NEWS: initialy version of NEWS
Needs lots of updates still, but let's get the party started.
This commit is contained in:
parent
4b987478b0
commit
6b1ab752c2
332
NEWS
332
NEWS
|
@ -20,7 +20,7 @@ CHANGES WITH 240 in spe:
|
|||
systemd-run tool to default to Type=exec for transient services
|
||||
started by it. This should be mostly safe, but in specific corner
|
||||
cases might result in problems, as the systemd-run tool will then
|
||||
block on NSS calls (such as user name lookups due to User=) done
|
||||
block on NSS calls (such as user name look-ups due to User=) done
|
||||
between the fork() and execve(), which under specific circumstances
|
||||
might cause problems. It is recommended to specify "-p Type=simple"
|
||||
explicitly in the few cases where this applies. For regular,
|
||||
|
@ -88,16 +88,342 @@ CHANGES WITH 240 in spe:
|
|||
that have multiple links with routes to the same networks (e.g.
|
||||
a client with a Wi-Fi and Ethernet both connected to the internet).
|
||||
|
||||
Consult the kernel documetnation for details on this sysctl:
|
||||
Consult the kernel documentation for details on this sysctl:
|
||||
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
||||
|
||||
* CPUAccounting=yes no longer enables the CPU controller when using
|
||||
kernel 4.15+ and the unified cgroup hierarchy, as required accounting
|
||||
statistics are now provided independently from the CPU controller.
|
||||
|
||||
* Support for disabling a particular cgroup controller within a subtree
|
||||
* Support for disabling a particular cgroup controller within a sub-tree
|
||||
has been added through the DisableControllers= directive.
|
||||
|
||||
* The new "MemoryMin=" unit file property may now be used to set the
|
||||
memory usage protection limit of processes invoked by the unit. This
|
||||
controls the cgroupsv2 memory.min attribute. Similar, the new
|
||||
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
|
||||
cgroupsv2 io.latency cgroup property for configuring per-service I/O
|
||||
latency.
|
||||
|
||||
* systemd now supports the cgroupsv2 devices BPF logic, as counterpart
|
||||
to the cgroupsv1 "devices" cgroup controller.
|
||||
|
||||
* systemd-escape now is able to combine --unescape with --template. It
|
||||
also learnt a new option --instance for extracting and unescaping the
|
||||
instance part of a unit name.
|
||||
|
||||
* sd-bus now provides the sd_bus_message_readv() which is similar to
|
||||
sd_bus_message_read() but takes a va_list object. The pair
|
||||
sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
|
||||
have been added for configuring the default method call timeout to
|
||||
use. sd_bus_error_move() may be used to efficiently move the contents
|
||||
from one sd_bus_error structure to another, invalidating the
|
||||
source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
|
||||
be used to control whether a bus connection object is automatically
|
||||
flushed when an sd-event loop is exited.
|
||||
|
||||
* When processing classic BSD syslog log messages, journald will now
|
||||
save the original time-stamp string supplied in the new
|
||||
SYSLOG_TIMESTAMP= journal field. This permits consumers to
|
||||
reconstruct the original BSD syslog message more correctly.
|
||||
|
||||
* StandardOutput=/StandardError= in service files gained support for
|
||||
new "append:…" parameters, for connecting STDOUT/STDERR of a service
|
||||
to a file, and appending to it.
|
||||
|
||||
* The signal to use as last step of killing of unit processes is now
|
||||
configurable. Previously it was hard-coded to SIGKILL, which may now
|
||||
be overridden with the new KillSignal= setting. Note that this is the
|
||||
signal used when regular termination (i.e. SIGTERM) does
|
||||
suffice. Similar, the signal used when aborting a program in case of
|
||||
a watchdog timeout may now be configured too (WatchdogSignal=).
|
||||
|
||||
* The XDG_SESSION_DESKTOP environment variable may now be configured in
|
||||
the pam_systemd argument line, using the new desktop= switch. This is
|
||||
useful to initialize it properly from a display manager without
|
||||
having to touch C code.
|
||||
|
||||
* Most configuration options that previously accepted percentage
|
||||
values now also understand permille values, if the '‰' suffix is
|
||||
used (instead of '%').
|
||||
|
||||
* systemd-logind will offer hibernation only if the currently used
|
||||
kernel image is still available on disk.
|
||||
|
||||
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
|
||||
DNS-over-TLS.
|
||||
|
||||
* systemd-resolved's configuration file resolved.conf gained a new
|
||||
option ReadEtcHosts= which may be used to turn off processing and
|
||||
honoring /etc/hosts entries.
|
||||
|
||||
* The "--wait" switch may now be passed to "systemctl
|
||||
is-system-running", in which case the tool will synchronously wait
|
||||
until the system finished start-up.
|
||||
|
||||
* hostnamed gained a new bus call to determine the DMI product UUID.
|
||||
|
||||
* On x86-64 systemd will now prefer using the RDRAND processor
|
||||
instruction over /dev/urandom whenever it requires randomness that
|
||||
neither has to be crypto-grade nor should be reproducible. This
|
||||
should substantially reduce the amount of entropy systemd requests
|
||||
from the kernel during initialization on such systems, though not
|
||||
reduce it to zero. (Why not zero? systemd still needs to allocate
|
||||
UUIDs and such uniquely, which require high-quality randomness.)
|
||||
|
||||
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
|
||||
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
|
||||
for forcing the "Other Information" bit in IPv6 RA messages. The
|
||||
bonding logic gained three new options AdActorSystemPriority=,
|
||||
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
|
||||
aspects. The tunnel logic gained a new IPv6RapidDeploymentPrefix=
|
||||
option for configuring IPv6 Rapid Deployment. The policy rule logic
|
||||
gained four new options IPProtocol=, SourcePort= and
|
||||
DestinationPort=, InvertRule=. The bridge logic gained support for
|
||||
the MulticastToUnicast= option. networkd also gained support for
|
||||
configuring static IPv4 ARP or IPv6 neighbor entries.
|
||||
|
||||
* .preset files (as read by 'systemctl preset') may now be used to
|
||||
instantiate services.
|
||||
|
||||
* /etc/crypttab now understands the sector-size= option to configure
|
||||
the sector size for an encrypted partition.
|
||||
|
||||
* Key material for encrypted disks may now be placed on a formatted
|
||||
medium, and reference from /etc/crypttab by the UUID of the file
|
||||
system, followed by "=" suffixed by the paths to the key file.
|
||||
|
||||
* The "collect" udev component has been removed without replacement, as
|
||||
it is not used nor maintained.
|
||||
|
||||
* When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
|
||||
LogsDirectory=, ConfigurationDirectory= settings are used in a
|
||||
service the executed processes will now receive a set of environment
|
||||
variables pointing it to the full, absolute paths of these
|
||||
directories. Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY,
|
||||
CACHE_DIRECTORY, LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set
|
||||
if these options are used. Note that these options may be used
|
||||
multiple times per service in which case the resulting paths will be
|
||||
concatenated and separated by colons.
|
||||
|
||||
* Predictable interface naming has been extended to cover InfiniBand
|
||||
NICs. They will be exposed with an "ib" prefix.
|
||||
|
||||
* tmpfiles.d/ line types may now be suffixed with a '-' character, in
|
||||
which case the respective line failing is ignored.
|
||||
|
||||
* .link files may now be used to configure the equivalent to the
|
||||
"ethtool advertise" commands.
|
||||
|
||||
* The sd-device.h and sd-hwdb.h APIs are now exported, as an
|
||||
alternative to libudev.h. Previously, the latter was just an internal
|
||||
wrapper around the former, but now these two APIs are exposed
|
||||
directly.
|
||||
|
||||
* sd-id128.h gained a new function sd_id128_get_boot_app_specific()
|
||||
which calculates an app-specific boot ID similar to how
|
||||
sd_id128_get_machine_app_specific() generates an app-specific machine
|
||||
ID.
|
||||
|
||||
* A new tool systemd-id128 has been added that can be used to determine
|
||||
and generate various 128bit IDs.
|
||||
|
||||
* /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
|
||||
and LOGO=.
|
||||
|
||||
* systemd-hibernate-resume-generator will now honor the "noresume"
|
||||
kernel command line option, in which case it will bypass resuming
|
||||
from any hibernated image.
|
||||
|
||||
* The systemd-sleep.conf configuration file gained new options
|
||||
AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
|
||||
AllowHybridSleep= for prohibiting specific sleep modes even if the
|
||||
system supports it.
|
||||
|
||||
* portablectl is now officially supported and has thus moved to
|
||||
/usr/bin/.
|
||||
|
||||
* bootctl learnt the two new commands "set-default" and "set-oneshot"
|
||||
for setting the default boot loader item to boot to (either
|
||||
persistently or only for the next boot). This is currently only
|
||||
compatible with sd-boot, but may be implemented on other boot loaders
|
||||
too, that follow the boot loader interface. The updated interface is
|
||||
now documented here:
|
||||
|
||||
https://systemd.io/BOOT_LOADER_INTERFACE
|
||||
|
||||
* A new kernel command line option systemd.early_core_pattern= is now
|
||||
understood which may be used to influence the core_pattern PID 1
|
||||
installs during early boot.
|
||||
|
||||
* busctl learnt two new options -j and --json= for outputting method
|
||||
call replies, properties and monitoring output in JSON.
|
||||
|
||||
* journalctl's JSON output now supports simple ANSI coloring as well as
|
||||
a new "json-seq" mode for generating RFC7464 output.
|
||||
|
||||
* Unit files now support the %g/%G specifiers that resolve to the UNIX
|
||||
group/GID of the service manager runs as, similar to the existing
|
||||
%u/%U specifiers that resolve to the UNIX user/UID.
|
||||
|
||||
* systemd-logind learnt a new global configuration option
|
||||
UserStopDelaySec= that may be set in logind.conf. It specifies how
|
||||
long the systemd --user instance shall remain started after a user
|
||||
logs out. This is useful to speed up repetitive re-connections of the
|
||||
same user, as it means the user's service manager doesn't have to be
|
||||
stopped/restarted on each iteration, but can be reused between
|
||||
subsequent options. This setting defaults to 10s. systemd-logind also
|
||||
exports two new properties on its Manager D-Bus objects indicating
|
||||
whether the system's lid is currently closed, and on AC power.
|
||||
|
||||
* systemd gained support for a generic boot counting logic, which
|
||||
generically permits automatic reverting to older boot loader entries
|
||||
if newer updated ones don't work. The boot loader side is implemented
|
||||
in sd-boot, but is kept open for other boot loaders too. For details
|
||||
see:
|
||||
|
||||
https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
|
||||
|
||||
* The SuccessAction=/FailureAction= unit file settings now learnt two
|
||||
new parameters: "exit" and "exit-force", which result in immediate
|
||||
exiting of the service manager, and are only useful in systemd --user
|
||||
and container environments.
|
||||
|
||||
* Unit files gained support for a pair of options
|
||||
FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
|
||||
exit status to use as service manager exit status when
|
||||
SuccessAction=/FailureAction= is set to exit or exit-force.
|
||||
|
||||
* A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
|
||||
options may now be used to configure the log rate limiting applied by
|
||||
journald per-service.
|
||||
|
||||
* systemd-analyze gained a new verb "timespan" for parsing and
|
||||
normalizing time span values (i.e. strings like "5min 7s 8us").
|
||||
|
||||
* systemd-analyze also gained a new verb "security" for analyzing the
|
||||
security and sand-boxing settings of services in order to determine an
|
||||
"exposure level" for them, indicating whether a service would benefit
|
||||
from more sand-boxing options turned on for them.
|
||||
|
||||
* "systemd-analyze syscall-filter" will now also show system calls
|
||||
supported by the local kernel but not included in any of the defined
|
||||
groups.
|
||||
|
||||
* .nspawn files now understand the Ephemeral= setting, matching the
|
||||
--ephemeral command line switch.
|
||||
|
||||
* sd-event gained the new APIs sd_event_source_get_floating() and
|
||||
sd_event_source_set_floating() for controlling whether a specific
|
||||
event source is "floating", i.e. destroyed along with the even loop
|
||||
object itself.
|
||||
|
||||
* Unit objects on D-Bus gained a new "Refs" property that lists all
|
||||
clients that currently have a reference on the unit, thus ensuring it
|
||||
is not unloaded.
|
||||
|
||||
* The JoinControllers= option in system.conf is no longer supported, as
|
||||
it didn't work correctly, is hard to support properly, is legacy (as
|
||||
the concept only exists on cgroupsv1) and not used.
|
||||
|
||||
* Journal messages that are generated whenever a unit enters the failed
|
||||
state are now recognizable with a unique MESSAGE_ID. Similar,
|
||||
messages generated whenever a service process exits are now made
|
||||
recognizable, too. A new recognizable is also added now whenever a
|
||||
unit enters the "dead" state, on success.
|
||||
|
||||
* systemd-run gained a new switch --working-directory= for configuring
|
||||
the working directory of the service to start. A shortcut -d is
|
||||
equivalent, setting the working directory of the service to the
|
||||
current working directory of the invoking program. The new --shell
|
||||
(or just -S) option has been added for invoking the $SHELL of the
|
||||
caller as a service, and implies --pty --same-dir --wait --collect
|
||||
--service-type=exec. Or in other words, "systemd-run -S" is not the
|
||||
quickest way to quickly get an interactive in a fully clean and
|
||||
well-defined system service context.
|
||||
|
||||
* machinectl gained a new verb "import-fs" for importing an OS tree
|
||||
from a directory. Moreover, when a directory or tarball is imported
|
||||
and single top-level directory found with the OS itself below the OS
|
||||
tree is automatically mangled and moved one level up.
|
||||
|
||||
* systemd-importd will no longer set up an implicit btrfs loop-back file
|
||||
system on /var/lib/machines but use it if it is already set up.
|
||||
|
||||
* A new generator "systemd-run-generator" has been added. It will
|
||||
synthesize a unit from one or more program command lines included in
|
||||
the kernel command line. This is very useful in container managers
|
||||
for example:
|
||||
|
||||
# systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
|
||||
|
||||
This will run "systemd-nspawn" on an image, invoke the specified
|
||||
command line and immediately shut down the container again,
|
||||
propagating the command line's exit code.
|
||||
|
||||
* The block device locking logic has been documented now:
|
||||
|
||||
https://systemd.io/BLOCK_DEVICE_LOCKING
|
||||
|
||||
* loginctl and machinectl now optionally output the various tables in
|
||||
JSON using the --output= switch. It is our intention to add similar
|
||||
support to systemctl and all other commands.
|
||||
|
||||
* udevadm's query and trigger verb now optionally take a .device unit
|
||||
name as argument.
|
||||
|
||||
* systemd-udevd's network naming logic now understands a new
|
||||
net.naming-scheme= kernel command line switch, which may be use to
|
||||
pick a specific version of the naming scheme. This helps stabilizing
|
||||
interface names even as systemd/udev are updated and the naming logic
|
||||
is improved.
|
||||
|
||||
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
|
||||
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
|
||||
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
|
||||
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
|
||||
Morbach, Benjamin Berg, Carlo Caione, Cedric Viou, Chen Qi, ChenQi1989,
|
||||
Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
|
||||
Ellsel, ColinGuthrie, dana, Daniel, Daniele Medri, Daniel Kahn Gillmor,
|
||||
Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner, David
|
||||
Anderson, Davide Cavalca, David Leeds, David Malcolm, David Strauss,
|
||||
David Tardon, Dimitri John Ledkov, dj-kaktus, Dongsu Park, Elias
|
||||
Probst, Emil Soleyman, Erik Kooistra, Ervin Peters, Evgeni Golov,
|
||||
Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad, faizalluthfi,
|
||||
Felix Yan, Filipe Brandenburger, Franck Bui, Frank Schaefer, Frantisek
|
||||
Sumsal, Gianluca Boiano, Giuseppe Scrivano, glitsj16, Hans de Goede,
|
||||
Harald Hoyer, Harry Mallon, Harshit Jain, hellcp, Helmut Grohne, Henry
|
||||
Tung, Hui Yiqun, imayoda, Insun Pyo, INSUN PYO, Iwan Timmer,
|
||||
jambonmcyeah, Jan Janssen, Jan Pokorný, Jan Synacek, Jason
|
||||
A. Donenfeld, javitoom, Jérémy Nouhaud, Jiuyang liu, João Paulo Rechi
|
||||
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
|
||||
Jonas DOREL, Jon Ringle, Josh Soref, Julian Andres Klode, Jürg
|
||||
Billeter, Keith Busch, killermoehre, Kirill Marinushkin, Lennart
|
||||
Poettering, LennartPoettering, Liberasys, Lion Yang, Li Song, Lorenz
|
||||
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
|
||||
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
|
||||
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
|
||||
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
|
||||
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
|
||||
Michael 'pbone' Pobega, Michal Koutný, Michal Sekletar, Michal Soltys,
|
||||
Mike Gilbert, Mike Palmer, Muhammet Kara, Neal Gompa, Network Silence,
|
||||
nikolas, NOGISAKA Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina,
|
||||
Paweł Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, remueller,
|
||||
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
|
||||
Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid,
|
||||
Samuel Morris, Sandy, scootergrisen, seb128, Sergey Ptashnick, Shawn
|
||||
Landden, Shengyao Xue, Shih-Yuan Lee (FourDollars), Sjoerd Simons,
|
||||
Stephen Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven
|
||||
Joachim, Sylvain Plantefève, TanuKaskinen, Tejun Heo, Thiago Macieira,
|
||||
Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ,
|
||||
Tobias Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak,
|
||||
Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech Trefny,
|
||||
welaq, William A. Kennington III, William Douglas, Wyatt Ward, Xiang
|
||||
Fan, Xi Ruoyao, Xuanwo, Yann E. MORIN, YmrDtnJu, Yu Watanabe, Zbigniew
|
||||
Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
|
||||
|
||||
— Somewhere, 2018-xx-yy
|
||||
|
||||
CHANGES WITH 239:
|
||||
|
||||
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
|
||||
|
|
Loading…
Reference in New Issue