diff --git a/NEWS b/NEWS index d4afd85cf9..a2d5ba6981 100644 --- a/NEWS +++ b/NEWS @@ -16,7 +16,7 @@ CHANGES WITH 247 in spe: or otherwise process uevents. Please note that this incompatibility is not fault of systemd or udev, but caused by an incompatible kernel change that happened back in Linux 4.12, but is becoming more and - more visible as the new uvents are generated by more kernel drivers. + more visible as the new uevents are generated by more kernel drivers. To minimize issues resulting from this kernel change (but not avoid them entirely) starting with systemd-udevd 247 the udev "tags" @@ -106,29 +106,50 @@ CHANGES WITH 247 in spe: desired the location to which systemd installs its PAM stack configuration may be changed via the -Dpamconfdir Meson option. - * The runtime dependencies on libqrencode, libpcre2, libpwquality and - libcryptsetup have been changed to be based on dlopen(): instead of - regular dynamic library dependencies declared in the binary ELF - headers, these libraries are now loaded on demand only, if they are - available. If the libraries cannot be found the relevant operations - will fail gracefully, or a suitable fallback logic is chosen. This is - supposed to be useful for general purpose distributions, as it allows - minimizing the list of dependencies the systemd packages pull in, - permitting building of more minimal OS images, while still making use - of these "weak" dependencies should they be installed. Since many - package managers automatically synthesize package dependencies from - ELF shared library dependencies, some additional manual packaging - work has to be done now to replace those (slightly downgraded from - "required" to "recommended" or whatever is conceptually suitable for - the package manager). Note that this change does not alter build-time - behaviour: as before the build-time dependencies have to be installed - during build, even if they now are optional during runtime. + * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2, + libpwquality and libcryptsetup have been changed to be based on + dlopen(): instead of regular dynamic library dependencies declared in + the binary ELF headers, these libraries are now loaded on demand + only, if they are available. If the libraries cannot be found the + relevant operations will fail gracefully, or a suitable fallback + logic is chosen. This is supposed to be useful for general purpose + distributions, as it allows minimizing the list of dependencies the + systemd packages pull in, permitting building of more minimal OS + images, while still making use of these "weak" dependencies should + they be installed. Since many package managers automatically + synthesize package dependencies from ELF shared library dependencies, + some additional manual packaging work has to be done now to replace + those (slightly downgraded from "required" to "recommended" or + whatever is conceptually suitable for the package manager). Note that + this change does not alter build-time behaviour: as before the + build-time dependencies have to be installed during build, even if + they now are optional during runtime. * sd-event.h gained a new call sd_event_add_time_relative() for installing timers relative to the current time. This is mostly a convenience wrapper around the pre-existing sd_event_add_time() call which installs absolute timers. + * sd-event event sources may now be placed in a new "exit-on-failure" + mode, which may be controlled via the new + sd_event_source_get_exit_on_failure() and + sd_event_source_set_exit_on_failure() functions. If enabled, any + failure returned by the event source handler functions will result in + exiting the event loop (unlike the default behaviour of just + disabling the event source but continuing with the event loop). This + feature is useful to set for all event sources that define "primary" + program behaviour (where failure should be fatal) in contrast to + "auxiliary" behaviour (where failure should remain local). + + * Most event source types sd-event supports now accept a NULL handler + function, in which case the event loop is exited once the event + source is to be dispatched, using the userdata pointer — converted to + a signed integer — as exit code of the event loop. Previously this + was supported for IO and signal event sources already. Exit event + sources still do not support this (simply because it makes little + sense there, as the event loop is already exiting when they are + dispatched). + * A new per-unit setting RootImageOptions= has been added which allows tweaking the mount options for any file system mounted as effect of the RootImage= setting. @@ -223,7 +244,9 @@ CHANGES WITH 247 in spe: them in local timezone or UTC, or whether to show µs granularity. * Alibaba's "pouch" container manager is now detected by - systemd-detect-virt, ConditionVirtualization= and similar constructs. + systemd-detect-virt, ConditionVirtualization= and similar + constructs. Similar, they now also recognize IBM PowerVM machine + virtualization. * systemd-nspawn has been reworked to use the /run/host/incoming/ as place to use for propagating external mounts into the @@ -247,12 +270,6 @@ CHANGES WITH 247 in spe: deprecated and undocumented for 6 years. systemd started to warn about its use 1.5 years ago. It has now been removed entirely. - * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for - systemd-nspawn all system call filter violations will be logged by - the kernel (audit). This is useful for tracking down system calls - invoked by container payloads that are prohibited by the container's - system call filter policy. - * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes a sd_bus_error struct and a list of error names, and checks if the error matches one of these names. It's a convenience wrapper that is @@ -264,12 +281,24 @@ CHANGES WITH 247 in spe: * Behaviour of system call filter allow lists has changed slightly: system calls that are contained in @known will result in a EPERM by default, while those not contained in it result in ENOSYS. This - should improve compatibility because known syscalls will thus be + should improve compatibility because known system calls will thus be communicated as prohibited, while unknown (and thus newer ones) will be communicated as not implemented, which hopefully has the greatest chance of triggering the right fallback code paths in client applications. + * "systemd-analyze syscall-filter" will now show two separate sections + at the bottom of the output: system calls known during systemd build + time but not included in any of the filter groups shown above, and + system calls defined on the local kernel but known during systemd + build time. + + * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for + systemd-nspawn all system call filter violations will be logged by + the kernel (audit). This is useful for tracking down system calls + invoked by container payloads that are prohibited by the container's + system call filter policy. + * Two new unit file settings ProtectProc= and ProcSubset= have been added that expose the hidepid= and subset= mount options of procfs. All processes of the unit will only see processes in /proc that are @@ -419,6 +448,11 @@ CHANGES WITH 247 in spe: now be marked to be independent of any underlying network interface via the new Independent= boolean setting. + * systemd-networkd's Gateway= setting in .network files now accepts the + special values _dhcp4 and _ipv6ra to configure additional, locally + defined, explicit routes to the gateway acquired via DHCP or IPv6 + Router Advertisements. + * systemctl gained support for two new verbs: "service-log-level" and "service-log-target" may be used on services that implement the generic org.freedesktop.LogControl1 D-Bus interface to dynamically @@ -430,10 +464,10 @@ CHANGES WITH 247 in spe: * The SystemCallErrorNumber= unit file setting now accepts the new "kill" and "log" actions, in addition to arbitrary error number specifications as before. If "kill" the the processes are killed on - the event, if "log" the offending syscall is audit logged. + the event, if "log" the offending system call is audit logged. * A new SystemCallLog= unit file setting has been added that accepts a - list of syscalls that shall be logged about (audit). + list of system calls that shall be logged about (audit). * The OS image dissection logic (as used by RootImage= in unit files or systemd-nspawn's --image= switch) has gained support for identifying @@ -456,7 +490,7 @@ CHANGES WITH 247 in spe: will now log the thread ID in their log output. This is useful when working with heavily threaded programs. - * If the SYSTEMD_RDRAND enviroment variable is set to "0", systemd will + * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will not use the RDRAND CPU instruction. This is useful in environments such as replay debuggers where non-deterministic behaviour is not desirable. @@ -472,6 +506,12 @@ CHANGES WITH 247 in spe: OS, and permits avoidable differences in deployments that create all kinds of problems in the long run. + * The autopaging logic in systemd's various tools (such as systemctl) + has been updated to turn on "secure" mode in "less" + (i.e. $LESSECURE=1) if execution in a "sudo" environment is + detected. This disables invoking external programs from the pager, + via the pipe logic. This behaviour may be overridden via the new + $SYSTEMD_PAGERSECURE environment variable. CHANGES WITH 246: