diff --git a/NEWS b/NEWS index 8d5765222e..36facf9b4f 100644 --- a/NEWS +++ b/NEWS @@ -31,10 +31,265 @@ CHANGES WITH 239 in spe: documentation. With this release the code is adjusted to match the documentation. + * systemd-tmpfiles will now print a notice whenever it encounters + tmpfiles.d/ lines referencing the /var/run/ directory. It will + recommend reworking them to use the /run/ directory instead (for + which /var/run/ is simply a symlinked compatibility alias). This is + recommended, so that systemd-tmpfiles can properly detect line + conflicts and merge lines referencing the same files by both paths, + without having to access them. + * systemctl disable/unmask/preset/preset-all cannot be used with --runtime. Previously this was allowed, but resulted in unintuitive behaviour that wasn't useful. + * sd-boot acquire new loader configuration settings for optionally + turning off Windows and MacOS boot partition discovery as well as + reboot-into-firmware menu items. It also should be able to pick a + better screen resolution for HiDPI systems, and now provides loader + configuration settings to change the resolution explicitly. + + * The systemd-resolve tool has been renamed to resolvectl (it also + remains available under the old name, for compatibility), and its + interface is now verb-based, similar in style to the other ctl + tools, such as systemctl or loginctl. Also, the tool may now be + linked to the "resolveconf" name, in which case it will take + arguments and input compatible with the Debian and FreeBSD resolvconf + tool. + + * Support for suspend-then-hibernate has been added, i.e. a sleep mode + where the system initially suspends, and after a time-out resumes and + hibernates again. + + * networkd's ClientIdentifier= now accepts a new option "duid-only". If + set the client will only send a DUID as client identifier. + + * The nss-systemd glibc NSS module will now enumerate dynamic users and + groups in effect. Previously, it could resolve UIDs/GIDs to user + names/groups and vice versa, but did not support enumeration. + + * journald's Compress= configuration setting now optionally accepts a + byte threshold value. All journal objects larger than this threshold + will be compressed, smaller ones will not. Previously this threshold + was not configurable and set to 512. + + * A new system.conf NoNewPrivileges= is now available which may be used + to turn off acquiring of new privileges system-wide (i.e. set Linux' + PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also all its + children). Note that turning this option on means setuid binaries and + file system capabilities lose their special powers. While turning on + this option is a big step towards a more secure system, doing so is + likely to break numerous pre-existing UNIX tools, in particular su + and sudo. + + * A new service systemd-time-sync-wait.service has been added. If + enabled it will delay the time-sync.target unit at boot until time + synchronization has been recieved from the network. This + functionality is useful on systems lacking a local RTC or where it is + acceptable that the boot process shall be delayed by external network + services. + + * When hibernating, systemd will now inform the kernel of the image + write offset, on kernels new enough to support this. This means swap + files should work for hibernation now. + + * When loading unit files, systemd will now look for drop-in unit file + extension at additional places. Previously, for a unit file name + "foo-bar-baz.service" it would look for dropin files in + "foo-bar-baz.service.d/*.conf". Now, it will also look in + "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the + service name truncated after all inner dashes. This scheme allows + writing drop-ins easily that apply to a whole set of unit files at + once. It's particularly useful for mount and slice units (as their + naming is prefix based anyway), but is also useful for service and + other units, for packages that install multiple unit files at once, + following a strict naming regime of beginning the unit file name with + the package's name. Two new specifiers are now supported while + parsing unit files, to match this: %j and %J are replaced by the part + of the unit name following the last dash. + + * The ExecStart= lines of unit files are no longer required to + reference absolute paths. If non-absolute paths are specified the + specified binary name is searched within the service manager's + built-in $PATH. It's generally recommended to continue to use + absolute paths for all binaries specified in unit files. + + * coredumpctl's "gdb" verb has been renamed to "debug", in order to + support alternative debuggers, for example lldb. The old name + continues to be available however, for compatibility reasons. Use the + new --debugger= switch and $SYSTEMD_DEBUGGER environment variable to + pick an alternative debugger instead of the default of gdb. + + * systemctl and the other tools will now output escape sequences that + generate proper clickable hyperlinks in various terminal emulators + where useful (for example, in the "systemctl status" output you can + now click on the unit file name to quickly open it in the + editor/viewer of your choice). Note that not all terminal emulators + support this functionality yet, but many do. Unfortunately, the + "less" pager doesn't support this yet, hence this functionality is + currently automatically turned off when a pager is started (which + happens quite often due to auto-paging). We hope to remove this + limitation as soon as "less" learns these escape sequences too. This + new behaviour may also be turned off explicitly with the + $SYSTEMD_URLIFY environment variable. For details on these escape + sequences see: + https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda + + * networkd's .network files now support a new IPv6MTUBytes= option for + setting the MTU used by IPv6 explicitly as well as a new MTUBytes= + option in the [Route] section to configure the MTU to use for + specific routes. It also gained support for configuration of the DHCP + "UserClass" option through the new UserClass= setting. It gained + three new options in the new [CAN] section for configuring CAN + networks. The MULTICAST and ALLMULTI interface flags may now be + controlled explicitly with the new Multicast= and AllMulticast= + settings. + + * networkd will now automatically make use of the kernel's route + expiration feature, if it is available. + + * udevd's .link files now support setting the number of Rx/Tx channels, + using the RxChannels=, TxChannels=, OtherChannels=, + CombinedChannels=. Support for UDPSegmentationOffload= has been + removed, given its limited support in hardware, and waning software + support. + + * networkd's .netdev files now support creating "netdevsim" interfaces. + + * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used + to query the unit belonging to a specific kernel control group. + + * systemd-analyze learnt a new verb "cat-config", which may be used to + dump the contents of any configuration file, with all its matching + drop-in files added in, and honouring the usual search and masking + logic applied to systemd configuration files. For example use + "systemd-analyze cat-config systemd/system.conf" to get the complete + system configuration file of systemd how it would be loaded by PID 1 + itself. Similar to this various tools, such as systemd-tmpfiles or + systemd-sysusers learnt new option "--cat-config", which do + corresponding operation for their own configuration settings. For + example, "systemd-tmpfiles --cat-config" will now output the full + list of tmpfiles.d/ lines in place. + + * timedatectl gained two new verbs "timesync-status" (to show the + current NTP synchronization state of systemd-timesyncd) and + "show-timesync" (to show bus properties of systemd-timesyncd). + + * systemd-timesyncd gained a bus interface on which it exposes details + about its state. + + * systemd-nspawn gained a new --rlimit= switch for setting initial + resource limits for the container payload. There's a new switch + --hostname= for explicitly overriding the container's hostname. A new + --no-new-privileges= switch may be used to control the + PR_SET_NO_NEW_PRIVS flag for the container payload. A new + --oom-score-adjust= switch controls the OOM scoring adjustment value + for the payload. The new --cpu-affinity= switch controls the CPU + affinity of the container payload. The new --resolv-conf= switch + allows more detailed control of /etc/resolv.conf handling of the + container. Similar, the new --timezone= switch allows more detailed + control of /etc/localtime handling of the container. + + * systemd-detect-virt learnt a new --list switch, which will print a + list of all currently known VM and container environments. + + * Support for the new "Portable Services" concept has been added, see + doc/PORTABLE_SERVICES.md for details. Currently, the support is still + experimental, but this is expected to change soon. Reflecting the + experimental state the "portablectl" binary is not installed into + /usr/bin yet. The binary has to be called with the full path + /usr/lib/systemd/portablectl instead. + + * journalctl's and systemctl's -o switch now knows a new log output + mode "with-unit". The output it generates is very similar to the + regular "short" mode, but displays the unit name instead of the + syslog tag for each log line. Also, the date is shown with timezone + information. This mode is probably more useful than the classic + "short" output mode for most purposes, except where pixel-perfect + compatibility with classic /var/log/messages formatting is required. + + * A new --dump-bus-properties switch has been added to the systemd + binary, which may be used to dump all supported D-Bus properties. + + * Unit files and other configuration files that support specifier + expansion now understand two new specifiers: %T and %V will resolve + to /tmp and /var/tmp respectively, or whatever temporary directory + has been set for the calling user. + + * sd-bus gained a set of new calls: + sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to + enable/disable the "floating" state of a bus slot object, + i.e. whether the slot object pins the bus it is allocated for into + memory or if the bus slot object gets disconnected when the bus goes + away. sd_bus_open_with_description(), + sd_bus_open_user_with_description(), + sd_bus_open_system_with_description() may be used to allocate bus + objects and set their description string already during allocation. + + * sd-event gained support for watching inotify events from the event + loop, in an efficient way, sharing inotify handles between multiple + users. For this a new function sd_event_add_inotify() has been added. + + * sd-event and sd-bus gained support for calling special user-supplied + destructor functions for userdata pointers associated with + sd_event_source, sd_bus_slot and sd_bus_track objects. + + * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default. + + * PID 1 will now automatically reschedule .timer units whenever the + local timezone changes. (They previously got rescheduled already + automatically when the system clock changed.) + + * New documentation has been added to document cgroups delegation, + portable services and the various code quality tools we have set up: + + https://github.com/systemd/systemd/blob/master/doc/CGROUP_DELEGATION.md + https://github.com/systemd/systemd/blob/master/doc/PORTABLE_SERVICES.md + https://github.com/systemd/systemd/blob/master/doc/CODE_QUALITY.md + + * pam_systemd will now look for PAM userdata fields systemd.memory_max, + systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by + earlier PAM modules. The data in these fields is used to initialize + the session scope's resource properties. Thus external PAM modules + may now configure per-session limits, for example sourced from + external user databases. + + * socket units with Accept=yes will now maintain a "refused" counter in + addition to the existing "accepted" counter, counting connections + refused due to the enforced limits. + + * The "systemd-path search-binaries-default" command may now be use to + query the default, built-in $PATH PID 1 will pass to the services it + manages. + + Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale, + Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud + Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian + Brauner, Christian Hesse, Daniel Dao, Daniel Lin, Danylo Korostil, + Davide Cavalca, David Tardon, Dimitri John Ledkov, Dmitriy Geels, + Douglas Christman, Elia Geretto, emelenas, Evegeny Vereshchagin, Evgeny + Vereshchagin, Felipe Sateler, Feng Sun, Filipe Brandenburger, Franck + Bui, futpib, Giuseppe Scrivano, Guillem Jover, guixxx, Hans de Goede, + Henrique Dante de Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, + Ivan Shapovalov, James Cowgill, Jan Janssen, Jan Synacek, Jared + Kazimir, João Paulo Rechi Vita, Joost Heitbrink, juergbi, Jui-Chi Ricky + Liang, Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri + Tirkkonen, Lennart Poettering, Leonard, Long Li, Luca Boccassi, Lucas + Werkmeister, Marcel Hoppe, Marc Kleine-Budde, Mario Limonciello, Martin + Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Michael + Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal Sekletar, + Mike Gilbert, Mikhail Kasimov, Milan, Milan Broz, mourikwa, Muhammet + Kara, Nicolas Boichat, Omer Katz, Paride Legovini, Paul Menzel, Paul + Milliken, Peter A. Bigot, Peter Hutterer, Peter Jones, Philip Sequeira, + Philip Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de + Araujo, Rosen Penev, rubensa, Ryan Gonzalez, Salvo 'LtWorf' Tomaselli, + Sebastian Reichel, Sergio Lindo Mansilla, Stefan Schweter, Stephen + Hemminger, Stuart Hayes, Susant Sahani, Sylvain Plantefève, Thomas + H. P. Andersen, Tobias Jungel, Tomasz Torcz, Vito Caputo, Will Dietz, + Will Thompson, xginn8, Yu Watanabe, Zbigniew Jędrzejewski-Szmek + + — Berlin, 2018-06-XX + CHANGES WITH 238: * The MemoryAccounting= unit property now defaults to on. After