all" value: when used,
all existing NUMA nodes are added to the NUMA mask.
* A new "credentials" logic has been added to system services. This is
a simple mechanism to pass privileged data to services in a safe and
@ -302,61 +295,61 @@ CHANGES WITH 247 in spe:
private information such as user names, certificates, and similar to
system services. Each credential is identified by a short user-chosen
name and may contain arbitrary binary data. Two new unit file
settings have been added for this: SetCredential= and
LoadCredential=. The former allows setting a credential to a literal
string, the latter sets a credential to the contents of a file (or
data read from a user-chosen AF_UNIX stream socket). Credentials are
passed to the service via a special credentials directory whose path
is passed in the new $CREDENTIALS_DIRECTORY environment variable,
which contains one file for each credential. Since the credentials
settings have been added: SetCredential= and LoadCredential=. The
former allows setting a credential to a literal string, the latter
sets a credential to the contents of a file (or data read from a
user-chosen AF_UNIX stream socket). Credentials are passed to the
service via a special credentials directory, one file for each
credential. The path to the credentials directory is passed in a new
$CREDENTIALS_DIRECTORY environment variable. Since the credentials
are passed in the file system they may be easily referenced in
ExecStart= command lines too, thus not requiring any explicit support
for the credentials logic in daemons (though ideally daemons would
look for the bits they need in $CREDENTIALS_DIRECTORY themselves
automatically, if set). The $CREDENTIALS_DIRECTORY is backed by
unswappable memory (if privileges allow it), is immutable (also if
privileges allow it), is accessible only to the service's UID, and is
automatically destroyed when the service goes down.
ExecStart= command lines too, thus no explicit support for the
credentials logic in daemons is required (though ideally daemons
would look for the bits they need in $CREDENTIALS_DIRECTORY
themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
backed by unswappable memory if privileges allow it, immutable if
privileges allow it, is accessible only to the service's UID, and is
automatically destroyed when the service stops.
* systemd-nspawn supports the same credentials logic. It can both
consume credentials passed to it via the aforementioned
$CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
to its payload. The service manager/PID 1 has been updated to match
this: it can also accept credentials from the container manager that
invokes it (in fact: any process that invokes it), and pass it on to
its services. Thus, credentials can be propagated fully down the
tree: from a system's service manager to a systemd-nspawn service, to
the service manager tat runs as container payload and to the service
it runs below. Credentials may also be added on the systemd-nspawn
command line, using the new --set-credential= and --load-credential=
command line switches, that match the aforementioned service
settings.
invokes it (in fact: any process that invokes it), and passes them on
to its services. Thus, credentials can be propagated recursively down
the tree: from a system's service manager to a systemd-nspawn
service, to the service manager that runs as container payload and to
the service it runs below. Credentials may also be added on the
systemd-nspawn command line, using new --set-credential= and
--load-credential= command line switches that match the
aforementioned service settings.
* systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
the partition drop-ins which may be used to format/LUKS
encrypt/populate any created partitions. The partitions are
encrypted/formatted/populated before they are registered in the
partition table, so that they appear "atomically": either the
partitions do not exist yet or they exist fully
encrypted/formatted/populated — there is no time window where they
are "half-initialized". Thus the system is robust to abrupt shutdown:
if the tool is terminated half-way during its operations on next boot
it will start from the beginning.
partition table, so that they appear atomically: either the
partitions do not exist yet or they exist fully encrypted, formatted,
and populated — there is no time window where they are
"half-initialized". Thus the system is robust to abrupt shutdown: if
the tool is terminated half-way during its operations on next boot it
will start from the beginning.
* systemd-repart's --size= operation gained a new "auto" value. If
specified, and operating on a loopback file it is automatically sized
to the minimal size the size constraints permit. This is useful to
use "systemd-repart" as an image builder for minimally sized images.
* systemd-resolved now supports a third IPC interface for requesting
name resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
interface is now supported. The nss-resolve NSS modules has been
modified to use this new interface instead of D-Bus now. Using
Varlink has a major benefit over D-Bus: it works without a broker
service, and thus already during earliest boot, before dbus-daemon is
invoked (which is a late boot service). This means name resolution
via systemd-resolved now works at the same time systemd-networkd
operates: from earliest boot on, including in the initrd.
* systemd-resolved now gained a third IPC interface for requesting name
resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
interface is now supported. The nss-resolve NSS module has been
modified to use this new interface instead of D-Bus. Using Varlink
has a major benefit over D-Bus: it works without a broker service,
and thus already during earliest boot, before the dbus daemon has
been started. This means name resolution via systemd-resolved now
works at the same time systemd-networkd operates: from earliest boot
on, including in the initrd.
* systemd-resolved gained support for a new DNSStubListenerExtra=
configuration file setting which may be used to specify additional IP
@ -366,8 +359,8 @@ CHANGES WITH 247 in spe:
* Name lookups issued via systemd-resolved's D-Bus and Varlink
interfaces (and thus also via glibc NSS if nss-resolve is used) will
now honour a trailing dot in the hostname: if specified the search
path logic is turned off. Thus "resolvectl query foo.bar." is now
equivalent to "resolvectl query --search=off foo.bar".
path logic is turned off. Thus "resolvectl query foo." is now
equivalent to "resolvectl query --search=off foo.".
* systemd-resolved gained a new D-Bus property "ResolvConfMode" that
exposes how /etc/resolv.conf is currently managed: by resolved (and
@ -375,14 +368,16 @@ CHANGES WITH 247 in spe:
this property in its status output.
* The resolv.conf snippets systemd-resolved provides will now set "."
as search domain if no other search domain is known. This turns off
behaviour in glibc that an implicit search domain is derived from the
local system's hostname if it is set to an FQDN.
as the search domain if no other search domain is known. This turns
off the derivation of an implicit search domain by nss-dns for the
hostname, when the hostname is set to an FQDN. This change is done to
make nss-dns using resolv.conf provided by systemd-resolved behave
more similarly to nss-resolve.
* systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
/tmp/ and /var/tmp/ based on file timestamps) now looks at the
"birth" time (btime) of a file in addition to the atime, mtime,
ctime, to determine if it should be kept or deleted.
"birth" time (btime) of a file in addition to the atime, mtime, and
ctime.
* systemd-analyze gained a new verb "capability" that lists all known
capabilities by the systemd build and by the kernel.
@ -395,12 +390,12 @@ CHANGES WITH 247 in spe:
having to rebuild systemd.
* systemd-logind will now listen to the KEY_RESTART key from the Linux
input layer and reboot the system if it is pressed, similar to how it
already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART was
originally defined in a Multimedia context (to restart playback of a
song or film), but is now primarily used in various embedded devices
for "Reboot" buttons. Accordingly, systemd-logind will now honour it
as such. This may configured in more detail via the new
input layer and reboot the system if it is pressed, similarly to how
it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
was originally defined in the Multimedia context (to restart playback
of a song or film), but is now primarily used in various embedded
devices for "Reboot" buttons. Accordingly, systemd-logind will now
honour it as such. This may configured in more detail via the new
HandleRebootKey= and RebootKeyIgnoreInhibited=.
* systemd-nspawn/systemd-machined will now reconstruct hardlinks when
@ -424,12 +419,12 @@ CHANGES WITH 247 in spe:
now be marked to be independent of any underlying network interface
via the new Independent= boolean setting.
* systemctl gained support for two new verbs: "log-level" and
"log-target" which may be used on services that implement the generic
org.freedesktop.LogControl1 D-Bus interface for dynamically adjusting
the log level and target. All of systemd's long-running services
support this now, but ideally any system service would implement this
interface to make the system more uniformly inspectable and
* systemctl gained support for two new verbs: "service-log-level" and
"service-log-target" may be used on services that implement the
generic org.freedesktop.LogControl1 D-Bus interface to dynamically
adjust the log level and target. All of systemd's long-running
services support this now, but ideally all system services would
implement this interface to make the system more uniformly
debuggable.
* The SystemCallErrorNumber= unit file setting now accepts the new
@ -441,7 +436,7 @@ CHANGES WITH 247 in spe:
list of syscalls that shall be logged about (audit).
* The OS image dissection logic (as used by RootImage= in unit files or
systemd-nspawn's --image= switch) has learnt support for identifying
systemd-nspawn's --image= switch) has gained support for identifying
and mounting explicit /usr/ partitions, which are now defined in the
discoverable partition specification. This should be useful for
environments where the root file system is
@ -461,21 +456,21 @@ CHANGES WITH 247 in spe:
will now log the thread ID in their log output. This is useful when
working with heavily threaded programs.
* If the SYSTEMD_RDRAND enviroment variable is set to "0" systemd's use
of the RDRAND CPU instruction is disabled. This is useful in
environments such as replay debuggers where CPU level
non-deterministic behaviour is not desirable.
* If the SYSTEMD_RDRAND enviroment variable is set to "0", systemd will
not use the RDRAND CPU instruction. This is useful in environments
such as replay debuggers where non-deterministic behaviour is not
desirable.
* When building systemd the Meson option
"compat-mutable-uid-boundaries" may now be specified. If so systemd
reads the system UID boundaries from /etc/login.defs, instead of using
the built-in values selected during build-time. This is an option to
improve compatibility for upgrades from old systems. It's strongly
recommended not to make use of this functionality on new systems (or
even enable it during build), as it makes something
runtime-configurable that is mostly an implementation detail of the
OS, and permits avoidable differences in deployments that create all
kinds of problems in the long run.
-Dcompat-mutable-uid-boundaries may now be specified. If enabled,
systemd reads the system UID boundaries from /etc/login.defs, instead
of using the built-in values selected during build-time. This is an
option to improve compatibility for upgrades from old systems. It's
strongly recommended not to make use of this functionality on new
systems (or even enable it during build), as it makes something
runtime-configurable that is mostly an implementation detail of the
OS, and permits avoidable differences in deployments that create all
kinds of problems in the long run.
CHANGES WITH 246: