picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NEWS: initialy version of NEWS 

Needs lots of updates still, but let's get the party started.
This commit is contained in:
Lennart Poettering 2018-12-12 20:33:02 +01:00
parent 4b987478b0
commit 6b1ab752c2
1 changed files with 329 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

332
NEWS
View File

@ -20,7 +20,7 @@ CHANGES WITH 240 in spe:
systemd-run tool to default to Type=exec for transient services
started by it. This should be mostly safe, but in specific corner
cases might result in problems, as the systemd-run tool will then
block on NSS calls (such as user name lookups due to User=) done
block on NSS calls (such as user name look-ups due to User=) done
between the fork() and execve(), which under specific circumstances
might cause problems. It is recommended to specify "-p Type=simple"
explicitly in the few cases where this applies. For regular,
@ -88,16 +88,342 @@ CHANGES WITH 240 in spe:
that have multiple links with routes to the same networks (e.g.
a client with a Wi-Fi and Ethernet both connected to the internet).
Consult the kernel documetnation for details on this sysctl:
Consult the kernel documentation for details on this sysctl:
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
* CPUAccounting=yes no longer enables the CPU controller when using
kernel 4.15+ and the unified cgroup hierarchy, as required accounting
statistics are now provided independently from the CPU controller.
* Support for disabling a particular cgroup controller within a subtree
* Support for disabling a particular cgroup controller within a sub-tree
has been added through the DisableControllers= directive.
* The new "MemoryMin=" unit file property may now be used to set the
memory usage protection limit of processes invoked by the unit. This
controls the cgroupsv2 memory.min attribute. Similar, the new
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
cgroupsv2 io.latency cgroup property for configuring per-service I/O
latency.
* systemd now supports the cgroupsv2 devices BPF logic, as counterpart
to the cgroupsv1 "devices" cgroup controller.
* systemd-escape now is able to combine --unescape with --template. It
also learnt a new option --instance for extracting and unescaping the
instance part of a unit name.
* sd-bus now provides the sd_bus_message_readv() which is similar to
sd_bus_message_read() but takes a va_list object. The pair
sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
have been added for configuring the default method call timeout to
use. sd_bus_error_move() may be used to efficiently move the contents
from one sd_bus_error structure to another, invalidating the
source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
be used to control whether a bus connection object is automatically
flushed when an sd-event loop is exited.
* When processing classic BSD syslog log messages, journald will now
save the original time-stamp string supplied in the new
SYSLOG_TIMESTAMP= journal field. This permits consumers to
reconstruct the original BSD syslog message more correctly.
* StandardOutput=/StandardError= in service files gained support for
new "append:…" parameters, for connecting STDOUT/STDERR of a service
to a file, and appending to it.
* The signal to use as last step of killing of unit processes is now
configurable. Previously it was hard-coded to SIGKILL, which may now
be overridden with the new KillSignal= setting. Note that this is the
signal used when regular termination (i.e. SIGTERM) does
suffice. Similar, the signal used when aborting a program in case of
a watchdog timeout may now be configured too (WatchdogSignal=).
* The XDG_SESSION_DESKTOP environment variable may now be configured in
the pam_systemd argument line, using the new desktop= switch. This is
useful to initialize it properly from a display manager without
having to touch C code.
* Most configuration options that previously accepted percentage
values now also understand permille values, if the '‰' suffix is
used (instead of '%').
* systemd-logind will offer hibernation only if the currently used
kernel image is still available on disk.
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
DNS-over-TLS.
* systemd-resolved's configuration file resolved.conf gained a new
option ReadEtcHosts= which may be used to turn off processing and
honoring /etc/hosts entries.
* The "--wait" switch may now be passed to "systemctl
is-system-running", in which case the tool will synchronously wait
until the system finished start-up.
* hostnamed gained a new bus call to determine the DMI product UUID.
* On x86-64 systemd will now prefer using the RDRAND processor
instruction over /dev/urandom whenever it requires randomness that
neither has to be crypto-grade nor should be reproducible. This
should substantially reduce the amount of entropy systemd requests
from the kernel during initialization on such systems, though not
reduce it to zero. (Why not zero? systemd still needs to allocate
UUIDs and such uniquely, which require high-quality randomness.)
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
for forcing the "Other Information" bit in IPv6 RA messages. The
bonding logic gained three new options AdActorSystemPriority=,
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
aspects. The tunnel logic gained a new IPv6RapidDeploymentPrefix=
option for configuring IPv6 Rapid Deployment. The policy rule logic
gained four new options IPProtocol=, SourcePort= and
DestinationPort=, InvertRule=. The bridge logic gained support for
the MulticastToUnicast= option. networkd also gained support for
configuring static IPv4 ARP or IPv6 neighbor entries.
* .preset files (as read by 'systemctl preset') may now be used to
instantiate services.
* /etc/crypttab now understands the sector-size= option to configure
the sector size for an encrypted partition.
* Key material for encrypted disks may now be placed on a formatted
medium, and reference from /etc/crypttab by the UUID of the file
system, followed by "=" suffixed by the paths to the key file.
* The "collect" udev component has been removed without replacement, as
it is not used nor maintained.
* When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
LogsDirectory=, ConfigurationDirectory= settings are used in a
service the executed processes will now receive a set of environment
variables pointing it to the full, absolute paths of these
directories. Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY,
CACHE_DIRECTORY, LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set
if these options are used. Note that these options may be used
multiple times per service in which case the resulting paths will be
concatenated and separated by colons.
* Predictable interface naming has been extended to cover InfiniBand
NICs. They will be exposed with an "ib" prefix.
* tmpfiles.d/ line types may now be suffixed with a '-' character, in
which case the respective line failing is ignored.
* .link files may now be used to configure the equivalent to the
"ethtool advertise" commands.
* The sd-device.h and sd-hwdb.h APIs are now exported, as an
alternative to libudev.h. Previously, the latter was just an internal
wrapper around the former, but now these two APIs are exposed
directly.
* sd-id128.h gained a new function sd_id128_get_boot_app_specific()
which calculates an app-specific boot ID similar to how
sd_id128_get_machine_app_specific() generates an app-specific machine
ID.
* A new tool systemd-id128 has been added that can be used to determine
and generate various 128bit IDs.
* /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
and LOGO=.
* systemd-hibernate-resume-generator will now honor the "noresume"
kernel command line option, in which case it will bypass resuming
from any hibernated image.
* The systemd-sleep.conf configuration file gained new options
AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
AllowHybridSleep= for prohibiting specific sleep modes even if the
system supports it.
* portablectl is now officially supported and has thus moved to
/usr/bin/.
* bootctl learnt the two new commands "set-default" and "set-oneshot"
for setting the default boot loader item to boot to (either
persistently or only for the next boot). This is currently only
compatible with sd-boot, but may be implemented on other boot loaders
too, that follow the boot loader interface. The updated interface is
now documented here:
https://systemd.io/BOOT_LOADER_INTERFACE
* A new kernel command line option systemd.early_core_pattern= is now
understood which may be used to influence the core_pattern PID 1
installs during early boot.
* busctl learnt two new options -j and --json= for outputting method
call replies, properties and monitoring output in JSON.
* journalctl's JSON output now supports simple ANSI coloring as well as
a new "json-seq" mode for generating RFC7464 output.
* Unit files now support the %g/%G specifiers that resolve to the UNIX
group/GID of the service manager runs as, similar to the existing
%u/%U specifiers that resolve to the UNIX user/UID.
* systemd-logind learnt a new global configuration option
UserStopDelaySec= that may be set in logind.conf. It specifies how
long the systemd --user instance shall remain started after a user
logs out. This is useful to speed up repetitive re-connections of the
same user, as it means the user's service manager doesn't have to be
stopped/restarted on each iteration, but can be reused between
subsequent options. This setting defaults to 10s. systemd-logind also
exports two new properties on its Manager D-Bus objects indicating
whether the system's lid is currently closed, and on AC power.
* systemd gained support for a generic boot counting logic, which
generically permits automatic reverting to older boot loader entries
if newer updated ones don't work. The boot loader side is implemented
in sd-boot, but is kept open for other boot loaders too. For details
see:
https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
* The SuccessAction=/FailureAction= unit file settings now learnt two
new parameters: "exit" and "exit-force", which result in immediate
exiting of the service manager, and are only useful in systemd --user
and container environments.
* Unit files gained support for a pair of options
FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
exit status to use as service manager exit status when
SuccessAction=/FailureAction= is set to exit or exit-force.
* A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
options may now be used to configure the log rate limiting applied by
journald per-service.
* systemd-analyze gained a new verb "timespan" for parsing and
normalizing time span values (i.e. strings like "5min 7s 8us").
* systemd-analyze also gained a new verb "security" for analyzing the
security and sand-boxing settings of services in order to determine an
"exposure level" for them, indicating whether a service would benefit
from more sand-boxing options turned on for them.
* "systemd-analyze syscall-filter" will now also show system calls
supported by the local kernel but not included in any of the defined
groups.
* .nspawn files now understand the Ephemeral= setting, matching the
--ephemeral command line switch.
* sd-event gained the new APIs sd_event_source_get_floating() and
sd_event_source_set_floating() for controlling whether a specific
event source is "floating", i.e. destroyed along with the even loop
object itself.
* Unit objects on D-Bus gained a new "Refs" property that lists all
clients that currently have a reference on the unit, thus ensuring it
is not unloaded.
* The JoinControllers= option in system.conf is no longer supported, as
it didn't work correctly, is hard to support properly, is legacy (as
the concept only exists on cgroupsv1) and not used.
* Journal messages that are generated whenever a unit enters the failed
state are now recognizable with a unique MESSAGE_ID. Similar,
messages generated whenever a service process exits are now made
recognizable, too. A new recognizable is also added now whenever a
unit enters the "dead" state, on success.
* systemd-run gained a new switch --working-directory= for configuring
the working directory of the service to start. A shortcut -d is
equivalent, setting the working directory of the service to the
current working directory of the invoking program. The new --shell
(or just -S) option has been added for invoking the $SHELL of the
caller as a service, and implies --pty --same-dir --wait --collect
--service-type=exec. Or in other words, "systemd-run -S" is not the
quickest way to quickly get an interactive in a fully clean and
well-defined system service context.
* machinectl gained a new verb "import-fs" for importing an OS tree
from a directory. Moreover, when a directory or tarball is imported
and single top-level directory found with the OS itself below the OS
tree is automatically mangled and moved one level up.
* systemd-importd will no longer set up an implicit btrfs loop-back file
system on /var/lib/machines but use it if it is already set up.
* A new generator "systemd-run-generator" has been added. It will
synthesize a unit from one or more program command lines included in
the kernel command line. This is very useful in container managers
for example:
# systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
This will run "systemd-nspawn" on an image, invoke the specified
command line and immediately shut down the container again,
propagating the command line's exit code.
* The block device locking logic has been documented now:
https://systemd.io/BLOCK_DEVICE_LOCKING
* loginctl and machinectl now optionally output the various tables in
JSON using the --output= switch. It is our intention to add similar
support to systemctl and all other commands.
* udevadm's query and trigger verb now optionally take a .device unit
name as argument.
* systemd-udevd's network naming logic now understands a new
net.naming-scheme= kernel command line switch, which may be use to
pick a specific version of the naming scheme. This helps stabilizing
interface names even as systemd/udev are updated and the naming logic
is improved.
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
Morbach, Benjamin Berg, Carlo Caione, Cedric Viou, Chen Qi, ChenQi1989,
Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
Ellsel, ColinGuthrie, dana, Daniel, Daniele Medri, Daniel Kahn Gillmor,
Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner, David
Anderson, Davide Cavalca, David Leeds, David Malcolm, David Strauss,
David Tardon, Dimitri John Ledkov, dj-kaktus, Dongsu Park, Elias
Probst, Emil Soleyman, Erik Kooistra, Ervin Peters, Evgeni Golov,
Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad, faizalluthfi,
Felix Yan, Filipe Brandenburger, Franck Bui, Frank Schaefer, Frantisek
Sumsal, Gianluca Boiano, Giuseppe Scrivano, glitsj16, Hans de Goede,
Harald Hoyer, Harry Mallon, Harshit Jain, hellcp, Helmut Grohne, Henry
Tung, Hui Yiqun, imayoda, Insun Pyo, INSUN PYO, Iwan Timmer,
jambonmcyeah, Jan Janssen, Jan Pokorný, Jan Synacek, Jason
A. Donenfeld, javitoom, Jérémy Nouhaud, Jiuyang liu, João Paulo Rechi
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
Jonas DOREL, Jon Ringle, Josh Soref, Julian Andres Klode, Jürg
Billeter, Keith Busch, killermoehre, Kirill Marinushkin, Lennart
Poettering, LennartPoettering, Liberasys, Lion Yang, Li Song, Lorenz
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
Michael 'pbone' Pobega, Michal Koutný, Michal Sekletar, Michal Soltys,
Mike Gilbert, Mike Palmer, Muhammet Kara, Neal Gompa, Network Silence,
nikolas, NOGISAKA Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina,
Paweł Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, remueller,
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid,
Samuel Morris, Sandy, scootergrisen, seb128, Sergey Ptashnick, Shawn
Landden, Shengyao Xue, Shih-Yuan Lee (FourDollars), Sjoerd Simons,
Stephen Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven
Joachim, Sylvain Plantefève, TanuKaskinen, Tejun Heo, Thiago Macieira,
Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ,
Tobias Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak,
Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech Trefny,
welaq, William A. Kennington III, William Douglas, Wyatt Ward, Xiang
Fan, Xi Ruoyao, Xuanwo, Yann E. MORIN, YmrDtnJu, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
— Somewhere, 2018-xx-yy
CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"