picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NEWS: bring NEWS a bit up-to-date

This commit is contained in:
Lennart Poettering 2016-05-06 16:55:44 +02:00
parent b37bf74411
commit e40a326cef
2 changed files with 126 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
NEWS
View File

@ -17,25 +17,29 @@ CHANGES WITH 230 in spe:
might be systems we do not cover yet. Hence: please help us testing might be systems we do not cover yet. Hence: please help us testing
the DNSSEC code, leave this on where you can, report back, but then the DNSSEC code, leave this on where you can, report back, but then
again don't consider turning this on in your stable, LTS or again don't consider turning this on in your stable, LTS or
production release just yet. production release just yet. (Note that you have to enable
nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
and its DNSSEC mode for host name resolution from local
applications.)
* systemd-resolve conveniently resolves DANE records with the --tlsa * systemd-resolve conveniently resolves DANE records with the --tlsa
option and OPENPGPKEY records with the --openpgp option. option and OPENPGPKEY records with the --openpgp option. It also
supports dumping raw DNS record data via the new --raw= switch now.
* systemd-logind will now by default terminate user processes that are * systemd-logind will now by default terminate user processes that are
part of the user session scope unit (session-XX.scope) when the user part of the user session scope unit (session-XX.scope) when the user
logs out. This behaviour is controlled by the logs out. This behaviour is controlled by the KillUserProcesses=
KillUserProcesses=yes|no setting in logind.conf, and previous default setting in logind.conf, and the previous default of "no" is now
of "no" is now changed to "yes". This means that user sessions will changed to "yes". This means that user sessions will be properly
be properly cleaned up after, but additional steps are necessary to cleaned up after, but additional steps are necessary to allow
allow intentionally long-running processes to survive logout. intentionally long-running processes to survive logout.
While the user is logged in at least once, user@.service is running, While the user is logged in at least once, user@.service is running,
and any service that should survive the end of any individual login and any service that should survive the end of any individual login
session can be started at a user service or scope using systemd-run. session can be started at a user service or scope using systemd-run.
systemd-run(1) man page has been extended with an example which systemd-run(1) man page has been extended with an example which shows
shows how to run screen in a scope unit underneath user@.service. how to run screen in a scope unit underneath user@.service. The same
The same command works for tmux. command works for tmux.
After the user logs out of all sessions, user@.service will be After the user logs out of all sessions, user@.service will be
terminated too, by default, unless the user has "lingering" enabled. terminated too, by default, unless the user has "lingering" enabled.
@ -45,36 +49,38 @@ CHANGES WITH 230 in spe:
set lingering for themselves without authentication. set lingering for themselves without authentication.
Previous defaults can be restored at compile time by the Previous defaults can be restored at compile time by the
--without-kill-user-processes option. --without-kill-user-processes option to "configure".
* The unified cgroup hierarchy added in Linux 4.5 is now supported. * The unified cgroup hierarchy added in Linux 4.5 is now supported.
Use systemd.unified_cgroup_hierarchy=1 on the kernel command line Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
to enable. enable.
WARNING: it is not possible to use previous systemd versions with WARNING: it is not possible to use previous systemd versions with
systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
is necessary to also update systemd in the initramfs if using the is necessary to also update systemd in the initramfs if using the
unified hierarchy. Updated selinux policy is also required. unified hierarchy. An updated SELinux policy is also required.
* LLDP support has been extended, and both passive (receive-only) * LLDP support has been extended, and both passive (receive-only) and
and active (sender) modes are supported. Passive mode active (sender) modes are supported. Passive mode ("routers-only") is
("routers-only") is enabled by default in systemd-networkd. enabled by default in systemd-networkd. Active LLDP mode is enabled
Active LLDP mode is enabled by default for containers on the by default for containers on the internal network. The "networkctl
internal network. lldp" command may be used to list information gathered. "networkctl
"networkctl lldp" can be used to list information gathered. status" will also show basic LLDP information on connected peers now.
* Headers for LLDP support (sd-lldp.h) are now public. * The IAID and DUID unique identifier sent in DHCP requests may now be
configured for the system and each .network file managed by
systemd-networkd.
* The Unique Identifier sent in DHCP requests can be configured. * The testing tool /usr/lib/systemd/systemd-activate is renamed to
* Testing tool /usr/lib/systemd/systemd-activate is renamed to
systemd-socket-activate and installed into /usr/bin. It is now fully systemd-socket-activate and installed into /usr/bin. It is now fully
supported. supported.
* systemd-journald now uses separate threads to flush changes to * systemd-journald now uses separate threads to flush changes to disk
disk when closing journal files. when closing journal files, thus reducing impact of slow disk I/O on
logging performance.
* systemd-ask-password skips printing of the password to stdout * systemd-ask-password now optionally skips printing of the password to
with --no-output which can be useful in scripts. stdout with --no-output which can be useful in scripts.
* Framebuffer devices (/dev/fb*) and 3D printers and scanners * Framebuffer devices (/dev/fb*) and 3D printers and scanners
(devices tagged with ID_MAKER_TOOL) are now tagged with (devices tagged with ID_MAKER_TOOL) are now tagged with
@ -83,18 +89,98 @@ CHANGES WITH 230 in spe:
* systemd-bootchart has been split out to a separate repository: * systemd-bootchart has been split out to a separate repository:
https://github.com/systemd/systemd-bootchart https://github.com/systemd/systemd-bootchart
* Compatibility libraries libsystemd-daemon.so, libsystemd-journal.so, * The compatibility libraries libsystemd-daemon.so,
libsystemd-id128.so, and libsystemd-login.so which have been libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
deprecated since systemd-209 have been removed along along with the which have been deprecated since systemd-209 have been removed along
corresponding pkg-config files. All symbols provided by the those with the corresponding pkg-config files. All symbols provided by the
libraries are provided by libsystemd.so. those libraries are provided by libsystemd.so.
* Capabilities= setting has been removed (it is ignored for backwards * The Capabilities= unit file setting has been removed (it is ignored
compatibility). AmbientCapabilities= and CapabilityBoundingSet= for backwards compatibility). AmbientCapabilities= and
should be used instead. CapabilityBoundingSet= should be used instead.
* systemd-bus-proxyd has been removed, as kdbus will not be merged * "systemctl show" gained a new --value switch, which allows print a
in current form. only the contents of a specific unit property, without also printing
the property's name.
* A new command "systemctl revert" has been added that may be used to
revert to the vendor version of a unit file, in case local changes
have been made by adding drop-ins or overriding the unit file.
* "machinectl clean" gained a new verb to automatically remove all or
just hidden container images.
* systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
merged into the kernerl in its current form.
* systemd-networkd gained support for configuring proxy ARP support for
each interface, via the ProxyArp= setting in .network files. It also
gained support for configuring the multicast querier feature of
bridge devices, via the new MulticastQuerier= setting in .netdev
files. A new setting PreferredLifetime= has been added for addresses
configured in .network file to configure the lifetime intended for an
address.
* systemd-tmpfiles gained support for a new line type "e" for emptying
directories, if they exist, without creating them if they don't.
* journalctl learned a new output mode "-o short-unix" that outputs log
lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
UTC). It also gained support for a new --no-hostname setting to
suppress the hostname column in the family of "short" output modes.
* systemd-nspawn gained support for automatically patching the UID/GIDs
of the owners and the ACLs of all files and directories in a
container tree to match the UID/GID user namespacing range selected
for the container invocation. This mode is enabled via the new
--private-user-chown switch. It also gained support for automatically
choosing a free, previously unused UID/GID range when starting a
container, via the new --private-users=pick setting (which implies
--private-user-chown). Together, these options for the first time
make user namespacing for nspawn containers fully automatic and thus
deployable. The systemd-nspaw@.service template unit file has been
changed to use this functionality by default.
* The default start timeout may now be configured on the kernel command
line via systemd.default_timeout_start_sec=. It was configurable
previously via the DefaultTimeoutStartSec= option in
/etc/systemd/system.conf already.
* Socket units gaineda new TriggerLimitIntervalSec= and
TriggerLimitBurst= setting to configure a limit on the activation
rate of the socket unit.
* The LimitNICE= setting now optionally takes normal UNIX nice values
in addition to the raw integer limit value. If the specified
parameter is prefixed with "+" or "-" and is in the range -20..19 the
value is understood as UNIX nice value. If not prefixed like this it
is understood as raw RLIMIT_NICE limit.
Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford,
Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao
Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Colin Guthrie, Daniel
J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik Brueckner,
Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo Puustinen, Jakub
Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, kayrus, Klearchos
Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukáš
Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl,
michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletar,
Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, mulkieran,
muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, Nicolas
Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach, Petros
Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny
Chevalier, Samuel Tardieu, Stefan Schallenberg, Steven Siloti, Susant
Sahani, Sylvain Plantefève, Taylor Smock, tblume, Tejun Heo, Thomas
Blume, Thomas Haller, Thomas Hindoe Paaboel Andersen, Thomas
H. P. Andersen, Tobias Klauser, Tom Gundersen, Torstein Husebø, Umut
Tezduyar Lindskog, Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam),
Vladimir Panteleev, Wieland Hoffmann, Wouter Verhelst, Yu Watanabe,
Zbigniew Jędrzejewski-Szmek
— Berlin, 2016-05-XX
CHANGES WITH 229: CHANGES WITH 229:

9
TODO
View File

@ -33,11 +33,9 @@ Janitorial Clean-ups:
Features: Features:
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * IAID field must move from [Link] to [DHCP] section in .network files
* maybe: pid1: replace cgroups agent transport by AF_UNIX/SOCK_DGRAM, so that * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
we aren't hit by socket backlog exhaustion on the dbus AF_UNIX/SOCK_STREAM
socket
* journalctl: make sure -f ends when the container indicated by -M terminates * journalctl: make sure -f ends when the container indicated by -M terminates
@ -51,9 +49,6 @@ Features:
* make sure resolved can be restarted without losing pushed-in dns config * make sure resolved can be restarted without losing pushed-in dns config
* fix https://github.com/systemd/systemd/pull/2890, this shouldn't be exported
like this.
* journald: sigbus API via a signal-handler safe function that people may call * journald: sigbus API via a signal-handler safe function that people may call
from the SIGBUS handler from the SIGBUS handler