systemd System and Service Manager CHANGES WITH 235: * modprobe.d drop-in is now shipped by default that sets bonding module option max_bonds=0. This overrides the kernel default, to avoid conflicts and ambigiuty as to whether or not bond0 should be managed by networkd or not. This resolves multiple bugs of bond0 properties not being applied, when bond0 is configured with networkd. Distributors may choose to not package this, however in that case users will be prevented from correctly managing bond0 interface using networkd. CHANGES WITH 234: * Meson is now supported as build system in addition to Automake. It is our plan to remove Automake in one of our next releases, so that Meson becomes our exclusive build system. Hence, please start using the Meson build system in your downstream packaging. There's plenty of documentation around how to use Meson, the extremely brief summary: ./autogen.sh && ./configure && make && sudo make install becomes: meson build && ninja -C build && sudo ninja -C build install * Unit files gained support for a new JobRunningTimeoutUSec= setting, which permits configuring a timeout on the time a job is running. This is particularly useful for setting timeouts on jobs for .device units. * Unit files gained two new options ConditionUser= and ConditionGroup= for conditionalizing units based on the identity of the user/group running a systemd user instance. * systemd-networkd now understands a new FlowLabel= setting in the [VXLAN] section of .network files, as well as a Priority= in [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN] and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also gained support for configuration of GENEVE links, and IPv6 address labels. The [Network] section gained the new IPv6ProxyNDP= setting. * .link files now understand a new Port= setting. * systemd-networkd's DHCP support gained support for DHCP option 119 (domain search list). * systemd-networkd gained support for serving IPv6 address ranges using the Router Advertisment protocol. The new .network configuration section [IPv6Prefix] may be used to configure the ranges to serve. This is implemented based on a new, minimal, native server implementation of RA. * journalctl's --output= switch gained support for a new parameter "short-iso-precise" for a mode where timestamps are shown as precise ISO date values. * systemd-udevd's "net_id" builtin may now generate stable network interface names from IBM PowerVM VIO devices as well as ACPI platform devices. * MulticastDNS support in systemd-resolved may now be explicitly enabled/disabled using the new MulticastDNS= configuration file option. * systemd-resolved may now optionally use libidn2 instead of the libidn for processing internationalized domain names. Support for libidn2 should be considered experimental and should not be enabled by default yet. * "machinectl pull-tar" and related call may now do verification of downloaded images using SUSE-style .sha256 checksum files in addition to the already existing support for validating using Ubuntu-style SHA256SUMS files. * sd-bus gained support for a new sd_bus_message_appendv() call which is va_list equivalent of sd_bus_message_append(). * sd-boot gained support for validating images using SHIM/MOK. * The SMACK code learnt support for "onlycap". * systemd-mount --umount is now much smarter in figuring out how to properly unmount a device given its mount or device path. * The code to call libnss_dns as a fallback from libnss_resolve when the communication with systemd-resolved fails was removed. This fallback was redundant and interfered with the [!UNAVAIL=return] suffix. See nss-resolve(8) for the recommended configuration. * systemd-logind may now be restarted without losing state. It stores the file descriptors for devices it manages in the system manager using the FDSTORE= mechanism. Please note that further changes in other components may be required to make use of this (for example Xorg has code to listen for stops of systemd-logind and terminate itself when logind is stopped or restarted, in order to avoid using stale file descriptors for graphical devices, which is now counterproductive and must be reverted in order for restarts of systemd-logind to be safe. See https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.) * All kernel install plugins are called with the environment variable KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by /etc/machine-id. If the file is missing or empty, the variable is empty and BOOT_DIR_ABS is the path of a temporary directory which is removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID is empty, all plugins should not put anything in BOOT_DIR_ABS. Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert, Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb, Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake, Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin, Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede, hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow, Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili, Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas, Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala, Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin, Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis, Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes, Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog, userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu, Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски — Berlin, 2017-07-12 CHANGES WITH 233: * The "hybrid" control group mode has been modified to improve compatibility with "legacy" cgroups-v1 setups. Specifically, the "hybrid" setup of /sys/fs/cgroup is now pretty much identical to "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named cgroups-v1 hierarchy), the only externally visible change being that the cgroups-v2 hierarchy is also mounted, to /sys/fs/cgroup/unified. This should provide a large degree of compatibility with "legacy" cgroups-v1, while taking benefit of the better management capabilities of cgroups-v2. * The default control group setup mode may be selected both a boot-time via a set of kernel command line parameters (specifically: systemd.unified_cgroup_hierarchy= and systemd.legacy_systemd_cgroup_controller=), as well as a compile-time default selected on the configure command line (--with-default-hierarchy=). The upstream default is "hybrid" (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but this will change in a future systemd version to be "unified" (pure cgroups-v2 mode). The third option for the compile time option is "legacy", to enter pure cgroups-v1 mode. We recommend downstream distributions to default to "hybrid" mode for release distributions, starting with v233. We recommend "unified" for development distributions (specifically: distributions such as Fedora's rawhide) as that's where things are headed in the long run. Use "legacy" for greatest stability and compatibility only. * Note one current limitation of "unified" and "hybrid" control group setup modes: the kernel currently does not permit the systemd --user instance (i.e. unprivileged code) to migrate processes between two disconnected cgroup subtrees, even if both are managed and owned by the user. This effectively means "systemd-run --user --scope" doesn't work when invoked from outside of any "systemd --user" service or scope. Specifically, it is not supported from session scopes. We are working on fixing this in a future systemd version. (See #3388 for further details about this.) * DBus policy files are now installed into /usr rather than /etc. Make sure your system has dbus >= 1.9.18 running before upgrading to this version, or override the install path with --with-dbuspolicydir= . * All python scripts shipped with systemd (specifically: the various tests written in Python) now require Python 3. * systemd unit tests can now run standalone (without the source or build directories), and can be installed into /usr/lib/systemd/tests/ with 'make install-tests'. * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH, CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the kernel. * Support for the %c, %r, %R specifiers in unit files has been removed. Specifiers are not supposed to be dependent on configuration in the unit file itself (so that they resolve the same regardless where used in the unit files), but these specifiers were influenced by the Slice= option. * The shell invoked by debug-shell.service now defaults to /bin/sh in all cases. If distributions want to use a different shell for this purpose (for example Fedora's /sbin/sushell) they need to specify this explicitly at configure time using --with-debug-shell=. * The confirmation spawn prompt has been reworked to offer the following choices: (c)ontinue, proceed without asking anymore (D)ump, show the state of the unit (f)ail, don't execute the command and pretend it failed (h)elp (i)nfo, show a short summary of the unit (j)obs, show jobs that are in progress (s)kip, don't execute the command and pretend it succeeded (y)es, execute the command The 'n' choice for the confirmation spawn prompt has been removed, because its meaning was confusing. The prompt may now also be redirected to an alternative console by specifying the console as parameter to systemd.confirm_spawn=. * Services of Type=notify require a READY=1 notification to be sent during startup. If no such message is sent, the service now fails, even if the main process exited with a successful exit code. * Services that fail to start up correctly now always have their ExecStopPost= commands executed. Previously, they'd enter "failed" state directly, without executing these commands. * The option MulticastDNS= of network configuration files has acquired an actual implementation. With MulticastDNS=yes a host can resolve names of remote hosts and reply to mDNS A and AAAA requests. * When units are about to be started an additional check is now done to ensure that all dependencies of type BindsTo= (when used in combination with After=) have been started. * systemd-analyze gained a new verb "syscall-filter" which shows which system call groups are defined for the SystemCallFilter= unit file setting, and which system calls they contain. * A new system call filter group "@filesystem" has been added, consisting of various file system related system calls. Group "@reboot" has been added, covering reboot, kexec and shutdown related calls. Finally, group "@swap" has been added covering swap configuration related calls. * A new unit file option RestrictNamespaces= has been added that may be used to restrict access to the various process namespace types the Linux kernel provides. Specifically, it may be used to take away the right for a service unit to create additional file system, network, user, and other namespaces. This sandboxing option is particularly relevant due to the high amount of recently discovered namespacing related vulnerabilities in the kernel. * systemd-udev's .link files gained support for a new AutoNegotiation= setting for configuring Ethernet auto-negotiation. * systemd-networkd's .network files gained support for a new ListenPort= setting in the [DHCP] section to explicitly configure the UDP client port the DHCP client shall listen on. * .network files gained a new Unmanaged= boolean setting for explicitly excluding one or more interfaces from management by systemd-networkd. * The systemd-networkd ProxyARP= option has been renamed to IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been renamed to ReduceARPProxy=. The old names continue to be available for compatibility. * systemd-networkd gained support for configuring IPv6 Proxy NDP addresses via the new IPv6ProxyNDPAddress= .network file setting. * systemd-networkd's bonding device support gained support for two new configuration options ActiveSlave= and PrimarySlave=. * The various options in the [Match] section of .network files gained support for negative matching. * New systemd-specific mount options are now understood in /etc/fstab: x-systemd.mount-timeout= may be used to configure the maximum permitted runtime of the mount command. x-systemd.device-bound may be set to bind a mount point to its backing device unit, in order to automatically remove a mount point if its backing device is unplugged. This option may also be configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property on the block device, which is now automatically set for all CDROM drives, so that mounted CDs are automatically unmounted when they are removed from the drive. x-systemd.after= and x-systemd.before= may be used to explicitly order a mount after or before another unit or mount point. * Enqueued start jobs for device units are now automatically garbage collected if there are no jobs waiting for them anymore. * systemctl list-jobs gained two new switches: with --after, for every queued job the jobs it's waiting for are shown; with --before the jobs which it's blocking are shown. * systemd-nspawn gained support for ephemeral boots from disk images (or in other words: --ephemeral and --image= may now be combined). Moreover, ephemeral boots are now supported for normal directories, even if the backing file system is not btrfs. Of course, if the file system does not support file system snapshots or reflinks, the initial copy operation will be relatively expensive, but this should still be suitable for many use cases. * Calendar time specifications in .timer units now support specifications relative to the end of a month by using "~" instead of "-" as separator between month and day. For example, "*-02~03" means "the third last day in February". In addition a new syntax for repeated events has been added using the "/" character. For example, "9..17/2:00" means "every two hours from 9am to 5pm". * systemd-socket-proxyd gained a new parameter --connections-max= for configuring the maximum number of concurrent connections. * sd-id128 gained a new API for generating unique IDs for the host in a way that does not leak the machine ID. Specifically, sd_id128_get_machine_app_specific() derives an ID based on the machine ID a in well-defined, non-reversible, stable way. This is useful whenever an identifier for the host is needed but where the identifier shall not be useful to identify the system beyond the scope of the application itself. (Internally this uses HMAC-SHA256 as keyed hash function using the machine ID as input.) * NotifyAccess= gained a new supported value "exec". When set notifications are accepted from all processes systemd itself invoked, including all control processes. * .nspawn files gained support for defining overlay mounts using the Overlay= and OverlayReadOnly= options. Previously this functionality was only available on the systemd-nspawn command line. * systemd-nspawn's --bind= and --overlay= options gained support for bind/overlay mounts whose source lies within the container tree by prefixing the source path with "+". * systemd-nspawn's --bind= and --overlay= options gained support for automatically allocating a temporary source directory in /var/tmp that is removed when the container dies. Specifically, if the source directory is specified as empty string this mechanism is selected. An example usage is --overlay=+/var::/var, which creates an overlay mount based on the original /var contained in the image, overlayed with a temporary directory in the host's /var/tmp. This way changes to /var are automatically flushed when the container shuts down. * systemd-nspawn --image= option does now permit raw file system block devices (in addition to images containing partition tables, as before). * The disk image dissection logic in systemd-nspawn gained support for automatically setting up LUKS encrypted as well as Verity protected partitions. When a container is booted from an encrypted image the passphrase is queried at start-up time. When a container with Verity data is started, the root hash is search in a ".roothash" file accompanying the disk image (alternatively, pass the root hash via the new --root-hash= command line option). * A new tool /usr/lib/systemd/systemd-dissect has been added that may be used to dissect disk images the same way as systemd-nspawn does it, following the Bootable Partition Specification. It may even be used to mount disk images with complex partition setups (including LUKS and Verity partitions) to a local host directory, in order to inspect them. This tool is not considered public API (yet), and is thus not installed into /usr/bin. Please do not rely on its existence, since it might go away or be changed in later systemd versions. * A new generator "systemd-verity-generator" has been added, similar in style to "systemd-cryptsetup-generator", permitting automatic setup of Verity root partitions when systemd boots up. In order to make use of this your partition setup should follow the Discoverable Partitions Specification, and the GPT partition ID of the root file system partition should be identical to the upper 128bit of the Verity root hash. The GPT partition ID of the Verity partition protecting it should be the lower 128bit of the Verity root hash. If the partition image follows this model it is sufficient to specify a single "roothash=" kernel command line argument to both configure which root image and verity partition to use as well as the root hash for it. Note that systemd-nspawn's Verity support follows the same semantics, meaning that disk images with proper Verity data in place may be booted in containers with systemd-nspawn as well as on physical systems via the verity generator. Also note that the "mkosi" tool available at https://github.com/systemd/mkosi has been updated to generate Verity protected disk images following this scheme. In fact, it has been updated to generate disk images that optionally implement a complete UEFI SecureBoot trust chain, involving a signed kernel and initrd image that incorporates such a root hash as well as a Verity-enabled root partition. * The hardware database (hwdb) udev supports has been updated to carry accelerometer quirks. * All system services are now run with a fresh kernel keyring set up for them. The invocation ID is stored by default in it, thus providing a safe, non-overridable way to determine the invocation ID of each service. * Service unit files gained new BindPaths= and BindReadOnlyPaths= options for bind mounting arbitrary paths in a service-specific way. When these options are used, arbitrary host or service files and directories may be mounted to arbitrary locations in the service's view. * Documentation has been added that lists all of systemd's low-level environment variables: https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md * sd-daemon gained a new API sd_is_socket_sockaddr() for determining whether a specific socket file descriptor matches a specified socket address. * systemd-firstboot has been updated to check for the systemd.firstboot= kernel command line option. It accepts a boolean and when set to false the first boot questions are skipped. * systemd-fstab-generator has been updated to check for the systemd.volatile= kernel command line option, which either takes an optional boolean parameter or the special value "state". If used the system may be booted in a "volatile" boot mode. Specifically, "systemd.volatile" is used, the root directory will be mounted as tmpfs, and only /usr is mounted from the actual root file system. If "systemd.volatile=state" is used, the root directory will be mounted as usual, but /var is mounted as tmpfs. This concept provides similar functionality as systemd-nspawn's --volatile= option, but provides it on physical boots. Use this option for implementing stateless systems, or testing systems with all state and/or configuration reset to the defaults. (Note though that many distributions are not prepared to boot up without a populated /etc or /var, though.) * systemd-gpt-auto-generator gained support for LUKS encrypted root partitions. Previously it only supported LUKS encrypted partitions for all other uses, except for the root partition itself. * Socket units gained support for listening on AF_VSOCK sockets for communication in virtualized QEMU environments. * The "configure" script gained a new option --with-fallback-hostname= for specifying the fallback hostname to use if none is configured in /etc/hostname. For example, by specifying --with-fallback-hostname=fedora it is possible to default to a hostname of "fedora" on pristine installations. * systemd-cgls gained support for a new --unit= switch for listing only the control groups of a specific unit. Similar --user-unit= has been added for listing only the control groups of a specific user unit. * systemd-mount gained a new --umount switch for unmounting a mount or automount point (and all mount/automount points below it). * systemd will now refuse full configuration reloads (via systemctl daemon-reload and related calls) unless at least 16MiB of free space are available in /run. This is a safety precaution in order to ensure that generators can safely operate after the reload completed. * A new unit file option RootImage= has been added, which has a similar effect as RootDirectory= but mounts the service's root directory from a disk image instead of plain directory. This logic reuses the same image dissection and mount logic that systemd-nspawn already uses, and hence supports any disk images systemd-nspawn supports, including those following the Discoverable Partition Specification, as well as Verity enabled images. This option enables systemd to run system services directly off disk images acting as resource bundles, possibly even including full integrity data. * A new MountAPIVFS= unit file option has been added, taking a boolean argument. If enabled /proc, /sys and /dev (collectively called the "API VFS") will be mounted for the service. This is only relevant if RootDirectory= or RootImage= is used for the service, as these mounts are of course in place in the host mount namespace anyway. * systemd-nspawn gained support for a new --pivot-root= switch. If specified the root directory within the container image is pivoted to the specified mount point, while the original root disk is moved to a different place. This option enables booting of ostree images directly with systemd-nspawn. * The systemd build scripts will no longer complain if the NTP server addresses are not changed from the defaults. Google now supports these NTP servers officially. We still recommend downstreams to properly register an NTP pool with the NTP pool project though. * coredumpctl gained a new "--reverse" option for printing the list of coredumps in reverse order. * coredumpctl will now show additional information about truncated and inaccessible coredumps, as well as coredumps that are still being processed. It also gained a new --quiet switch for suppressing additional informational message in its output. * coredumpctl gained support for only showing coredumps newer and/or older than specific timestamps, using the new --since= and --until= options, reminiscent of journalctl's options by the same name. * The systemd-coredump logic has been improved so that it may be reused to collect backtraces in non-compiled languages, for example in scripting languages such as Python. * machinectl will now show the UID shift of local containers, if user namespacing is enabled for them. * systemd will now optionally run "environment generator" binaries at configuration load time. They may be used to add environment variables to the environment block passed to services invoked. One user environment generator is shipped by default that sets up environment variables based on files dropped into /etc/environment.d and ~/.config/environment.d/. * systemd-resolved now includes the new, recently published 2017 DNSSEC root key (KSK). * hostnamed has been updated to report a new chassis type of "convertible" to cover "foldable" laptops that can both act as a tablet and as a laptop, such as various Lenovo Yoga devices. Contributions from: Adrián López, Alexander Galanin, Alexander Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri, Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner, David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly, Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter, Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede, Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen, Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry, Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak, Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx, Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi, Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb, Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun, YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр Тихонов — Berlin, 2017-03-01 CHANGES WITH 232: * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and RestrictAddressFamilies= enabled. These sandboxing options should generally be compatible with the various external udev call-out binaries we are aware of, however there may be exceptions, in particular when exotic languages for these call-outs are used. In this case, consider turning off these settings locally. * The new RemoveIPC= option can be used to remove IPC objects owned by the user or group of a service when that service exits. * The new ProtectKernelModules= option can be used to disable explicit load and unload operations of kernel modules by a service. In addition access to /usr/lib/modules is removed if this option is set. * ProtectSystem= option gained a new value "strict", which causes the whole file system tree with the exception of /dev, /proc, and /sys, to be remounted read-only for a service. * The new ProtectKernelTunables= option can be used to disable modification of configuration files in /sys and /proc by a service. Various directories and files are remounted read-only, so access is restricted even if the file permissions would allow it. * The new ProtectControlGroups= option can be used to disable write access by a service to /sys/fs/cgroup. * Various systemd services have been hardened with ProtectKernelTunables=yes, ProtectControlGroups=yes, RestrictAddressFamilies=. * Support for dynamically creating users for the lifetime of a service has been added. If DynamicUser=yes is specified, user and group IDs will be allocated from the range 61184..65519 for the lifetime of the service. They can be resolved using the new nss-systemd.so NSS module. The module must be enabled in /etc/nsswitch.conf. Services started in this way have PrivateTmp= and RemoveIPC= enabled, so that any resources allocated by the service will be cleaned up when the service exits. They also have ProtectHome=read-only and ProtectSystem=strict enabled, so they are not able to make any permanent modifications to the system. * The nss-systemd module also always resolves root and nobody, making it possible to have no /etc/passwd or /etc/group files in minimal container or chroot environments. * Services may be started with their own user namespace using the new boolean PrivateUsers= option. Only root, nobody, and the uid/gid under which the service is running are mapped. All other users are mapped to nobody. * Support for the cgroup namespace has been added to systemd-nspawn. If supported by kernel, the container system started by systemd-nspawn will have its own view of the cgroup hierarchy. This new behaviour can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable. * The new MemorySwapMax= option can be used to limit the maximum swap usage under the unified cgroup hierarchy. * Support for the CPU controller in the unified cgroup hierarchy has been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting= options. This controller requires out-of-tree patches for the kernel and the support is provisional. * Mount and automount units may now be created transiently (i.e. dynamically at runtime via the bus API, instead of requiring unit files in the file system). * systemd-mount is a new tool which may mount file systems – much like mount(8), optionally pulling in additional dependencies through transient .mount and .automount units. For example, this tool automatically runs fsck on a backing block device before mounting, and allows the automount logic to be used dynamically from the command line for establishing mount points. This tool is particularly useful when dealing with removable media, as it will ensure fsck is run – if necessary – before the first access and that the file system is quickly unmounted after each access by utilizing the automount logic. This maximizes the chance that the file system on the removable media stays in a clean state, and if it isn't in a clean state is fixed automatically. * LazyUnmount=yes option for mount units has been added to expose the umount --lazy option. Similarly, ForceUnmount=yes exposes the --force option. * /efi will be used as the mount point of the EFI boot partition, if the directory is present, and the mount point was not configured through other means (e.g. fstab). If /efi directory does not exist, /boot will be used as before. This makes it easier to automatically mount the EFI partition on systems where /boot is used for something else. * When operating on GPT disk images for containers, systemd-nspawn will now mount the ESP to /boot or /efi according to the same rules as PID 1 running on a host. This allows tools like "bootctl" to operate correctly within such containers, in order to make container images bootable on physical systems. * disk/by-id and disk/by-path symlinks are now created for NVMe drives. * Two new user session targets have been added to support running graphical sessions under the systemd --user instance: graphical-session.target and graphical-session-pre.target. See systemd.special(7) for a description of how those targets should be used. * The vconsole initialization code has been significantly reworked to use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better support unicode keymaps. Font and keymap configuration will now be copied to all allocated virtual consoles. * FreeBSD's bhyve virtualization is now detected. * Information recorded in the journal for core dumps now includes the contents of /proc/mountinfo and the command line of the process at the top of the process hierarchy (which is usually the init process of the container). * systemd-journal-gatewayd learned the --directory= option to serve files from the specified location. * journalctl --root=… can be used to peruse the journal in the /var/log/ directories inside of a container tree. This is similar to the existing --machine= option, but does not require the container to be active. * The hardware database has been extended to support ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify trackball devices. MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to specify the click rate for mice which include a horizontal wheel with a click rate that is different than the one for the vertical wheel. * systemd-run gained a new --wait option that makes service execution synchronous. (Specifically, the command will not return until the specified service binary exited.) * systemctl gained a new --wait option that causes the start command to wait until the units being started have terminated again. * A new journal output mode "short-full" has been added which displays timestamps with abbreviated English day names and adds a timezone suffix. Those timestamps include more information than the default "short" output mode, and can be passed directly to journalctl's --since= and --until= options. * /etc/resolv.conf will be bind-mounted into containers started by systemd-nspawn, if possible, so any changes to resolv.conf contents are automatically propagated to the container. * The number of instances for socket-activated services originating from a single IP address can be limited with MaxConnectionsPerSource=, extending the existing setting of MaxConnections=. * systemd-networkd gained support for vcan ("Virtual CAN") interface configuration. * .netdev and .network configuration can now be extended through drop-ins. * UDP Segmentation Offload, TCP Segmentation Offload, Generic Segmentation Offload, Generic Receive Offload, Large Receive Offload can be enabled and disabled using the new UDPSegmentationOffload=, TCPSegmentationOffload=, GenericSegmentationOffload=, GenericReceiveOffload=, LargeReceiveOffload= options in the [Link] section of .link files. * The Spanning Tree Protocol, Priority, Aging Time, and the Default Port VLAN ID can be configured for bridge devices using the new STP=, Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge] section of .netdev files. * The route table to which routes received over DHCP or RA should be added can be configured with the new RouteTable= option in the [DHCP] and [IPv6AcceptRA] sections of .network files. * The Address Resolution Protocol can be disabled on links managed by systemd-networkd using the ARP=no setting in the [Link] section of .network files. * New environment variables $SERVICE_RESULT, $EXIT_CODE and $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and encode information about the result and exit codes of the current service runtime cycle. * systemd-sysctl will now configure kernel parameters in the order they occur in the configuration files. This matches what sysctl has been traditionally doing. * kernel-install "plugins" that are executed to perform various tasks after a new kernel is added and before an old one is removed can now return a special value to terminate the procedure and prevent any later plugins from running. * Journald's SplitMode=login setting has been deprecated. It has been removed from documentation, and its use is discouraged. In a future release it will be completely removed, and made equivalent to current default of SplitMode=uid. * Storage=both option setting in /etc/systemd/coredump.conf has been removed. With fast LZ4 compression storing the core dump twice is not useful. * The --share-system systemd-nspawn option has been replaced with an (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of this functionality is discouraged. In addition the variables $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID, $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of individual namespaces. * "machinectl list" now shows the IP address of running containers in the output, as well as OS release information. * "loginctl list" now shows the TTY of each session in the output. * sd-bus gained new API calls sd_bus_track_set_recursive(), sd_bus_track_get_recursive(), sd_bus_track_count_name(), sd_bus_track_count_sender(). They permit usage of sd_bus_track peer tracking objects in a "recursive" mode, where a single client can be counted multiple times, if it takes multiple references. * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and sd_bus_get_exit_on_disconnect(). They may be used to to make a process using sd-bus automatically exit if the bus connection is severed. * Bus clients of the service manager may now "pin" loaded units into memory, by taking an explicit reference on them. This is useful to ensure the client can retrieve runtime data about the service even after the service completed execution. Taking such a reference is available only for privileged clients and should be helpful to watch running services in a race-free manner, and in particular collect information about exit statuses and results. * The nss-resolve module has been changed to strictly return UNAVAIL when communication via D-Bus with resolved failed, and NOTFOUND when a lookup completed but was negative. This means it is now possible to neatly configure fallbacks using nsswitch.conf result checking expressions. Taking benefit of this, the new recommended configuration line for the "hosts" entry in /etc/nsswitch.conf is: hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname * A new setting CtrlAltDelBurstAction= has been added to /etc/systemd/system.conf which may be used to configure the precise behaviour if the user on the console presses Ctrl-Alt-Del more often than 7 times in 2s. Previously this would unconditionally result in an expedited, immediate reboot. With this new setting the precise operation may be configured in more detail, and also turned off entirely. * In .netdev files two new settings RemoteChecksumTx= and RemoteChecksumRx= are now understood that permit configuring the remote checksumming logic for VXLAN networks. * The service manager learnt a new "invocation ID" concept for invoked services. Each runtime cycle of a service will get a new invocation ID (a 128bit random UUID) assigned that identifies the current run of the service uniquely and globally. A new invocation ID is generated each time a service starts up. The journal will store the invocation ID of a service along with any logged messages, thus making the invocation ID useful for matching the online runtime of a service with the offline log data it generated in a safe way without relying on synchronized timestamps. In many ways this new service invocation ID concept is similar to the kernel's boot ID concept that uniquely and globally identifies the runtime of each boot. The invocation ID of a service is passed to the service itself via an environment variable ($INVOCATION_ID). A new bus call GetUnitByInvocationID() has been added that is similar to GetUnit() but instead of retrieving the bus path for a unit by its name retrieves it by its invocation ID. The returned path is valid only as long as the passed invocation ID is current. * systemd-resolved gained a new "DNSStubListener" setting in resolved.conf. It either takes a boolean value or the special values "udp" and "tcp", and configures whether to enable the stub DNS listener on 127.0.0.53:53. * IP addresses configured via networkd may now carry additional configuration settings supported by the kernel. New options include: HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=, PrefixRoute=, AutoJoin=. * The PAM configuration fragment file for "user@.service" shipped with systemd (i.e. the --user instance of systemd) has been stripped to the minimum necessary to make the system boot. Previously, it contained Fedora-specific stanzas that did not apply to other distributions. It is expected that downstream distributions add additional configuration lines, matching their needs to this file, using it only as rough template of what systemd itself needs. Note that this reduced fragment does not even include an invocation of pam_limits which most distributions probably want to add, even though systemd itself does not need it. (There's also the new build time option --with-pamconfdir=no to disable installation of the PAM fragment entirely.) * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO capability is now also dropped from its set (in addition to CAP_SYS_MKNOD as before). * In service unit files it is now possible to connect a specific named file descriptor with stdin/stdout/stdout of an executed service. The name may be specified in matching .socket units using the FileDescriptorName= setting. * A number of journal settings may now be configured on the kernel command line. Specifically, the following options are now understood: systemd.journald.max_level_console=, systemd.journald.max_level_store=, systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=, systemd.journald.max_level_wall=. * "systemctl is-enabled --full" will now show by which symlinks a unit file is enabled in the unit dependency tree. * Support for VeraCrypt encrypted partitions has been added to the "cryptsetup" logic and /etc/crypttab. * systemd-detect-virt gained support for a new --private-users switch that checks whether the invoking processes are running inside a user namespace. Similar, a new special value "private-users" for the existing ConditionVirtualization= setting has been added, permitting skipping of specific units in user namespace environments. Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John, Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner, Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez, Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick, Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg, Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang, Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke, Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker, Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski, Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering, Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy, Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer, Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit, Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zeal Jagannatha — Santa Fe, 2016-11-03 CHANGES WITH 231: * In service units the various ExecXYZ= settings have been extended with an additional special character as first argument of the assigned value: if the character '+' is used the specified command line it will be run with full privileges, regardless of User=, Group=, CapabilityBoundingSet= and similar options. The effect is similar to the existing PermissionsStartOnly= option, but allows configuration of this concept for each executed command line independently. * Services may now alter the service watchdog timeout at runtime by sending a WATCHDOG_USEC= message via sd_notify(). * MemoryLimit= and related unit settings now optionally take percentage specifications. The percentage is taken relative to the amount of physical memory in the system (or in case of containers, the assigned amount of memory). This allows scaling service resources neatly with the amount of RAM available on the system. Similarly, systemd-logind's RuntimeDirectorySize= option now also optionally takes percentage values. * In similar fashion TasksMax= takes percentage values now, too. The value is taken relative to the configured maximum number of processes on the system. The per-service task maximum has been changed to 15% using this functionality. (Effectively this is an increase of 512 → 4915 for service units, given the kernel's default pid_max setting.) * Calendar time specifications in .timer units now understand a ".." syntax for time ranges. Example: "4..7:10" may now be used for defining a timer that is triggered at 4:10am, 5:10am, 6:10am and 7:10am every day. * The InaccessableDirectories=, ReadOnlyDirectories= and ReadWriteDirectories= unit file settings have been renamed to InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be applied to all kinds of file nodes, and not just directories, with the exception of symlinks. Specifically these settings may now be used on block and character device nodes, UNIX sockets and FIFOS as well as regular files. The old names of these settings remain available for compatibility. * systemd will now log about all service processes it kills forcibly (using SIGKILL) because they remained after the clean shutdown phase of the service completed. This should help identifying services that shut down uncleanly. Moreover if KillUserProcesses= is enabled in systemd-logind's configuration a similar log message is generated for processes killed at the end of each session due to this setting. * systemd will now set the $JOURNAL_STREAM environment variable for all services whose stdout/stderr are connected to the Journal (which effectively means by default: all services). The variable contains the device and inode number of the file descriptor used for stdout/stderr. This may be used by invoked programs to detect whether their stdout/stderr is connected to the Journal, in which case they can switch over to direct Journal communication, thus being able to pass extended, structured metadata along with their log messages. As one example, this is now used by glib's logging primitives. * When using systemd's default tmp.mount unit for /tmp, the mount point will now be established with the "nosuid" and "nodev" options. This avoids privilege escalation attacks that put traps and exploits into /tmp. However, this might cause problems if you e. g. put container images or overlays into /tmp; if you need this, override tmp.mount's "Options=" with a drop-in, or mount /tmp from /etc/fstab with your desired options. * systemd now supports the "memory" cgroup controller also on cgroupsv2. * The systemd-cgtop tool now optionally takes a control group path as command line argument. If specified, the control group list shown is limited to subgroups of that group. * The SystemCallFilter= unit file setting gained support for pre-defined, named system call filter sets. For example SystemCallFilter=@clock is now an effective way to make all clock changing-related system calls unavailable to a service. A number of similar pre-defined groups are defined. Writing system call filters for system services is simplified substantially with this new concept. Accordingly, all of systemd's own, long-running services now enable system call filtering based on this, by default. * A new service setting MemoryDenyWriteExecute= has been added, taking a boolean value. If turned on, a service may no longer create memory mappings that are writable and executable at the same time. This enhances security for services where this is enabled as it becomes harder to dynamically write and then execute memory in exploited service processes. This option has been enabled for all of systemd's own long-running services. * A new RestrictRealtime= service setting has been added, taking a boolean argument. If set the service's processes may no longer acquire realtime scheduling. This improves security as realtime scheduling may otherwise be used to easily freeze the system. * systemd-nspawn gained a new switch --notify-ready= taking a boolean value. This may be used for requesting that the system manager inside of the container reports start-up completion to nspawn which then propagates this notification further to the service manager supervising nspawn itself. A related option NotifyReady= in .nspawn files has been added too. This functionality allows ordering of the start-up of multiple containers using the usual systemd ordering primitives. * machinectl gained a new command "stop" that is an alias for "terminate". * systemd-resolved gained support for contacting DNS servers on link-local IPv6 addresses. * If systemd-resolved receives the SIGUSR2 signal it will now flush all its caches. A method call for requesting the same operation has been added to the bus API too, and is made available via "systemd-resolve --flush-caches". * systemd-resolve gained a new --status switch. If passed a brief summary of the used DNS configuration with per-interface information is shown. * resolved.conf gained a new Cache= boolean option, defaulting to on. If turned off local DNS caching is disabled. This comes with a performance penalty in particular when DNSSEC is enabled. Note that resolved disables its internal caching implicitly anyway, when the configured DNS server is on a host-local IP address such as ::1 or 127.0.0.1, thus automatically avoiding double local caching. * systemd-resolved now listens on the local IP address 127.0.0.53:53 for DNS requests. This improves compatibility with local programs that do not use the libc NSS or systemd-resolved's bus APIs for name resolution. This minimal DNS service is only available to local programs and does not implement the full DNS protocol, but enough to cover local DNS clients. A new, static resolv.conf file, listing just this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is now recommended to make /etc/resolv.conf a symlink to this file in order to route all DNS lookups to systemd-resolved, regardless if done via NSS, the bus API or raw DNS packets. Note that this local DNS service is not as fully featured as the libc NSS or systemd-resolved's bus APIs. For example, as unicast DNS cannot be used to deliver link-local address information (as this implies sending a local interface index along), LLMNR/mDNS support via this interface is severely restricted. It is thus strongly recommended for all applications to use the libc NSS API or native systemd-resolved bus API instead. * systemd-networkd's bridge support learned a new setting VLANFiltering= for controlling VLAN filtering. Moreover a new section in .network files has been added for configuring VLAN bridging in more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN]. * systemd-networkd's IPv6 Router Advertisement code now makes use of the DNSSL and RDNSS options. This means IPv6 DNS configuration may now be acquired without relying on DHCPv6. Two new options UseDomains= and UseDNS= have been added to configure this behaviour. * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been renamed IPv6AcceptRA=, without altering its behaviour. The old setting name remains available for compatibility reasons. * The systemd-networkd VTI/VTI6 tunneling support gained new options Key=, InputKey= and OutputKey=. * systemd-networkd gained support for VRF ("Virtual Routing Function") interface configuration. * "systemctl edit" may now be used to create new unit files by specifying the --force switch. * sd-event gained a new function sd_event_get_iteration() for requesting the current iteration counter of the event loop. It starts at zero and is increased by one with each event loop iteration. * A new rpm macro %systemd_ordering is provided by the macros.systemd file. It can be used in lieu of %systemd_requires in packages which don't use any systemd functionality and are intended to be installed in minimal containers without systemd present. This macro provides ordering dependencies to ensure that if the package is installed in the same rpm transaction as systemd, systemd will be installed before the scriptlets for the package are executed, allowing unit presets to be handled. New macros %_systemdgeneratordir and %_systemdusergeneratordir have been added to simplify packaging of generators. * The os-release file gained VERSION_CODENAME field for the distribution nickname (e.g. VERSION_CODENAME=woody). * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1 can be set to disable parsing of metadata and the creation of persistent symlinks for that device. * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess" to make them available to logged-in users has been reverted. * Much of the common code of the various systemd components is now built into an internal shared library libsystemd-shared-231.so (incorporating the systemd version number in the name, to be updated with future releases) that the components link to. This should decrease systemd footprint both in memory during runtime and on disk. Note that the shared library is not for public use, and is neither API not ABI stable, but is likely to change with every new released update. Packagers need to make sure that binaries linking to libsystemd-shared.so are updated in step with the library. * Configuration for "mkosi" is now part of the systemd repository. mkosi is a tool to easily build legacy-free OS images, and is available on github: https://github.com/systemd/mkosi. If "mkosi" is invoked in the build tree a new raw OS image is generated incorporating the systemd sources currently being worked on and a clean, fresh distribution installation. The generated OS image may be booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical UEFI PC. This functionality is particularly useful to easily test local changes made to systemd in a pristine, defined environment. See HACKING for details. * configure learned the --with-support-url= option to specify the distribution's bugtracker. Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse, Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler, Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov, Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz, Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran, Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier, Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan, Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič, WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek — Berlin, 2016-07-25 CHANGES WITH 230: * DNSSEC is now turned on by default in systemd-resolved (in "allow-downgrade" mode), but may be turned off during compile time by passing "--with-default-dnssec=no" to "configure" (and of course, during runtime with DNSSEC= in resolved.conf). We recommend downstreams to leave this on at least during development cycles and report any issues with the DNSSEC logic upstream. We are very interested in collecting feedback about the DNSSEC validator and its limitations in the wild. Note however, that DNSSEC support is probably nothing downstreams should turn on in stable distros just yet, as it might create incompatibilities with a few DNS servers and networks. We tried hard to make sure we downgrade to non-DNSSEC mode automatically whenever we detect such incompatible setups, but there might be systems we do not cover yet. Hence: please help us testing the DNSSEC code, leave this on where you can, report back, but then again don't consider turning this on in your stable, LTS or production release just yet. (Note that you have to enable nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved and its DNSSEC mode for host name resolution from local applications.) * systemd-resolve conveniently resolves DANE records with the --tlsa option and OPENPGPKEY records with the --openpgp option. It also supports dumping raw DNS record data via the new --raw= switch. * systemd-logind will now by default terminate user processes that are part of the user session scope unit (session-XX.scope) when the user logs out. This behavior is controlled by the KillUserProcesses= setting in logind.conf, and the previous default of "no" is now changed to "yes". This means that user sessions will be properly cleaned up after, but additional steps are necessary to allow intentionally long-running processes to survive logout. While the user is logged in at least once, user@.service is running, and any service that should survive the end of any individual login session can be started at a user service or scope using systemd-run. systemd-run(1) man page has been extended with an example which shows how to run screen in a scope unit underneath user@.service. The same command works for tmux. After the user logs out of all sessions, user@.service will be terminated too, by default, unless the user has "lingering" enabled. To effectively allow users to run long-term tasks even if they are logged out, lingering must be enabled for them. See loginctl(1) for details. The default polkit policy was modified to allow users to set lingering for themselves without authentication. Previous defaults can be restored at compile time by the --without-kill-user-processes option to "configure". * systemd-logind gained new configuration settings SessionsMax= and InhibitorsMax=, both with a default of 8192. It will not register new user sessions or inhibitors above this limit. * systemd-logind will now reload configuration on SIGHUP. * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to enable. Also, support for the "io" cgroup controller in the unified hierarchy has been added, so that the "memory", "pids" and "io" are now the controllers that are supported on the unified hierarchy. WARNING: it is not possible to use previous systemd versions with systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it is necessary to also update systemd in the initramfs if using the unified hierarchy. An updated SELinux policy is also required. * LLDP support has been extended, and both passive (receive-only) and active (sender) modes are supported. Passive mode ("routers-only") is enabled by default in systemd-networkd. Active LLDP mode is enabled by default for containers on the internal network. The "networkctl lldp" command may be used to list information gathered. "networkctl status" will also show basic LLDP information on connected peers now. * The IAID and DUID unique identifier sent in DHCP requests may now be configured for the system and each .network file managed by systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options. * systemd-networkd gained support for configuring proxy ARP support for each interface, via the ProxyArp= setting in .network files. It also gained support for configuring the multicast querier feature of bridge devices, via the new MulticastQuerier= setting in .netdev files. Similarly, snooping on the IGMP traffic can be controlled via the new setting MulticastSnooping=. A new setting PreferredLifetime= has been added for addresses configured in .network file to configure the lifetime intended for an address. The systemd-networkd DHCP server gained the option EmitRouter=, which defaults to yes, to configure whether the DHCP Option 3 (Router) should be emitted. * The testing tool /usr/lib/systemd/systemd-activate is renamed to systemd-socket-activate and installed into /usr/bin. It is now fully supported. * systemd-journald now uses separate threads to flush changes to disk when closing journal files, thus reducing impact of slow disk I/O on logging performance. * The sd-journal API gained two new calls sd_journal_open_directory_fd() and sd_journal_open_files_fd() which can be used to open journal files using file descriptors instead of file or directory paths. sd_journal_open_container() has been deprecated, sd_journal_open_directory_fd() should be used instead with the flag SD_JOURNAL_OS_ROOT. * journalctl learned a new output mode "-o short-unix" that outputs log lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970 UTC). It also gained support for a new --no-hostname setting to suppress the hostname column in the family of "short" output modes. * systemd-ask-password now optionally skips printing of the password to stdout with --no-output which can be useful in scripts. * Framebuffer devices (/dev/fb*) and 3D printers and scanners (devices tagged with ID_MAKER_TOOL) are now tagged with "uaccess" and are available to logged in users. * The DeviceAllow= unit setting now supports specifiers (with "%"). * "systemctl show" gained a new --value switch, which allows print a only the contents of a specific unit property, without also printing the property's name. Similar support was added to "show*" verbs of loginctl and machinectl that output "key=value" lists. * A new unit type "generated" was added for files dynamically generated by generator tools. Similarly, a new unit type "transient" is used for unit files created using the runtime API. "systemctl enable" will refuse to operate on such files. * A new command "systemctl revert" has been added that may be used to revert to the vendor version of a unit file, in case local changes have been made by adding drop-ins or overriding the unit file. * "machinectl clean" gained a new verb to automatically remove all or just hidden container images. * systemd-tmpfiles gained support for a new line type "e" for emptying directories, if they exist, without creating them if they don't. * systemd-nspawn gained support for automatically patching the UID/GIDs of the owners and the ACLs of all files and directories in a container tree to match the UID/GID user namespacing range selected for the container invocation. This mode is enabled via the new --private-users-chown switch. It also gained support for automatically choosing a free, previously unused UID/GID range when starting a container, via the new --private-users=pick setting (which implies --private-users-chown). Together, these options for the first time make user namespacing for nspawn containers fully automatic and thus deployable. The systemd-nspawn@.service template unit file has been changed to use this functionality by default. * systemd-nspawn gained a new --network-zone= switch, that allows creating ad-hoc virtual Ethernet links between multiple containers, that only exist as long as at least one container referencing them is running. This allows easy connecting of multiple containers with a common link that implements an Ethernet broadcast domain. Each of these network "zones" may be named relatively freely by the user, and may be referenced by any number of containers, but each container may only reference one of these "zones". On the lower level, this is implemented by an automatically managed bridge network interface for each zone, that is created when the first container referencing its zone is created and removed when the last one referencing its zone terminates. * The default start timeout may now be configured on the kernel command line via systemd.default_timeout_start_sec=. It was already configurable via the DefaultTimeoutStartSec= option in /etc/systemd/system.conf. * Socket units gained a new TriggerLimitIntervalSec= and TriggerLimitBurst= setting to configure a limit on the activation rate of the socket unit. * The LimitNICE= setting now optionally takes normal UNIX nice values in addition to the raw integer limit value. If the specified parameter is prefixed with "+" or "-" and is in the range -20..19 the value is understood as UNIX nice value. If not prefixed like this it is understood as raw RLIMIT_NICE limit. * Note that the effect of the PrivateDevices= unit file setting changed slightly with this release: the per-device /dev file system will be mounted read-only from this version on, and will have "noexec" set. This (minor) change of behavior might cause some (exceptional) legacy software to break, when PrivateDevices=yes is set for its service. Please leave PrivateDevices= off if you run into problems with this. * systemd-bootchart has been split out to a separate repository: https://github.com/systemd/systemd-bootchart * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be merged into the kernel in its current form. * The compatibility libraries libsystemd-daemon.so, libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so which have been deprecated since systemd-209 have been removed along with the corresponding pkg-config files. All symbols provided by those libraries are provided by libsystemd.so. * The Capabilities= unit file setting has been removed (it is ignored for backwards compatibility). AmbientCapabilities= and CapabilityBoundingSet= should be used instead. * A new special target has been added, initrd-root-device.target, which creates a synchronization point for dependencies of the root device in early userspace. Initramfs builders must ensure that this target is now included in early userspace. Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov, Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern, Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen, Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso, Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev, Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew Jędrzejewski-Szmek — Fairfax, 2016-05-21 CHANGES WITH 229: * The systemd-resolved DNS resolver service has gained a substantial set of new features, most prominently it may now act as a DNSSEC validating stub resolver. DNSSEC mode is currently turned off by default, but is expected to be turned on by default in one of the next releases. For now, we invite everybody to test the DNSSEC logic by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The service also gained a full set of D-Bus interfaces, including calls to configure DNS and DNSSEC settings per link (for use by external network management software). systemd-resolved and systemd-networkd now distinguish between "search" and "routing" domains. The former are used to qualify single-label names, the latter are used purely for routing lookups within certain domains to specific links. resolved now also synthesizes RRs for all entries from /etc/hosts. * The systemd-resolve tool (which is a client utility for systemd-resolved) has been improved considerably and is now fully supported and documented. Hence it has moved from /usr/lib/systemd to /usr/bin. * /dev/disk/by-path/ symlink support has been (re-)added for virtio devices. * The coredump collection logic has been reworked: when a coredump is collected it is now written to disk, compressed and processed (including stacktrace extraction) from a new instantiated service systemd-coredump@.service, instead of directly from the /proc/sys/kernel/core_pattern hook we provide. This is beneficial as processing large coredumps can take up a substantial amount of resources and time, and this previously happened entirely outside of systemd's service supervision. With the new logic the core_pattern hook only does minimal metadata collection before passing off control to the new instantiated service, which is configured with a time limit, a nice level and other settings to minimize negative impact on the rest of the system. Also note that the new logic will honour the RLIMIT_CORE setting of the crashed process, which now allows users and processes to turn off coredumping for their processes by setting this limit. * The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1 and all forked processes by default. Previously, PID 1 would leave the setting at "0" for all processes, as set by the kernel. Note that the resource limit traditionally has no effect on the generated coredumps on the system if the /proc/sys/kernel/core_pattern hook logic is used. Since the limit is now honoured (see above) its default has been changed so that the coredumping logic is enabled by default for all processes, while allowing specific opt-out. * When the stacktrace is extracted from processes of system users, this is now done as "systemd-coredump" user, in order to sandbox this potentially security sensitive parsing operation. (Note that when processing coredumps of normal users this is done under the user ID of process that crashed, as before.) Packagers should take notice that it is now necessary to create the "systemd-coredump" system user and group at package installation time. * The systemd-activate socket activation testing tool gained support for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram and --seqpacket switches. It also has been extended to support both new-style and inetd-style file descriptor passing. Use the new --inetd switch to request inetd-style file descriptor passing. * Most systemd tools now honor a new $SYSTEMD_COLORS environment variable, which takes a boolean value. If set to false, ANSI color output is disabled in the tools even when run on a terminal that supports it. * The VXLAN support in networkd now supports two new settings DestinationPort= and PortRange=. * A new systemd.machine_id= kernel command line switch has been added, that may be used to set the machine ID in /etc/machine-id if it is not initialized yet. This command line option has no effect if the file is already initialized. * systemd-nspawn gained a new --as-pid2 switch that invokes any specified command line as PID 2 rather than PID 1 in the container. In this mode PID 1 is a minimal stub init process that implements the special POSIX and Linux semantics of PID 1 regarding signal and child process management. Note that this stub init process is implemented in nspawn itself and requires no support from the container image. This new logic is useful to support running arbitrary commands in the container, as normal processes are generally not prepared to run as PID 1. * systemd-nspawn gained a new --chdir= switch for setting the current working directory for the process started in the container. * "journalctl /dev/sda" will now output all kernel log messages for specified device from the current boot, in addition to all devices that are parents of it. This should make log output about devices pretty useful, as long as kernel drivers attach enough metadata to the log messages. (The usual SATA drivers do.) * The sd-journal API gained two new calls sd_journal_has_runtime_files() and sd_journal_has_persistent_files() that report whether log data from /run or /var has been found. * journalctl gained a new switch "--fields" that prints all journal record field names currently in use in the journal. This is backed by two new sd-journal API calls sd_journal_enumerate_fields() and sd_journal_restart_fields(). * Most configurable timeouts in systemd now expect an argument of "infinity" to turn them off, instead of "0" as before. The semantics from now on is that a timeout of "0" means "now", and "infinity" means "never". To maintain backwards compatibility, "0" continues to turn off previously existing timeout settings. * "systemctl reload-or-try-restart" has been renamed to "systemctl try-reload-or-restart" to clarify what it actually does: the "try" logic applies to both reloading and restarting, not just restarting. The old name continues to be accepted for compatibility. * On boot-up, when PID 1 detects that the system clock is behind the release date of the systemd version in use, the clock is now set to the latter. Previously, this was already done in timesyncd, in order to avoid running with clocks set to the various clock epochs such as 1902, 1938 or 1970. With this change the logic is now done in PID 1 in addition to timesyncd during early boot-up, so that it is enforced before the first process is spawned by systemd. Note that the logic in timesyncd remains, as it is more comprehensive and ensures clock monotonicity by maintaining a persistent timestamp file in /var. Since /var is generally not available in earliest boot or the initrd, this part of the logic remains in timesyncd, and is not done by PID 1. * Support for tweaking details in net_cls.class_id through the NetClass= configuration directive has been removed, as the kernel people have decided to deprecate that controller in cgroup v2. Userspace tools such as nftables are moving over to setting rules that are specific to the full cgroup path of a task, which obsoletes these controllers anyway. The NetClass= directive is kept around for legacy compatibility reasons. For a more in-depth description of the kernel change, please refer to the respective upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671 * A new service setting RuntimeMaxSec= has been added that may be used to specify a maximum runtime for a service. If the timeout is hit, the service is terminated and put into a failure state. * A new service setting AmbientCapabilities= has been added. It allows configuration of additional Linux process capabilities that are passed to the activated processes. This is only available on very recent kernels. * The process resource limit settings in service units may now be used to configure hard and soft limits individually. * The various libsystemd APIs such as sd-bus or sd-event now publicly expose support for gcc's __attribute__((cleanup())) C extension. Specifically, for many object destructor functions alternative versions have been added that have names suffixed with "p" and take a pointer to a pointer to the object to destroy, instead of just a pointer to the object itself. This is useful because these destructor functions may be used directly as parameters to the cleanup construct. Internally, systemd has been a heavy user of this GCC extension for a long time, and with this change similar support is now available to consumers of the library outside of systemd. Note that by using this extension in your sources compatibility with old and strictly ANSI compatible C compilers is lost. However, all gcc or LLVM versions of recent years support this extension. * Timer units gained support for a new setting RandomizedDelaySec= that allows configuring some additional randomized delay to the configured time. This is useful to spread out timer events to avoid load peaks in clusters or larger setups. * Calendar time specifications now support sub-second accuracy. * Socket units now support listening on SCTP and UDP-lite protocol sockets. * The sd-event API now comes with a full set of man pages. * Older versions of systemd contained experimental support for compressing journal files and coredumps with the LZ4 compressor that was not compatible with the lz4 binary (due to API limitations of the lz4 library). This support has been removed; only support for files compatible with the lz4 binary remains. This LZ4 logic is now officially supported and no longer considered experimental. * The dkr image import logic has been removed again from importd. dkr's micro-services focus doesn't fit into the machine image focus of importd, and quickly got out of date with the upstream dkr API. * Creation of the /run/lock/lockdev/ directory was dropped from tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have been available for many years. If you still need this, you need to create your own tmpfiles.d config file with: d /run/lock/lockdev 0775 root lock - Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov, Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler, Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack, David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman, Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen, Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen, Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek, Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos, lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer, Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz, Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek — Berlin, 2016-02-11 CHANGES WITH 228: * A number of properties previously only settable in unit files are now also available as properties to set when creating transient units programmatically via the bus, as it is exposed with systemd-run's --property= setting. Specifically, these are: SyslogIdentifier=, SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=, EnvironmentFile=, ReadWriteDirectories=, ReadOnlyDirectories=, InaccessibleDirectories=, ProtectSystem=, ProtectHome=, RuntimeDirectory=. * When creating transient services via the bus API it is now possible to pass in a set of file descriptors to use as STDIN/STDOUT/STDERR for the invoked process. * Slice units may now be created transiently via the bus APIs, similar to the way service and scope units may already be created transiently. * Wherever systemd expects a calendar timestamp specification (like in journalctl's --since= and --until= switches) UTC timestamps are now supported. Timestamps suffixed with "UTC" are now considered to be in Universal Time Coordinated instead of the local timezone. Also, timestamps may now optionally be specified with sub-second accuracy. Both of these additions also apply to recurring calendar event specification, such as OnCalendar= in timer units. * journalctl gained a new "--sync" switch that asks the journal daemon to write all so far unwritten log messages to disk and sync the files, before returning. * systemd-tmpfiles learned two new line types "q" and "Q" that operate like "v", but also set up a basic btrfs quota hierarchy when used on a btrfs file system with quota enabled. * tmpfiles' "v", "q" and "Q" will now create a plain directory instead of a subvolume (even on a btrfs file system) if the root directory is a plain directory, and not a subvolume. This should simplify things with certain chroot() environments which are not aware of the concept of btrfs subvolumes. * systemd-detect-virt gained a new --chroot switch to detect whether execution takes place in a chroot() environment. * CPUAffinity= now takes CPU index ranges in addition to individual indexes. * The various memory-related resource limit settings (such as LimitAS=) now understand the usual K, M, G, ... suffixes to the base of 1024 (IEC). Similar, the time-related resource limit settings understand the usual min, h, day, ... suffixes now. * There's a new system.conf setting DefaultTasksMax= to control the default TasksMax= setting for services and scopes running on the system. (TasksMax= is the primary setting that exposes the "pids" cgroup controller on systemd and was introduced in the previous systemd release.) The setting now defaults to 512, which means services that are not explicitly configured otherwise will only be able to create 512 processes or threads at maximum, from this version on. Note that this means that thread- or process-heavy services might need to be reconfigured to set TasksMax= to a higher value. It is sufficient to set TasksMax= in these specific unit files to a higher value, or even "infinity". Similar, there's now a logind.conf setting UserTasksMax= that defaults to 4096 and limits the total number of processes or tasks each user may own concurrently. nspawn containers also have the TasksMax= value set by default now, to 8192. Note that all of this only has an effect if the "pids" cgroup controller is enabled in the kernel. The general benefit of these changes should be a more robust and safer system, that provides a certain amount of per-service fork() bomb protection. * systemd-nspawn gained the new --network-veth-extra= switch to define additional and arbitrarily-named virtual Ethernet links between the host and the container. * A new service execution setting PassEnvironment= has been added that allows importing select environment variables from PID1's environment block into the environment block of the service. * Timer units gained support for a new RemainAfterElapse= setting which takes a boolean argument. It defaults to on, exposing behaviour unchanged to previous releases. If set to off, timer units are unloaded after they elapsed if they cannot elapse again. This is particularly useful for transient timer units, which shall not stay around longer than until they first elapse. * systemd will now bump the net.unix.max_dgram_qlen to 512 by default now (the kernel default is 16). This is beneficial for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it allows substantially larger numbers of queued datagrams. This should increase the capability of systemd to parallelize boot-up, as logging and sd_notify() are unlikely to stall execution anymore. If you need to change the value from the new defaults, use the usual sysctl.d/ snippets. * The compression framing format used by the journal or coredump processing has changed to be in line with what the official LZ4 tools generate. LZ4 compression support in systemd was considered unsupported previously, as the format was not compatible with the normal tools. With this release this has changed now, and it is hence safe for downstream distributions to turn it on. While not compressing as well as the XZ, LZ4 is substantially faster, which makes it a good default choice for the compression logic in the journal and in coredump handling. * Any reference to /etc/mtab has been dropped from systemd. The file has been obsolete since a while, but systemd refused to work on systems where it was incorrectly set up (it should be a symlink or non-existent). Please make sure to update to util-linux 2.27.1 or newer in conjunction with this systemd release, which also drops any reference to /etc/mtab. If you maintain a distribution make sure that no software you package still references it, as this is a likely source of bugs. There's also a glibc bug pending, asking for removal of any reference to this obsolete file: https://sourceware.org/bugzilla/show_bug.cgi?id=19108 Note that only util-linux versions built with --enable-libmount-force-mountinfo are supported. * Support for the ".snapshot" unit type has been removed. This feature turned out to be little useful and little used, and has now been removed from the core and from systemctl. * The dependency types RequiresOverridable= and RequisiteOverridable= have been removed from systemd. They have been used only very sparingly to our knowledge and other options that provide a similar effect (such as systemctl --mode=ignore-dependencies) are much more useful and commonly used. Moreover, they were only half-way implemented as the option to control behaviour regarding these dependencies was never added to systemctl. By removing these dependency types the execution engine becomes a bit simpler. Unit files that use these dependencies should be changed to use the non-Overridable dependency types instead. In fact, when parsing unit files with these options, that's what systemd will automatically convert them too, but it will also warn, asking users to fix the unit files accordingly. Removal of these dependency types should only affect a negligible number of unit files in the wild. * Behaviour of networkd's IPForward= option changed (again). It will no longer maintain a per-interface setting, but propagate one way from interfaces where this is enabled to the global kernel setting. The global setting will be enabled when requested by a network that is set up, but never be disabled again. This change was made to make sure IPv4 and IPv6 behaviour regarding packet forwarding is similar (as the Linux IPv6 stack does not support per-interface control of this setting) and to minimize surprises. * In unit files the behaviour of %u, %U, %h, %s has changed. These specifiers will now unconditionally resolve to the various user database fields of the user that the systemd instance is running as, instead of the user configured in the specific unit via User=. Note that this effectively doesn't change much, as resolving of these specifiers was already turned off in the --system instance of systemd, as we cannot do NSS lookups from PID 1. In the --user instance of systemd these specifiers where correctly resolved, but hardly made any sense, since the user instance lacks privileges to do user switches anyway, and User= is hence useless. Moreover, even in the --user instance of systemd behaviour was awkward as it would only take settings from User= assignment placed before the specifier into account. In order to unify and simplify the logic around this the specifiers will now always resolve to the credentials of the user invoking the manager (which in case of PID 1 is the root user). Contributions from: Andrew Jones, Beniamino Galvani, Boyuan Yang, Daniel Machon, Daniel Mack, David Herrmann, David Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin, Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers, Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens, Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer, Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden, Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-11-18 CHANGES WITH 227: * systemd now depends on util-linux v2.27. More specifically, the newly added mount monitor feature in libmount now replaces systemd's former own implementation. * libmount mandates /etc/mtab not to be regular file, and systemd now enforces this condition at early boot. /etc/mtab has been deprecated and warned about for a very long time, so systems running systemd should already have stopped having this file around as anything else than a symlink to /proc/self/mounts. * Support for the "pids" cgroup controller has been added. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a global option DefaultTasksAccounting=. * Support for the "net_cls" cgroup controller has been added. It allows assigning a net class ID to each task in the cgroup, which can then be used in firewall rules and traffic shaping configurations. Note that the kernel netfilter net class code does not currently work reliably for ingress packets on unestablished sockets. This adds a new config directive called NetClass= to CGroup enabled units. Allowed values are positive numbers for fixed assignments and "auto" for picking a free value automatically. * 'systemctl is-system-running' now returns 'offline' if the system is not booted with systemd. This command can now be used as a substitute for 'systemd-notify --booted'. * Watchdog timeouts have been increased to 3 minutes for all in-tree service files. Apparently, disk IO issues are more frequent than we hoped, and user reported >1 minute waiting for disk IO. * 'machine-id-commit' functionality has been merged into 'machine-id-setup --commit'. The separate binary has been removed. * The WorkingDirectory= directive in unit files may now be set to the special value '~'. In this case, the working directory is set to the home directory of the user configured in User=. * "machinectl shell" will now open the shell in the home directory of the selected user by default. * The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old directive is still supported for compat reasons. Also, this directive now takes an integer value between 1 and 63, or a boolean value. The formerly supported '-1' value for disabling stays around for compat reasons. * The PrivateTmp=, PrivateDevices=, PrivateNetwork=, NoNewPrivileges=, TTYPath=, WorkingDirectory= and RootDirectory= properties can now be set for transient units. * The systemd-analyze tool gained a new "set-log-target" verb to change the logging target the system manager logs to dynamically during runtime. This is similar to how "systemd-analyze set-log-level" already changes the log level. * In nspawn /sys is now mounted as tmpfs, with only a selected set of subdirectories mounted in from the real sysfs. This enhances security slightly, and is useful for ensuring user namespaces work correctly. * Support for USB FunctionFS activation has been added. This allows implementation of USB gadget services that are activated as soon as they are requested, so that they don't have to run continuously, similar to classic socket activation. * The "systemctl exit" command now optionally takes an additional parameter that sets the exit code to return from the systemd manager when exiting. This is only relevant when running the systemd user instance, or when running the system instance in a container. * sd-bus gained the new API calls sd_bus_path_encode_many() and sd_bus_path_decode_many() that allow easy encoding and decoding of multiple identifier strings inside a D-Bus object path. Another new call sd_bus_default_flush_close() has been added to flush and close per-thread default connections. * systemd-cgtop gained support for a -M/--machine= switch to show the control groups within a certain container only. * "systemctl kill" gained support for an optional --fail switch. If specified the requested operation will fail of no processes have been killed, because the unit had no processes attached, or similar. * A new systemd.crash_reboot=1 kernel command line option has been added that triggers a reboot after crashing. This can also be set through CrashReboot= in systemd.conf. * The RuntimeDirectory= setting now understands unit specifiers like %i or %f. * A new (still internal) library API sd-ipv4acd has been added, that implements address conflict detection for IPv4. It's based on code from sd-ipv4ll, and will be useful for detecting DHCP address conflicts. * File descriptors passed during socket activation may now be named. A new API sd_listen_fds_with_names() is added to access the names. The default names may be overridden, either in the .socket file using the FileDescriptorName= parameter, or by passing FDNAME= when storing the file descriptors using sd_notify(). * systemd-networkd gained support for: - Setting the IPv6 Router Advertisement settings via IPv6AcceptRouterAdvertisements= in .network files. - Configuring the HelloTimeSec=, MaxAgeSec= and ForwardDelaySec= bridge parameters in .netdev files. - Configuring PreferredSource= for static routes in .network files. * The "ask-password" framework used to query for LUKS harddisk passwords or SSL passwords during boot gained support for caching passwords in the kernel keyring, if it is available. This makes sure that the user only has to type in a passphrase once if there are multiple objects to unlock with the same one. Previously, such password caching was available only when Plymouth was used; this moves the caching logic into the systemd codebase itself. The "systemd-ask-password" utility gained a new --keyname= switch to control which kernel keyring key to use for caching a password in. This functionality is also useful for enabling display managers such as gdm to automatically unlock the user's GNOME keyring if its passphrase, the user's password and the harddisk password are the same, if gdm-autologin is used. * When downloading tar or raw images using "machinectl pull-tar" or "machinectl pull-raw", a matching ".nspawn" file is now also downloaded, if it is available and stored next to the image file. * Units of type ".socket" gained a new boolean setting Writable= which is only useful in conjunction with ListenSpecial=. If true, enables opening the specified special file in O_RDWR mode rather than O_RDONLY mode. * systemd-rfkill has been reworked to become a singleton service that is activated through /dev/rfkill on each rfkill state change and saves the settings to disk. This way, systemd-rfkill is now compatible with devices that exist only intermittendly, and even restores state if the previous system shutdown was abrupt rather than clean. * The journal daemon gained support for vacuuming old journal files controlled by the number of files that shall remain, in addition to the already existing control by size and by date. This is useful as journal interleaving performance degrades with too many separate journal files, and allows putting an effective limit on them. The new setting defaults to 100, but this may be changed by setting SystemMaxFiles= and RuntimeMaxFiles= in journald.conf. Also, the "journalctl" tool gained the new --vacuum-files= switch to manually vacuum journal files to leave only the specified number of files in place. * udev will now create /dev/disk/by-path links for ATA devices on kernels where that is supported. * Galician, Serbian, Turkish and Korean translations were added. Contributions from: Aaro Koskinen, Alban Crequy, Beniamino Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin, Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner, Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen, Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl, Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma, Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer, Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani, Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich, Zbigniew Jędrzejewski-Szmek, Марко М. Костић — Berlin, 2015-10-07 CHANGES WITH 226: * The DHCP implementation of systemd-networkd gained a set of new features: - The DHCP server now supports emitting DNS and NTP information. It may be enabled and configured via EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS and NTP information is enabled, but no servers are configured, the corresponding uplink information (if there is any) is propagated. - Server and client now support transmission and reception of timezone information. It can be configured via the newly introduced network options UseTimezone=, EmitTimezone=, and Timezone=. Transmission of timezone information is enabled between host and containers by default now: the container will change its local timezone to what the host has set. - Lease timeouts can now be configured via MaxLeaseTimeSec= and DefaultLeaseTimeSec=. - The DHCP server improved on the stability of leases. Clients are more likely to get the same lease information back, even if the server loses state. - The DHCP server supports two new configuration options to control the lease address pool metrics, PoolOffset= and PoolSize=. * The encapsulation limit of tunnels in systemd-networkd may now be configured via 'EncapsulationLimit='. It allows modifying the maximum additional levels of encapsulation that are permitted to be prepended to a packet. * systemd now supports the concept of user buses replacing session buses, if used with dbus-1.10 (and enabled via dbus --enable-user-session). It previously only supported this on kdbus-enabled systems, and this release expands this to 'dbus-daemon' systems. * systemd-networkd now supports predictable interface names for virtio devices. * systemd now optionally supports the new Linux kernel "unified" control group hierarchy. If enabled via the kernel command-line option 'systemd.unified_cgroup_hierarchy=1', systemd will try to mount the unified cgroup hierarchy directly on /sys/fs/cgroup. If not enabled, or not available, systemd will fall back to the legacy cgroup hierarchy setup, as before. Host system and containers can mix and match legacy and unified hierarchies as they wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY environment variable to individually select the hierarchy to use for executed containers. By default, nspawn will use the unified hierarchy for the containers if the host uses the unified hierarchy, and the legacy hierarchy otherwise. Please note that at this point the unified hierarchy is an experimental kernel feature and is likely to change in one of the next kernel releases. Therefore, it should not be enabled by default in downstream distributions yet. The minimum required kernel version for the unified hierarchy to work is 4.2. Note that when the unified hierarchy is used for the first time delegated access to controllers is safe. Because of this systemd-nspawn containers will get access to controllers now, as will systemd user sessions. This means containers and user sessions may now manage their own resources, partitioning up what the system grants them. * A new special scope unit "init.scope" has been introduced that encapsulates PID 1 of the system. It may be used to determine resource usage and enforce resource limits on PID 1 itself. PID 1 hence moved out of the root of the control group tree. * The cgtop tool gained support for filtering out kernel threads when counting tasks in a control group. Also, the count of processes is now recursively summed up by default. Two options -k and --recursive= have been added to revert to old behaviour. The tool has also been updated to work correctly in containers now. * systemd-nspawn's --bind= and --bind-ro= options have been extended to allow creation of non-recursive bind mounts. * libsystemd gained two new calls sd_pid_get_cgroup() and sd_peer_get_cgroup() which return the control group path of a process or peer of a connected AF_UNIX socket. This function call is particularly useful when implementing delegated subtrees support in the control group hierarchy. * The "sd-event" event loop API of libsystemd now supports correct dequeuing of real-time signals, without losing signal events. * When systemd requests a PolicyKit decision when managing units it will now add additional fields to the request, including unit name and desired operation. This enables more powerful PolicyKit policies, that make decisions depending on these parameters. * nspawn learnt support for .nspawn settings files, that may accompany the image files or directories of containers, and may contain additional settings for the container. This is an alternative to configuring container parameters via the nspawn command line. Contributions from: Cristian Rodríguez, Daniel Mack, David Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø — Berlin, 2015-09-08 CHANGES WITH 225: * machinectl gained a new verb 'shell' which opens a fresh shell on the target container or the host. It is similar to the existing 'login' command of machinectl, but spawns the shell directly without prompting for username or password. The pseudo machine '.host' now refers to the local host and is used by default. Hence, 'machinectl shell' can be used as replacement for 'su -' which spawns a session as a fresh systemd unit in a way that is fully isolated from the originating session. * systemd-networkd learned to cope with private-zone DHCP options and allows other programs to query the values. * SELinux access control when enabling/disabling units is no longer enforced with this release. The previous implementation was incorrect, and a new corrected implementation is not yet available. As unit file operations are still protected via PolicyKit and D-Bus policy this is not a security problem. Yet, distributions which care about optimal SELinux support should probably not stabilize on this release. * sd-bus gained support for matches of type "arg0has=", that test for membership of strings in string arrays sent in bus messages. * systemd-resolved now dumps the contents of its DNS and LLMNR caches to the logs on reception of the SIGUSR1 signal. This is useful to debug DNS behaviour. * The coredumpctl tool gained a new --directory= option to operate on journal files in a specific directory. * "systemctl reboot" and related commands gained a new "--message=" option which may be used to set a free-text wall message when shutting down or rebooting the system. This message is also logged, which is useful for figuring out the reason for a reboot or shutdown a posteriori. * The "systemd-resolve-host" tool's -i switch now takes network interface numbers as alternative to interface names. * A new unit file setting for services has been introduced: UtmpMode= allows configuration of how precisely systemd handles utmp and wtmp entries for the service if this is enabled. This allows writing services that appear similar to user sessions in the output of the "w", "who", "last" and "lastlog" tools. * systemd-resolved will now locally synthesize DNS resource records for the "localhost" and "gateway" domains as well as the local hostname. This should ensure that clients querying RRs via resolved will get similar results as those going via NSS, if nss-myhostname is enabled. Contributions from: Alastair Hughes, Alex Crawford, Daniel Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski, Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers, Kefeng Wang, Lennart Poettering, Major Hayden, Marcel Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim, Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer, reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings, Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts, WaLyong Cho, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-08-27 CHANGES WITH 224: * The systemd-efi-boot-generator functionality was merged into systemd-gpt-auto-generator. * systemd-networkd now supports Group Policy for vxlan devices. It can be enabled via the new boolean configuration option called 'GroupPolicyExtension='. Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen — Berlin, 2015-07-31 CHANGES WITH 223: * The python-systemd code has been removed from the systemd repository. A new repository has been created which accommodates the code from now on, and we kindly ask distributions to create a separate package for this: https://github.com/systemd/python-systemd * The systemd daemon will now reload its main configuration (/etc/systemd/system.conf) on daemon-reload. * sd-dhcp now exposes vendor specific extensions via sd_dhcp_lease_get_vendor_specific(). * systemd-networkd gained a number of new configuration options. - A new boolean configuration option for TAP devices called 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the device, thus allowing to send and receive GSO packets. - A new tunnel configuration option called 'CopyDSCP='. If enabled, the DSCP field of ip6 tunnels is copied into the decapsulated packet. - A set of boolean bridge configuration options were added. 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=', and 'UnicastFlood=' are now parsed by networkd and applied to the respective bridge link device via the respective IFLA_BRPORT_* netlink attribute. - A new string configuration option to override the hostname sent to a DHCP server, called 'Hostname='. If set and 'SendHostname=' is true, networkd will use the configured hostname instead of the system hostname when sending DHCP requests. - A new tunnel configuration option called 'IPv6FlowLabel='. If set, networkd will configure the IPv6 flow-label of the tunnel device according to RFC2460. - The 'macvtap' virtual network devices are now supported, similar to the already supported 'macvlan' devices. * systemd-resolved now implements RFC5452 to improve resilience against cache poisoning. Additionally, source port randomization is enabled by default to further protect against DNS spoofing attacks. * nss-mymachines now supports translating UIDs and GIDs of running containers with user-namespaces enabled. If a container 'foo' translates a host uid 'UID' to the container uid 'TUID', then nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID' (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are mapped as 'vg-foo-TGID'. Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov, HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig), Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers, Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim, Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-07-29 CHANGES WITH 222: * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules. There are no known issues with current sysfs, and udev does not need or should be used to work around such bugs. * udev does no longer enable USB HID power management. Several reports indicate, that some devices cannot handle that setting. * The udev accelerometer helper was removed. The functionality is now fully included in iio-sensor-proxy. But this means, older iio-sensor-proxy versions will no longer provide accelerometer/orientation data with this systemd version. Please upgrade iio-sensor-proxy to version 1.0. * networkd gained a new configuration option IPv6PrivacyExtensions= which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions for Stateless Address") on selected networks. * For the sake of fewer build-time dependencies and less code in the main repository, the python bindings are about to be removed in the next release. A new repository has been created which accommodates the code from now on, and we kindly ask distributions to create a separate package for this. The removal will take place in v223. https://github.com/systemd/python-systemd Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera, Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario, Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering, Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne, Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-07-07 CHANGES WITH 221: * The sd-bus.h and sd-event.h APIs have now been declared stable and have been added to the official interface of libsystemd.so. sd-bus implements an alternative D-Bus client library, that is relatively easy to use, very efficient and supports both classic D-Bus as well as kdbus as transport backend. sd-event is a generic event loop abstraction that is built around Linux epoll, but adds features such as event prioritization or efficient timer handling. Both APIs are good choices for C programs looking for a bus and/or event loop implementation that is minimal and does not have to be portable to other kernels. * kdbus support is no longer compile-time optional. It is now always built-in. However, it can still be disabled at runtime using the kdbus=0 kernel command line setting, and that setting may be changed to default to off, by specifying --disable-kdbus at build-time. Note though that the kernel command line setting has no effect if the kdbus.ko kernel module is not installed, in which case kdbus is (obviously) also disabled. We encourage all downstream distributions to begin testing kdbus by adding it to the kernel images in the development distributions, and leaving kdbus support in systemd enabled. * The minimal required util-linux version has been bumped to 2.26. * Support for chkconfig (--enable-chkconfig) was removed in favor of calling an abstraction tool /lib/systemd/systemd-sysv-install. This needs to be implemented for your distribution. See "SYSV INIT.D SCRIPTS" in README for details. * If there's a systemd unit and a SysV init script for the same service name, and the user executes "systemctl enable" for it (or a related call), then this will now enable both (or execute the related operation on both), not just the unit. * The libudev API documentation has been converted from gtkdoc into man pages. * gudev has been removed from the systemd tree, it is now an external project. * The systemd-cgtop tool learnt a new --raw switch to generate "raw" (machine parsable) output. * networkd's IPForwarding= .network file setting learnt the new setting "kernel", which ensures that networkd does not change the IP forwarding sysctl from the default kernel state. * The systemd-logind bus API now exposes a new boolean property "Docked" that reports whether logind considers the system "docked", i.e. connected to a docking station or not. Contributions from: Alex Crawford, Andreas Pokorny, Andrei Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez, Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann, David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario, Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek, Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang, Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich, Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes, Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner Fink, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-06-19 CHANGES WITH 220: * The gudev library has been extracted into a separate repository available at: https://git.gnome.org/browse/libgudev/ It is now managed as part of the Gnome project. Distributions are recommended to pass --disable-gudev to systemd and use gudev from the Gnome project instead. gudev is still included in systemd, for now. It will be removed soon, though. Please also see the announcement-thread on systemd-devel: https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html * systemd now exposes a CPUUsageNSec= property for each service unit on the bus, that contains the overall consumed CPU time of a service (the sum of what each process of the service consumed). This value is only available if CPUAccounting= is turned on for a service, and is then shown in the "systemctl status" output. * Support for configuring alternative mappings of the old SysV runlevels to systemd targets has been removed. They are now hardcoded in a way that runlevels 2, 3, 4 all map to multi-user.target and 5 to graphical.target (which previously was already the default behaviour). * The auto-mounter logic gained support for mount point expiry, using a new TimeoutIdleSec= setting in .automount units. (Also available as x-systemd.idle-timeout= in /etc/fstab). * The EFI System Partition (ESP) as mounted to /boot by systemd-efi-boot-generator will now be unmounted automatically after 2 minutes of not being used. This should minimize the risk of ESP corruptions. * New /etc/fstab options x-systemd.requires= and x-systemd.requires-mounts-for= are now supported to express additional dependencies for mounts. This is useful for journalling file systems that support external journal devices or overlay file systems that require underlying file systems to be mounted. * systemd does not support direct live-upgrades (via systemctl daemon-reexec) from versions older than v44 anymore. As no distribution we are aware of shipped such old versions in a stable release this should not be problematic. * When systemd forks off a new per-connection service instance it will now set the $REMOTE_ADDR environment variable to the remote IP address, and $REMOTE_PORT environment variable to the remote IP port. This behaviour is similar to the corresponding environment variables defined by CGI. * systemd-networkd gained support for uplink failure detection. The BindCarrier= option allows binding interface configuration dynamically to the link sense of other interfaces. This is useful to achieve behaviour like in network switches. * systemd-networkd gained support for configuring the DHCP client identifier to use when requesting leases. * systemd-networkd now has a per-network UseNTP= option to configure whether NTP server information acquired via DHCP is passed on to services like systemd-timesyncd. * systemd-networkd gained support for vti6 tunnels. * Note that systemd-networkd manages the sysctl variable /proc/sys/net/ipv[46]/conf/*/forwarding for each interface it is configured for since v219. The variable controls IP forwarding, and is a per-interface alternative to the global /proc/sys/net/ipv[46]/ip_forward. This setting is configurable in the IPForward= option, which defaults to "no". This means if networkd is used for an interface it is no longer sufficient to set the global sysctl option to turn on IP forwarding! Instead, the .network file option IPForward= needs to be turned on! Note that the implementation of this behaviour was broken in v219 and has been fixed in v220. * Many bonding and vxlan options are now configurable in systemd-networkd. * systemd-nspawn gained a new --property= setting to set unit properties for the container scope. This is useful for setting resource parameters (e.g. "CPUShares=500") on containers started from the command line. * systemd-nspawn gained a new --private-users= switch to make use of user namespacing available on recent Linux kernels. * systemd-nspawn may now be called as part of a shell pipeline in which case the pipes used for stdin and stdout are passed directly to the process invoked in the container, without indirection via a pseudo tty. * systemd-nspawn gained a new switch to control the UNIX signal to use when killing the init process of the container when shutting down. * systemd-nspawn gained a new --overlay= switch for mounting overlay file systems into the container using the new kernel overlayfs support. * When a container image is imported via systemd-importd and the host file system is not btrfs, a loopback block device file is created in /var/lib/machines.raw with a btrfs file system inside. It is then mounted to /var/lib/machines to enable btrfs features for container management. The loopback file and btrfs file system is grown as needed when container images are imported via systemd-importd. * systemd-machined/systemd-importd gained support for btrfs quota, to enforce container disk space limits on disk. This is exposed in "machinectl set-limit". * systemd-importd now can import containers from local .tar, .raw and .qcow2 images, and export them to .tar and .raw. It can also import dkr v2 images now from the network (on top of v1 as before). * systemd-importd gained support for verifying downloaded images with gpg2 (previously only gpg1 was supported). * systemd-machined, systemd-logind, systemd: most bus calls are now accessible to unprivileged processes via PolicyKit. Also, systemd-logind will now allow users to kill their own sessions without further privileges or authorization. * systemd-shutdownd has been removed. This service was previously responsible for implementing scheduled shutdowns as exposed in /usr/bin/shutdown's time parameter. This functionality has now been moved into systemd-logind and is accessible via a bus interface. * "systemctl reboot" gained a new switch --firmware-setup that can be used to reboot into the EFI firmware setup, if that is available. systemd-logind now exposes an API on the bus to trigger such reboots, in case graphical desktop UIs want to cover this functionality. * "systemctl enable", "systemctl disable" and "systemctl mask" now support a new "--now" switch. If specified the units that are enabled will also be started, and the ones disabled/masked also stopped. * The Gummiboot EFI boot loader tool has been merged into systemd, and renamed to "systemd-boot". The bootctl tool has been updated to support systemd-boot. * An EFI kernel stub has been added that may be used to create kernel EFI binaries that contain not only the actual kernel, but also an initrd, boot splash, command line and OS release information. This combined binary can then be signed as a single image, so that the firmware can verify it all in one step. systemd-boot has special support for EFI binaries created like this and can extract OS release information from them and show them in the boot menu. This functionality is useful to implement cryptographically verified boot schemes. * Optional support has been added to systemd-fsck to pass fsck's progress report to an AF_UNIX socket in the file system. * udev will no longer create device symlinks for all block devices by default. A blacklist for excluding special block devices from this logic has been turned into a whitelist that requires picking block devices explicitly that require device symlinks. * A new (currently still internal) API sd-device.h has been added to libsystemd. This modernized API is supposed to replace libudev eventually. In fact, already much of libudev is now just a wrapper around sd-device.h. * A new hwdb database for storing metadata about pointing stick devices has been added. * systemd-tmpfiles gained support for setting file attributes similar to the "chattr" tool with new 'h' and 'H' lines. * systemd-journald will no longer unconditionally set the btrfs NOCOW flag on new journal files. This is instead done with tmpfiles snippet using the new 'h' line type. This allows easy disabling of this logic, by masking the journal-nocow.conf tmpfiles file. * systemd-journald will now translate audit message types to human readable identifiers when writing them to the journal. This should improve readability of audit messages. * The LUKS logic gained support for the offset= and skip= options in /etc/crypttab, as previously implemented by Debian. * /usr/lib/os-release gained a new optional field VARIANT= for distributions that support multiple variants (such as a desktop edition, a server edition, ...) Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy, Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel, Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel Mack, Daniel Mustieles, daurnimator, Davide Bettio, David Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov, Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke, Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett, Michael Biebl, Michael Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick, Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker, Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-05-22 CHANGES WITH 219: * Introduce a new API "sd-hwdb.h" for querying the hardware metadata database. With this minimal interface one can query and enumerate the udev hwdb, decoupled from the old libudev library. libudev's interface for this is now only a wrapper around sd-hwdb. A new tool systemd-hwdb has been added to interface with and update the database. * When any of systemd's tools copies files (for example due to tmpfiles' C lines) a btrfs reflink will attempted first, before bytewise copying is done. * systemd-nspawn gained a new --ephemeral switch. When specified a btrfs snapshot is taken of the container's root directory, and immediately removed when the container terminates again. Thus, a container can be started whose changes never alter the container's root directory, and are lost on container termination. This switch can also be used for starting a container off the root file system of the host without affecting the host OS. This switch is only available on btrfs file systems. * systemd-nspawn gained a new --template= switch. It takes the path to a container tree to use as template for the tree specified via --directory=, should that directory be missing. This allows instantiating containers dynamically, on first run. This switch is only available on btrfs file systems. * When a .mount unit refers to a mount point on which multiple mounts are stacked, and the .mount unit is stopped all of the stacked mount points will now be unmounted until no mount point remains. * systemd now has an explicit notion of supported and unsupported unit types. Jobs enqueued for unsupported unit types will now fail with an "unsupported" error code. More specifically .swap, .automount and .device units are not supported in containers, .busname units are not supported on non-kdbus systems. .swap and .automount are also not supported if their respective kernel compile time options are disabled. * machinectl gained support for two new "copy-from" and "copy-to" commands for copying files from a running container to the host or vice versa. * machinectl gained support for a new "bind" command to bind mount host directories into local containers. This is currently only supported for nspawn containers. * networkd gained support for configuring bridge forwarding database entries (fdb) from .network files. * A new tiny daemon "systemd-importd" has been added that can download container images in tar, raw, qcow2 or dkr formats, and make them available locally in /var/lib/machines, so that they can run as nspawn containers. The daemon can GPG verify the downloads (not supported for dkr, since it has no provisions for verifying downloads). It will transparently decompress bz2, xz, gzip compressed downloads if necessary, and restore sparse files on disk. The daemon uses privilege separation to ensure the actual download logic runs with fewer privileges than the daemon itself. machinectl has gained new commands "pull-tar", "pull-raw" and "pull-dkr" to make the functionality of importd available to the user. With this in place the Fedora and Ubuntu "Cloud" images can be downloaded and booted as containers unmodified (the Fedora images lack the appropriate GPG signature files currently, so they cannot be verified, but this will change soon, hopefully). Note that downloading images is currently only fully supported on btrfs. * machinectl is now able to list container images found in /var/lib/machines, along with some metadata about sizes of disk and similar. If the directory is located on btrfs and quota is enabled, this includes quota display. A new command "image-status" has been added that shows additional information about images. * machinectl is now able to clone container images efficiently, if the underlying file system (btrfs) supports it, with the new "machinectl clone" command. It also gained commands for renaming and removing images, as well as marking them read-only or read-write (supported also on legacy file systems). * networkd gained support for collecting LLDP network announcements, from hardware that supports this. This is shown in networkctl output. * systemd-run gained support for a new -t (--pty) switch for invoking a binary on a pty whose input and output is connected to the invoking terminal. This allows executing processes as system services while interactively communicating with them via the terminal. Most interestingly this is supported across container boundaries. Invoking "systemd-run -t /bin/bash" is an alternative to running a full login session, the difference being that the former will not register a session, nor go through the PAM session setup. * tmpfiles gained support for a new "v" line type for creating btrfs subvolumes. If the underlying file system is a legacy file system, this automatically degrades to creating a normal directory. Among others /var/lib/machines is now created like this at boot, should it be missing. * The directory /var/lib/containers/ has been deprecated and been replaced by /var/lib/machines. The term "machines" has been used in the systemd context as generic term for both VMs and containers, and hence appears more appropriate for this, as the directory can also contain raw images bootable via qemu/kvm. * systemd-nspawn when invoked with -M but without --directory= or --image= is now capable of searching for the container root directory, subvolume or disk image automatically, in /var/lib/machines. systemd-nspawn@.service has been updated to make use of this, thus allowing it to be used for raw disk images, too. * A new machines.target unit has been introduced that is supposed to group all containers/VMs invoked as services on the system. systemd-nspawn@.service has been updated to integrate with that. * machinectl gained a new "start" command, for invoking a container as a service. "machinectl start foo" is mostly equivalent to "systemctl start systemd-nspawn@foo.service", but handles escaping in a nicer way. * systemd-nspawn will now mount most of the cgroupfs tree read-only into each container, with the exception of the container's own subtree in the name=systemd hierarchy. * journald now sets the special FS_NOCOW file flag for its journal files. This should improve performance on btrfs, by avoiding heavy fragmentation when journald's write-pattern is used on COW file systems. It degrades btrfs' data integrity guarantees for the files to the same levels as for ext3/ext4 however. This should be OK though as journald does its own data integrity checks and all its objects are checksummed on disk. Also, journald should handle btrfs disk full events a lot more gracefully now, by processing SIGBUS errors, and not relying on fallocate() anymore. * When journald detects that journal files it is writing to have been deleted it will immediately start new journal files. * systemd now provides a way to store file descriptors per-service in PID 1. This is useful for daemons to ensure that fds they require are not lost during a daemon restart. The fds are passed to the daemon on the next invocation in the same way socket activation fds are passed. This is now used by journald to ensure that the various sockets connected to all the system's stdout/stderr are not lost when journald is restarted. File descriptors may be stored in PID 1 via the sd_pid_notify_with_fds() API, an extension to sd_notify(). Note that a limit is enforced on the number of fds a service can store in PID 1, and it defaults to 0, so that no fds may be stored, unless this is explicitly turned on. * The default TERM variable to use for units connected to a terminal, when no other value is explicitly is set is now vt220 rather than vt102. This should be fairly safe still, but allows PgUp/PgDn work. * The /etc/crypttab option header= as known from Debian is now supported. * "loginctl user-status" and "loginctl session-status" will now show the last 10 lines of log messages of the user/session following the status output. Similar, "machinectl status" will show the last 10 log lines associated with a virtual machine or container service. (Note that this is usually not the log messages done in the VM/container itself, but simply what the container manager logs. For nspawn this includes all console output however.) * "loginctl session-status" without further argument will now show the status of the session of the caller. Similar, "lock-session", "unlock-session", "activate", "enable-linger", "disable-linger" may now be called without session/user parameter in which case they apply to the caller's session/user. * An X11 session scriptlet is now shipped that uploads $DISPLAY and $XAUTHORITY into the environment of the systemd --user daemon if a session begins. This should improve compatibility with X11 enabled applications run as systemd user services. * Generators are now subject to masking via /etc and /run, the same way as unit files. * networkd .network files gained support for configuring per-link IPv4/IPv6 packet forwarding as well as IPv4 masquerading. This is by default turned on for veth links to containers, as registered by systemd-nspawn. This means that nspawn containers run with --network-veth will now get automatic routed access to the host's networks without any further configuration or setup, as long as networkd runs on the host. * systemd-nspawn gained the --port= (-p) switch to expose TCP or UDP posts of a container on the host. With this in place it is possible to run containers with private veth links (--network-veth), and have their functionality exposed on the host as if their services were running directly on the host. * systemd-nspawn's --network-veth switch now gained a short version "-n", since with the changes above it is now truly useful out-of-the-box. The systemd-nspawn@.service has been updated to make use of it too by default. * systemd-nspawn will now maintain a per-image R/W lock, to ensure that the same image is not started more than once writable. (It's OK to run an image multiple times simultaneously in read-only mode.) * systemd-nspawn's --image= option is now capable of dissecting and booting MBR and GPT disk images that contain only a single active Linux partition. Previously it supported only GPT disk images with proper GPT type IDs. This allows running cloud images from major distributions directly with systemd-nspawn, without modification. * In addition to collecting mouse dpi data in the udev hardware database, there's now support for collecting angle information for mouse scroll wheels. The database is supposed to guarantee similar scrolling behavior on mice that it knows about. There's also support for collecting information about Touchpad types. * udev's input_id built-in will now also collect touch screen dimension data and attach it to probed devices. * /etc/os-release gained support for a Distribution Privacy Policy link field. * networkd gained support for creating "ipvlan", "gretap", "ip6gre", "ip6gretap" and "ip6tnl" network devices. * systemd-tmpfiles gained support for "a" lines for setting ACLs on files. * systemd-nspawn will now mount /tmp in the container to tmpfs, automatically. * systemd now exposes the memory.usage_in_bytes cgroup attribute and shows it for each service in the "systemctl status" output, if available. * When the user presses Ctrl-Alt-Del more than 7x within 2s an immediate reboot is triggered. This useful if shutdown is hung and is unable to complete, to expedite the operation. Note that this kind of reboot will still unmount all file systems, and hence should not result in fsck being run on next reboot. * A .device unit for an optical block device will now be considered active only when a medium is in the drive. Also, mount units are now bound to their backing devices thus triggering automatic unmounting when devices become unavailable. With this in place systemd will now automatically unmount left-over mounts when a CD-ROM is ejected or an USB stick is yanked from the system. * networkd-wait-online now has support for waiting for specific interfaces only (with globbing), and for giving up after a configurable timeout. * networkd now exits when idle. It will be automatically restarted as soon as interfaces show up, are removed or change state. networkd will stay around as long as there is at least one DHCP state machine or similar around, that keep it non-idle. * networkd may now configure IPv6 link-local addressing in addition to IPv4 link-local addressing. * The IPv6 "token" for use in SLAAC may now be configured for each .network interface in networkd. * Routes configured with networkd may now be assigned a scope in .network files. * networkd's [Match] sections now support globbing and lists of multiple space-separated matches per item. Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser, Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos Morata Castillo, Chris Atkinson, Chris J. Arges, Christian Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie, Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald, Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian, Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas, Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl, Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul Martin, Peter Hutterer, Peter Mattern, Philippe De Swert, Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick, Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek — Berlin, 2015-02-16 CHANGES WITH 218: * When querying unit file enablement status (for example via "systemctl is-enabled"), a new state "indirect" is now known which indicates that a unit might not be enabled itself, but another unit listed in its Also= setting might be. * Similar to the various existing ConditionXYZ= settings for units, there are now matching AssertXYZ= settings. While failing conditions cause a unit to be skipped, but its job to succeed, failing assertions declared like this will cause a unit start operation and its job to fail. * hostnamed now knows a new chassis type "embedded". * systemctl gained a new "edit" command. When used on a unit file, this allows extending unit files with .d/ drop-in configuration snippets or editing the full file (after copying it from /usr/lib to /etc). This will invoke the user's editor (as configured with $EDITOR), and reload the modified configuration after editing. * "systemctl status" now shows the suggested enablement state for a unit, as declared in the (usually vendor-supplied) system preset files. * nss-myhostname will now resolve the single-label host name "gateway" to the locally configured default IP routing gateways, ordered by their metrics. This assigns a stable name to the used gateways, regardless which ones are currently configured. Note that the name will only be resolved after all other name sources (if nss-myhostname is configured properly) and should hence not negatively impact systems that use the single-label host name "gateway" in other contexts. * systemd-inhibit now allows filtering by mode when listing inhibitors. * Scope and service units gained a new "Delegate" boolean property, which, when set, allows processes running inside the unit to further partition resources. This is primarily useful for systemd user instances as well as container managers. * journald will now pick up audit messages directly from the kernel, and log them like any other log message. The audit fields are split up and fully indexed. This means that journalctl in many ways is now a (nicer!) alternative to ausearch, the traditional audit client. Note that this implements only a minimal audit client. If you want the special audit modes like reboot-on-log-overflow, please use the traditional auditd instead, which can be used in parallel to journald. * The ConditionSecurity= unit file option now understands the special string "audit" to check whether auditing is available. * journalctl gained two new commands --vacuum-size= and --vacuum-time= to delete old journal files until the remaining ones take up no more than the specified size on disk, or are not older than the specified time. * A new, native PPPoE library has been added to sd-network, systemd's library of light-weight networking protocols. This library will be used in a future version of networkd to enable PPPoE communication without an external pppd daemon. * The busctl tool now understands a new "capture" verb that works similar to "monitor", but writes a packet capture trace to STDOUT that can be redirected to a file which is compatible with libcap's capture file format. This can then be loaded in Wireshark and similar tools to inspect bus communication. * The busctl tool now understands a new "tree" verb that shows the object trees of a specific service on the bus, or of all services. * The busctl tool now understands a new "introspect" verb that shows all interfaces and members of objects on the bus, including their signature and values. This is particularly useful to get more information about bus objects shown by the new "busctl tree" command. * The busctl tool now understands new verbs "call", "set-property" and "get-property" for invoking bus method calls, setting and getting bus object properties in a friendly way. * busctl gained a new --augment-creds= argument that controls whether the tool shall augment credential information it gets from the bus with data from /proc, in a possibly race-ful way. * nspawn's --link-journal= switch gained two new values "try-guest" and "try-host" that work like "guest" and "host", but do not fail if the host has no persistent journalling enabled. -j is now equivalent to --link-journal=try-guest. * macvlan network devices created by nspawn will now have stable MAC addresses. * A new SmackProcessLabel= unit setting has been added, which controls the SMACK security label processes forked off by the respective unit shall use. * If compiled with --enable-xkbcommon, systemd-localed will verify x11 keymap settings by compiling the given keymap. It will spew out warnings if the compilation fails. This requires libxkbcommon to be installed. * When a coredump is collected, a larger number of metadata fields is now collected and included in the journal records created for it. More specifically, control group membership, environment variables, memory maps, working directory, chroot directory, /proc/$PID/status, and a list of open file descriptors is now stored in the log entry. * The udev hwdb now contains DPI information for mice. For details see: http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html * All systemd programs that read standalone configuration files in /etc now also support a corresponding series of .conf.d configuration directories in /etc/, /run/, /usr/local/lib/, /usr/lib/, and (if configured with --enable-split-usr) /lib/. In particular, the following configuration files now have corresponding configuration directories: system.conf user.conf, logind.conf, journald.conf, sleep.conf, bootchart.conf, coredump.conf, resolved.conf, timesyncd.conf, journal-remote.conf, and journal-upload.conf. Note that distributions should use the configuration directories in /usr/lib/; the directories in /etc/ are reserved for the system administrator. * systemd-rfkill will no longer take the rfkill device name into account when storing rfkill state on disk, as the name might be dynamically assigned and not stable. Instead, the ID_PATH udev variable combined with the rfkill type (wlan, bluetooth, ...) is used. * A new service systemd-machine-id-commit.service has been added. When used on systems where /etc is read-only during boot, and /etc/machine-id is not initialized (but an empty file), this service will copy the temporary machine ID created as replacement into /etc after the system is fully booted up. This is useful for systems that are freshly installed with a non-initialized machine ID, but should get a fixed machine ID for subsequent boots. * networkd's .netdev files now provide a large set of configuration parameters for VXLAN devices. Similarly, the bridge port cost parameter is now configurable in .network files. There's also new support for configuring IP source routing. networkd .link files gained support for a new OriginalName= match that is useful to match against the original interface name the kernel assigned. .network files may include MTU= and MACAddress= fields for altering the MTU and MAC address while being connected to a specific network interface. * The LUKS logic gained supported for configuring UUID-specific key files. There's also new support for naming LUKS device from the kernel command line, using the new luks.name= argument. * Timer units may now be transiently created via the bus API (this was previously already available for scope and service units). In addition it is now possible to create multiple transient units at the same time with a single bus call. The "systemd-run" tool has been updated to make use of this for running commands on a specified time, in at(1)-style. * tmpfiles gained support for "t" lines, for assigning extended attributes to files. Among other uses this may be used to assign SMACK labels to files. Contributions from: Alin Rauta, Alison Chaiken, Andrej Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi, Michael Biebl, Michael Chapman, Michael Marineau, Michal Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode, Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-12-10 CHANGES WITH 217: * journalctl gained the new options -t/--identifier= to match on the syslog identifier (aka "tag"), as well as --utc to show log timestamps in the UTC timezone. journalctl now also accepts -n/--lines=all to disable line capping in a pager. * journalctl gained a new switch, --flush, that synchronously flushes logs from /run/log/journal to /var/log/journal if persistent storage is enabled. systemd-journal-flush.service now waits until the operation is complete. * Services can notify the manager before they start a reload (by sending RELOADING=1) or shutdown (by sending STOPPING=1). This allows the manager to track and show the internal state of daemons and closes a race condition when the process is still running but has closed its D-Bus connection. * Services with Type=oneshot do not have to have any ExecStart commands anymore. * User units are now loaded also from $XDG_RUNTIME_DIR/systemd/user/. This is similar to the /run/systemd/user directory that was already previously supported, but is under the control of the user. * Job timeouts (i.e. time-outs on the time a job that is queued stays in the run queue) can now optionally result in immediate reboot or power-off actions (JobTimeoutAction= and JobTimeoutRebootArgument=). This is useful on ".target" units, to limit the maximum time a target remains undispatched in the run queue, and to trigger an emergency operation in such a case. This is now used by default to turn off the system if boot-up (as defined by everything in basic.target) hangs and does not complete for at least 15min. Also, if power-off or reboot hang for at least 30min an immediate power-off/reboot operation is triggered. This functionality is particularly useful to increase reliability on embedded devices, but also on laptops which might accidentally get powered on when carried in a backpack and whose boot stays stuck in a hard disk encryption passphrase question. * systemd-logind can be configured to also handle lid switch events even when the machine is docked or multiple displays are attached (HandleLidSwitchDocked= option). * A helper binary and a service have been added which can be used to resume from hibernation in the initramfs. A generator will parse the resume= option on the kernel command line to trigger resume. * A user console daemon systemd-consoled has been added. Currently, it is a preview, and will so far open a single terminal on each session of the user marked as Desktop=systemd-console. * Route metrics can be specified for DHCP routes added by systemd-networkd. * The SELinux context of socket-activated services can be set from the information provided by the networking stack (SELinuxContextFromNet= option). * Userspace firmware loading support has been removed and the minimum supported kernel version is thus bumped to 3.7. * Timeout for udev workers has been increased from 1 to 3 minutes, but a warning will be printed after 1 minute to help diagnose kernel modules that take a long time to load. * Udev rules can now remove tags on devices with TAG-="foobar". * systemd's readahead implementation has been removed. In many circumstances it didn't give expected benefits even for rotational disk drives and was becoming less relevant in the age of SSDs. As none of the developers has been using rotating media anymore, and nobody stepped up to actively maintain this component of systemd it has now been removed. * Swap units can use Options= to specify discard options. Discard options specified for swaps in /etc/fstab are now respected. * Docker containers are now detected as a separate type of virtualization. * The Password Agent protocol gained support for queries where the user input is shown, useful e.g. for user names. systemd-ask-password gained a new --echo option to turn that on. * The default sysctl.d/ snippets will now set: net.core.default_qdisc = fq_codel This selects Fair Queuing Controlled Delay as the default queuing discipline for network interfaces. fq_codel helps fight the network bufferbloat problem. It is believed to be a good default with no tuning required for most workloads. Downstream distributions may override this choice. On 10Gbit servers that do not do forwarding, "fq" may perform better. Systems without a good clocksource should use "pfifo_fast". * If kdbus is enabled during build a new option BusPolicy= is available for service units, that allows locking all service processes into a stricter bus policy, in order to limit access to various bus services, or even hide most of them from the service's view entirely. * networkctl will now show the .network and .link file networkd has applied to a specific interface. * sd-login gained a new API call sd_session_get_desktop() to query which desktop environment has been selected for a session. * UNIX utmp support is now compile-time optional to support legacy-free systems. * systemctl gained two new commands "add-wants" and "add-requires" for pulling in units from specific targets easily. * If the word "rescue" is specified on the kernel command line the system will now boot into rescue mode (aka rescue.target), which was previously available only by specifying "1" or "systemd.unit=rescue.target" on the kernel command line. This new kernel command line option nicely mirrors the already existing "emergency" kernel command line option. * New kernel command line options mount.usr=, mount.usrflags=, mount.usrfstype= have been added that match root=, rootflags=, rootfstype= but allow mounting a specific file system to /usr. * The $NOTIFY_SOCKET is now also passed to control processes of services, not only the main process. * This version reenables support for fsck's -l switch. This means at least version v2.25 of util-linux is required for operation, otherwise dead-locks on device nodes may occur. Again: you need to update util-linux to at least v2.25 when updating systemd to v217. * The "multi-seat-x" tool has been removed from systemd, as its functionality has been integrated into X servers 1.16, and the tool is hence redundant. It is recommended to update display managers invoking this tool to simply invoke X directly from now on, again. * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus message flag has been added for all of systemd's PolicyKit authenticated method calls has been added. In particular this now allows optional interactive authorization via PolicyKit for many of PID1's privileged operations such as unit file enabling and disabling. * "udevadm hwdb --update" learnt a new switch "--usr" for placing the rebuilt hardware database in /usr instead of /etc. When used only hardware database entries stored in /usr will be used, and any user database entries in /etc are ignored. This functionality is useful for vendors to ship a pre-built database on systems where local configuration is unnecessary or unlikely. * Calendar time specifications in .timer units now also understand the strings "semi-annually", "quarterly" and "minutely" as shortcuts (in addition to the preexisting "anually", "hourly", ...). * systemd-tmpfiles will now correctly create files in /dev at boot which are marked for creation only at boot. It is recommended to always create static device nodes with 'c!' and 'b!', so that they are created only at boot and not overwritten at runtime. * When the watchdog logic is used for a service (WatchdogSec=) and the watchdog timeout is hit the service will now be terminated with SIGABRT (instead of just SIGTERM), in order to make sure a proper coredump and backtrace is generated. This ensures that hanging services will result in similar coredump/backtrace behaviour as services that hit a segmentation fault. Contributions from: Andreas Henriksson, Andrei Borzenkov, Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L. Black, Christian Hesse, Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David Herrmann, David Sommerseth, David Strauss, Emil Renner Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger, Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann, Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl, Michael Marineau, Michael Olbrich, Michael Scherer, Michal Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt, Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof, Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen, Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-10-28 CHANGES WITH 216: * timedated no longer reads NTP implementation unit names from /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP implementations should add a Conflicts=systemd-timesyncd.service to their unit files to take over and replace systemd's NTP default functionality. * systemd-sysusers gained a new line type "r" for configuring which UID/GID ranges to allocate system users/groups from. Lines of type "u" may now add an additional column that specifies the home directory for the system user to be created. Also, systemd-sysusers may now optionally read user information from STDIN instead of a file. This is useful for invoking it from RPM preinst scriptlets that need to create users before the first RPM file is installed since these files might need to be owned by them. A new %sysusers_create_inline RPM macro has been introduced to do just that. systemd-sysusers now updates the shadow files as well as the user/group databases, which should enhance compatibility with certain tools like grpck. * A number of bus APIs of PID 1 now optionally consult PolicyKit to permit access for otherwise unprivileged clients under certain conditions. Note that this currently doesn't support interactive authentication yet, but this is expected to be added eventually, too. * /etc/machine-info now has new fields for configuring the deployment environment of the machine, as well as the location of the machine. hostnamectl has been updated with new command to update these fields. * systemd-timesyncd has been updated to automatically acquire NTP server information from systemd-networkd, which might have been discovered via DHCP. * systemd-resolved now includes a caching DNS stub resolver and a complete LLMNR name resolution implementation. A new NSS module "nss-resolve" has been added which can be used instead of glibc's own "nss-dns" to resolve hostnames via systemd-resolved. Hostnames, addresses and arbitrary RRs may be resolved via systemd-resolved D-Bus APIs. In contrast to the glibc internal resolver systemd-resolved is aware of multi-homed system, and keeps DNS server and caches separate and per-interface. Queries are sent simultaneously on all interfaces that have DNS servers configured, in order to properly handle VPNs and local LANs which might resolve separate sets of domain names. systemd-resolved may acquire DNS server information from systemd-networkd automatically, which in turn might have discovered them via DHCP. A tool "systemd-resolve-host" has been added that may be used to query the DNS logic in resolved. systemd-resolved implements IDNA and automatically uses IDNA or UTF-8 encoding depending on whether classic DNS or LLMNR is used as transport. In the next releases we intend to add a DNSSEC and mDNS/DNS-SD implementation to systemd-resolved. * A new NSS module nss-mymachines has been added, that automatically resolves the names of all local registered containers to their respective IP addresses. * A new client tool "networkctl" for systemd-networkd has been added. It currently is entirely passive and will query networking configuration from udev, rtnetlink and networkd, and present it to the user in a very friendly way. Eventually, we hope to extend it to become a full control utility for networkd. * .socket units gained a new DeferAcceptSec= setting that controls the kernels' TCP_DEFER_ACCEPT sockopt for TCP. Similarly, support for controlling TCP keep-alive settings has been added (KeepAliveTimeSec=, KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for turning off Nagle's algorithm on TCP has been added (NoDelay=). * logind learned a new session type "web", for use in projects like Cockpit which register web clients as PAM sessions. * timer units with at least one OnCalendar= setting will now be started only after time-sync.target has been reached. This way they will not elapse before the system clock has been corrected by a local NTP client or similar. This is particular useful on RTC-less embedded machines, that come up with an invalid system clock. * systemd-nspawn's --network-veth= switch should now result in stable MAC addresses for both the outer and the inner side of the link. * systemd-nspawn gained a new --volatile= switch for running container instances with /etc or /var unpopulated. * The kdbus client code has been updated to use the new Linux 3.17 memfd subsystem instead of the old kdbus-specific one. * systemd-networkd's DHCP client and server now support FORCERENEW. There are also new configuration options to configure the vendor client identifier and broadcast mode for DHCP. * systemd will no longer inform the kernel about the current timezone, as this is necessarily incorrect and racy as the kernel has no understanding of DST and similar concepts. This hence means FAT timestamps will be always considered UTC, similar to what Android is already doing. Also, when the RTC is configured to the local time (rather than UTC) systemd will never synchronize back to it, as this might confuse Windows at a later boot. * systemd-analyze gained a new command "verify" for offline validation of unit files. * systemd-networkd gained support for a couple of additional settings for bonding networking setups. Also, the metric for statically configured routes may now be configured. For network interfaces where this is appropriate the peer IP address may now be configured. * systemd-networkd's DHCP client will no longer request broadcasting by default, as this tripped up some networks. For hardware where broadcast is required the feature should be switched back on using RequestBroadcast=yes. * systemd-networkd will now set up IPv4LL addresses (when enabled) even if DHCP is configured successfully. * udev will now default to respect network device names given by the kernel when the kernel indicates that these are predictable. This behavior can be tweaked by changing NamePolicy= in the relevant .link file. * A new library systemd-terminal has been added that implements full TTY stream parsing and rendering. This library is supposed to be used later on for implementing a full userspace VT subsystem, replacing the current kernel implementation. * A new tool systemd-journal-upload has been added to push journal data to a remote system running systemd-journal-remote. * journald will no longer forward all local data to another running syslog daemon. This change has been made because rsyslog (which appears to be the most commonly used syslog implementation these days) no longer makes use of this, and instead pulls the data out of the journal on its own. Since forwarding the messages to a non-existent syslog server is more expensive than we assumed we have now turned this off. If you run a syslog server that is not a recent rsyslog version, you have to turn this option on again (ForwardToSyslog= in journald.conf). * journald now optionally supports the LZ4 compressor for larger journal fields. This compressor should perform much better than XZ which was the previous default. * machinectl now shows the IP addresses of local containers, if it knows them, plus the interface name of the container. * A new tool "systemd-escape" has been added that makes it easy to escape strings to build unit names and similar. * sd_notify() messages may now include a new ERRNO= field which is parsed and collected by systemd and shown among the "systemctl status" output for a service. * A new component "systemd-firstboot" has been added that queries the most basic systemd information (timezone, hostname, root password) interactively on first boot. Alternatively it may also be used to provision these things offline on OS images installed into directories. * The default sysctl.d/ snippets will now set net.ipv4.conf.default.promote_secondaries=1 This has the benefit of no flushing secondary IP addresses when primary addresses are removed. Contributions from: Ansgar Burchardt, Bastien Nocera, Colin Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel Mack, Dan Williams, Dave Reisner, David Herrmann, Denis Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-08-19 CHANGES WITH 215: * A new tool systemd-sysusers has been added. This tool creates system users and groups in /etc/passwd and /etc/group, based on static declarative system user/group definitions in /usr/lib/sysusers.d/. This is useful to enable factory resets and volatile systems that boot up with an empty /etc directory, and thus need system users and groups created during early boot. systemd now also ships with two default sysusers.d/ files for the most basic users and groups systemd and the core operating system require. * A new tmpfiles snippet has been added that rebuilds the essential files in /etc on boot, should they be missing. * A directive for ensuring automatic clean-up of /var/cache/man/ has been removed from the default configuration. This line should now be shipped by the man implementation. The necessary change has been made to the man-db implementation. Note that you need to update your man implementation to one that ships this line, otherwise no automatic clean-up of /var/cache/man will take place. * A new condition ConditionNeedsUpdate= has been added that may conditionalize services to only run when /etc or /var are "older" than the vendor operating system resources in /usr. This is useful for reconstructing or updating /etc after an offline update of /usr or a factory reset, on the next reboot. Services that want to run once after such an update or reset should use this condition and order themselves before the new systemd-update-done.service, which will mark the two directories as fully updated. A number of service files have been added making use of this, to rebuild the udev hardware database, the journald message catalog and dynamic loader cache (ldconfig). The systemd-sysusers tool described above also makes use of this now. With this in place it is now possible to start up a minimal operating system with /etc empty cleanly. For more information on the concepts involved see this recent blog story: http://0pointer.de/blog/projects/stateless.html * A new system group "input" has been introduced, and all input device nodes get this group assigned. This is useful for system-level software to get access to input devices. It complements what is already done for "audio" and "video". * systemd-networkd learnt minimal DHCPv4 server support in addition to the existing DHCPv4 client support. It also learnt DHCPv6 client and IPv6 Router Solicitation client support. The DHCPv4 client gained support for static routes passed in from the server. Note that the [DHCPv4] section known in older systemd-networkd versions has been renamed to [DHCP] and is now also used by the DHCPv6 client. Existing .network files using settings of this section should be updated, though compatibility is maintained. Optionally, the client hostname may now be sent to the DHCP server. * networkd gained support for vxlan virtual networks as well as tun/tap and dummy devices. * networkd gained support for automatic allocation of address ranges for interfaces from a system-wide pool of addresses. This is useful for dynamically managing a large number of interfaces with a single network configuration file. In particular this is useful to easily assign appropriate IP addresses to the veth links of a large number of nspawn instances. * RPM macros for processing sysusers, sysctl and binfmt drop-in snippets at package installation time have been added. * The /etc/os-release file should now be placed in /usr/lib/os-release. The old location is automatically created as symlink. /usr/lib is the more appropriate location of this file, since it shall actually describe the vendor operating system shipped in /usr, and not the configuration stored in /etc. * .mount units gained a new boolean SloppyOptions= setting that maps to mount(8)'s -s option which enables permissive parsing of unknown mount options. * tmpfiles learnt a new "L+" directive which creates a symlink but (unlike "L") deletes a pre-existing file first, should it already exist and not already be the correct symlink. Similarly, "b+", "c+" and "p+" directives have been added as well, which create block and character devices, as well as fifos in the filesystem, possibly removing any pre-existing files of different types. * For tmpfiles' "L", "L+", "C" and "C+" directives the final 'argument' field (which so far specified the source to symlink/copy the files from) is now optional. If omitted the same file os copied from /usr/share/factory/ suffixed by the full destination path. This is useful for populating /etc with essential files, by copying them from vendor defaults shipped in /usr/share/factory/etc. * A new command "systemctl preset-all" has been added that applies the service preset settings to all installed unit files. A new switch --preset-mode= has been added that controls whether only enable or only disable operations shall be executed. * A new command "systemctl is-system-running" has been added that allows checking the overall state of the system, for example whether it is fully up and running. * When the system boots up with an empty /etc, the equivalent to "systemctl preset-all" is executed during early boot, to make sure all default services are enabled after a factory reset. * systemd now contains a minimal preset file that enables the most basic services systemd ships by default. * Unit files' [Install] section gained a new DefaultInstance= field for defining the default instance to create if a template unit is enabled with no instance specified. * A new passive target cryptsetup-pre.target has been added that may be used by services that need to make they run and finish before the first LUKS cryptographic device is set up. * The /dev/loop-control and /dev/btrfs-control device nodes are now owned by the "disk" group by default, opening up access to this group. * systemd-coredump will now automatically generate a stack trace of all core dumps taking place on the system, based on elfutils' libdw library. This stack trace is logged to the journal. * systemd-coredump may now optionally store coredumps directly on disk (in /var/lib/systemd/coredump, possibly compressed), instead of storing them unconditionally in the journal. This mode is the new default. A new configuration file /etc/systemd/coredump.conf has been added to configure this and other parameters of systemd-coredump. * coredumpctl gained a new "info" verb to show details about a specific coredump. A new switch "-1" has also been added that makes sure to only show information about the most recent entry instead of all entries. Also, as the tool is generally useful now the "systemd-" prefix of the binary name has been removed. Distributions that want to maintain compatibility with the old name should add a symlink from the old name to the new name. * journald's SplitMode= now defaults to "uid". This makes sure that unprivileged users can access their own coredumps with coredumpctl without restrictions. * New kernel command line options "systemd.wants=" (for pulling an additional unit during boot), "systemd.mask=" (for masking a specific unit for the boot), and "systemd.debug-shell" (for enabling the debug shell on tty9) have been added. This is implemented in the new generator "systemd-debug-generator". * systemd-nspawn will now by default filter a couple of syscalls for containers, among them those required for kernel module loading, direct x86 IO port access, swap management, and kexec. Most importantly though open_by_handle_at() is now prohibited for containers, closing a hole similar to a recently discussed vulnerability in docker regarding access to files on file hierarchies the container should normally not have access to. Note that, for nspawn, we generally make no security claims anyway (and this is explicitly documented in the man page), so this is just a fix for one of the most obvious problems. * A new man page file-hierarchy(7) has been added that contains a minimized, modernized version of the file system layout systemd expects, similar in style to the FHS specification or hier(5). A new tool systemd-path(1) has been added to query many of these paths for the local machine and user. * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no longer done. Since the directory now has a per-user size limit, and is cleaned on logout this appears unnecessary, in particular since this now brings the lifecycle of this directory closer in line with how IPC objects are handled. * systemd.pc now exports a number of additional directories, including $libdir (which is useful to identify the library path for the primary architecture of the system), and a couple of drop-in directories. * udev's predictable network interface names now use the dev_port sysfs attribute, introduced in linux 3.15 instead of dev_id to distinguish between ports of the same PCI function. dev_id should only be used for ports using the same HW address, hence the need for dev_port. * machined has been updated to export the OS version of a container (read from /etc/os-release and /usr/lib/os-release) on the bus. This is now shown in "machinectl status" for a machine. * A new service setting RestartForceExitStatus= has been added. If configured to a set of exit signals or process return values, the service will be restarted when the main daemon process exits with any of them, regardless of the Restart= setting. * systemctl's -H switch for connecting to remote systemd machines has been extended so that it may be used to directly connect to a specific container on the host. "systemctl -H root@foobar:waldi" will now connect as user "root" to host "foobar", and then proceed directly to the container named "waldi". Note that currently you have to authenticate as user "root" for this to work, as entering containers is a privileged operation. Contributions from: Andreas Henriksson, Benjamin Steinwender, Carl Schaefer, Christian Hesse, Colin Ian King, Cristian Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-07-03 CHANGES WITH 214: * As an experimental feature, udev now tries to lock the disk device node (flock(LOCK_SH|LOCK_NB)) while it executes events for the disk or any of its partitions. Applications like partitioning programs can lock the disk device node (flock(LOCK_EX)) and claim temporary device ownership that way; udev will entirely skip all event handling for this disk and its partitions. If the disk was opened for writing, the close will trigger a partition table rescan in udev's "watch" facility, and if needed synthesize "change" events for the disk and all its partitions. This is now unconditionally enabled, and if it turns out to cause major problems, we might turn it on only for specific devices, or might need to disable it entirely. Device Mapper devices are excluded from this logic. * We temporarily dropped the "-l" switch for fsck invocations, since they collide with the flock() logic above. util-linux upstream has been changed already to avoid this conflict, and we will readd "-l" as soon as util-linux with this change has been released. * The dependency on libattr has been removed. Since a long time, the extended attribute calls have moved to glibc, and libattr is thus unnecessary. * Virtualization detection works without privileges now. This means the systemd-detect-virt binary no longer requires CAP_SYS_PTRACE file capabilities, and our daemons can run with fewer privileges. * systemd-networkd now runs under its own "systemd-network" user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but loses the ability to write to files owned by root this way. * Similarly, systemd-resolved now runs under its own "systemd-resolve" user with no capabilities remaining. * Similarly, systemd-bus-proxyd now runs under its own "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining. * systemd-networkd gained support for setting up "veth" virtual Ethernet devices for container connectivity, as well as GRE and VTI tunnels. * systemd-networkd will no longer automatically attempt to manually load kernel modules necessary for certain tunnel transports. Instead, it is assumed the kernel loads them automatically when required. This only works correctly on very new kernels. On older kernels, please consider adding the kernel modules to /etc/modules-load.d/ as a work-around. * The resolv.conf file systemd-resolved generates has been moved to /run/systemd/resolve/. If you have a symlink from /etc/resolv.conf, it might be necessary to correct it. * Two new service settings, ProtectHome= and ProtectSystem=, have been added. When enabled, they will make the user data (such as /home) inaccessible or read-only and the system (such as /usr) read-only, for specific services. This allows very light-weight per-service sandboxing to avoid modifications of user data or system files from services. These two new switches have been enabled for all of systemd's long-running services, where appropriate. * Socket units gained new SocketUser= and SocketGroup= settings to set the owner user and group of AF_UNIX sockets and FIFOs in the file system. * Socket units gained a new RemoveOnStop= setting. If enabled, all FIFOS and sockets in the file system will be removed when the specific socket unit is stopped. * Socket units gained a new Symlinks= setting. It takes a list of symlinks to create to file system sockets or FIFOs created by the specific Unix sockets. This is useful to manage symlinks to socket nodes with the same life-cycle as the socket itself. * The /dev/log socket and /dev/initctl FIFO have been moved to /run, and have been replaced by symlinks. This allows connecting to these facilities even if PrivateDevices=yes is used for a service (which makes /dev/log itself unavailable, but /run is left). This also has the benefit of ensuring that /dev only contains device nodes, directories and symlinks, and nothing else. * sd-daemon gained two new calls sd_pid_notify() and sd_pid_notifyf(). They are similar to sd_notify() and sd_notifyf(), but allow overriding of the source PID of notification messages if permissions permit this. This is useful to send notify messages on behalf of a different process (for example, the parent process). The systemd-notify tool has been updated to make use of this when sending messages (so that notification messages now originate from the shell script invoking systemd-notify and not the systemd-notify process itself. This should minimize a race where systemd fails to associate notification messages to services when the originating process already vanished. * A new "on-abnormal" setting for Restart= has been added. If set, it will result in automatic restarts on all "abnormal" reasons for a process to exit, which includes unclean signals, core dumps, timeouts and watchdog timeouts, but does not include clean and unclean exit codes or clean signals. Restart=on-abnormal is an alternative for Restart=on-failure for services that shall be able to terminate and avoid restarts on certain errors, by indicating so with an unclean exit code. Restart=on-failure or Restart=on-abnormal is now the recommended setting for all long-running services. * If the InaccessibleDirectories= service setting points to a mount point (or if there are any submounts contained within it), it is now attempted to completely unmount it, to make the file systems truly unavailable for the respective service. * The ReadOnlyDirectories= service setting and systemd-nspawn's --read-only parameter are now recursively applied to all submounts, too. * Mount units may now be created transiently via the bus APIs. * The support for SysV and LSB init scripts has been removed from the systemd daemon itself. Instead, it is now implemented as a generator that creates native systemd units from these scripts when needed. This enables us to remove a substantial amount of legacy code from PID 1, following the fact that many distributions only ship a very small number of LSB/SysV init scripts nowadays. * Privileged Xen (dom0) domains are not considered virtualization anymore by the virtualization detection logic. After all, they generally have unrestricted access to the hardware and usually are used to manage the unprivileged (domU) domains. * systemd-tmpfiles gained a new "C" line type, for copying files or entire directories. * systemd-tmpfiles "m" lines are now fully equivalent to "z" lines. So far, they have been non-globbing versions of the latter, and have thus been redundant. In future, it is recommended to only use "z". "m" has hence been removed from the documentation, even though it stays supported. * A tmpfiles snippet to recreate the most basic structure in /var has been added. This is enough to create the /var/run → /run symlink and create a couple of structural directories. This allows systems to boot up with an empty or volatile /var. Of course, while with this change, the core OS now is capable with dealing with a volatile /var, not all user services are ready for it. However, we hope that sooner or later, many service daemons will be changed upstream so that they are able to automatically create their necessary directories in /var at boot, should they be missing. This is the first step to allow state-less systems that only require the vendor image for /usr to boot. * systemd-nspawn has gained a new --tmpfs= switch to mount an empty tmpfs instance to a specific directory. This is particularly useful for making use of the automatic reconstruction of /var (see above), by passing --tmpfs=/var. * Access modes specified in tmpfiles snippets may now be prefixed with "~", which indicates that they shall be masked by whether the existing file or directory is currently writable, readable or executable at all. Also, if specified, the sgid/suid/sticky bits will be masked for all non-directories. * A new passive target unit "network-pre.target" has been added which is useful for services that shall run before any network is configured, for example firewall scripts. * The "floppy" group that previously owned the /dev/fd* devices is no longer used. The "disk" group is now used instead. Distributions should probably deprecate usage of this group. Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers, Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-06-11 CHANGES WITH 213: * A new "systemd-timesyncd" daemon has been added for synchronizing the system clock across the network. It implements an SNTP client. In contrast to NTP implementations such as chrony or the NTP reference server, this only implements a client side, and does not bother with the full NTP complexity, focusing only on querying time from one remote server and synchronizing the local clock to it. Unless you intend to serve NTP to networked clients or want to connect to local hardware clocks, this simple NTP client should be more than appropriate for most installations. The daemon runs with minimal privileges, and has been hooked up with networkd to only operate when network connectivity is available. The daemon saves the current clock to disk every time a new NTP sync has been acquired, and uses this to possibly correct the system clock early at bootup, in order to accommodate for systems that lack an RTC such as the Raspberry Pi and embedded devices, and to make sure that time monotonically progresses on these systems, even if it is not always correct. To make use of this daemon, a new system user and group "systemd-timesync" needs to be created on installation of systemd. * The queue "seqnum" interface of libudev has been disabled, as it was generally incompatible with device namespacing as sequence numbers of devices go "missing" if the devices are part of a different namespace. * "systemctl list-timers" and "systemctl list-sockets" gained a --recursive switch for showing units of these types also for all local containers, similar in style to the already supported --recursive switch for "systemctl list-units". * A new RebootArgument= setting has been added for service units, which may be used to specify a kernel reboot argument to use when triggering reboots with StartLimitAction=. * A new FailureAction= setting has been added for service units which may be used to specify an operation to trigger when a service fails. This works similarly to StartLimitAction=, but unlike it, controls what is done immediately rather than only after several attempts to restart the service in question. * hostnamed got updated to also expose the kernel name, release, and version on the bus. This is useful for executing commands like hostnamectl with the -H switch. systemd-analyze makes use of this to properly display details when running non-locally. * The bootchart tool can now show cgroup information in the graphs it generates. * The CFS CPU quota cgroup attribute is now exposed for services. The new CPUQuota= switch has been added for this which takes a percentage value. Setting this will have the result that a service may never get more CPU time than the specified percentage, even if the machine is otherwise idle. * systemd-networkd learned IPIP and SIT tunnel support. * LSB init scripts exposing a dependency on $network will now get a dependency on network-online.target rather than simply network.target. This should bring LSB handling closer to what it was on SysV systems. * A new fsck.repair= kernel option has been added to control how fsck shall deal with unclean file systems at boot. * The (.ini) configuration file parser will now silently ignore sections whose name begins with "X-". This may be used to maintain application-specific extension sections in unit files. * machined gained a new API to query the IP addresses of registered containers. "machinectl status" has been updated to show these addresses in its output. * A new call sd_uid_get_display() has been added to the sd-login APIs for querying the "primary" session of a user. The "primary" session of the user is elected from the user's sessions and generally a graphical session is preferred over a text one. * A minimal systemd-resolved daemon has been added. It currently simply acts as a companion to systemd-networkd and manages resolv.conf based on per-interface DNS configuration, possibly supplied via DHCP. In the long run we hope to extend this into a local DNSSEC enabled DNS and mDNS cache. * The systemd-networkd-wait-online tool is now enabled by default. It will delay network-online.target until a network connection has been configured. The tool primarily integrates with networkd, but will also make a best effort to make sense of network configuration performed in some other way. * Two new service options StartupCPUShares= and StartupBlockIOWeight= have been added that work similarly to CPUShares= and BlockIOWeight= however only apply during system startup. This is useful to prioritize certain services differently during bootup than during normal runtime. * hostnamed has been changed to prefer the statically configured hostname in /etc/hostname (unless set to 'localhost' or empty) over any dynamic one supplied by dhcp. With this change, the rules for picking the hostname match more closely the rules of other configuration settings where the local administrator's configuration in /etc always overrides any other settings. Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch, Dan Kilman, Dave Reisner, David Härdeman, David Herrmann, David Strauss, Dimitris Spingos, Djalal Harouni, Eelco Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark, Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode, Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter, Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, WaLyong Cho, Will Woods, Zbigniew Jędrzejewski-Szmek — Beijing, 2014-05-28 CHANGES WITH 212: * When restoring the screen brightness at boot, stay away from the darkest setting or from the lowest 5% of the available range, depending on which is the larger value of both. This should effectively protect the user from rebooting into a black screen, should the brightness have been set to minimum by accident. * sd-login gained a new sd_machine_get_class() call to determine the class ("vm" or "container") of a machine registered with machined. * sd-login gained new calls sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(), to query the identity of the peer of a local AF_UNIX connection. They operate similarly to their sd_pid_get_xyz() counterparts. * PID 1 will now maintain a system-wide system state engine with the states "starting", "running", "degraded", "maintenance", "stopping". These states are bound to system startup, normal runtime, runtime with at least one failed service, rescue/emergency mode and system shutdown. This state is shown in the "systemctl status" output when no unit name is passed. It is useful to determine system state, in particularly when doing so for many systems or containers at once. * A new command "list-machines" has been added to "systemctl" that lists all local OS containers and shows their system state (see above), if systemd runs inside of them. * systemctl gained a new "-r" switch to recursively enumerate units on all local containers, when used with the "list-unit" command (which is the default one that is executed when no parameters are specified). * The GPT automatic partition discovery logic will now honour two GPT partition flags: one may be set on a partition to cause it to be mounted read-only, and the other may be set on a partition to ignore it during automatic discovery. * Two new GPT type UUIDs have been added for automatic root partition discovery, for 32-bit and 64-bit ARM. This is not particularly useful for discovering the root directory on these architectures during bare-metal boots (since UEFI is not common there), but still very useful to allow booting of ARM disk images in nspawn with the -i option. * MAC addresses of interfaces created with nspawn's --network-interface= switch will now be generated from the machine name, and thus be stable between multiple invocations of the container. * logind will now automatically remove all IPC objects owned by a user if she or he fully logs out. This makes sure that users who are logged out cannot continue to consume IPC resources. This covers SysV memory, semaphores and message queues as well as POSIX shared memory and message queues. Traditionally, SysV and POSIX IPC had no life-cycle limits. With this functionality, that is corrected. This may be turned off by using the RemoveIPC= switch of logind.conf. * The systemd-machine-id-setup and tmpfiles tools gained a --root= switch to operate on a specific root directory, instead of /. * journald can now forward logged messages to the TTYs of all logged in users ("wall"). This is the default for all emergency messages now. * A new tool systemd-journal-remote has been added to stream journal log messages across the network. * /sys/fs/cgroup/ is now mounted read-only after all cgroup controller trees are mounted into it. Note that the directories mounted beneath it are not read-only. This is a security measure and is particularly useful because glibc actually includes a search logic to pick any tmpfs it can find to implement shm_open() if /dev/shm is not available (which it might very well be in namespaced setups). * machinectl gained a new "poweroff" command to cleanly power down a local OS container. * The PrivateDevices= unit file setting will now also drop the CAP_MKNOD capability from the capability bound set, and imply DevicePolicy=closed. * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used comprehensively on all long-running systemd services where this is appropriate. * systemd-udevd will now run in a disassociated mount namespace. To mount directories from udev rules, make sure to pull in mount units via SYSTEMD_WANTS properties. * The kdbus support gained support for uploading policy into the kernel. sd-bus gained support for creating "monitoring" connections that can eavesdrop into all bus communication for debugging purposes. * Timestamps may now be specified in seconds since the UNIX epoch Jan 1st, 1970 by specifying "@" followed by the value in seconds. * Native tcpwrap support in systemd has been removed. tcpwrap is old code, not really maintained anymore and has serious shortcomings, and better options such as firewalls exist. For setups that require tcpwrap usage, please consider invoking your socket-activated service via tcpd, like on traditional inetd. * A new system.conf configuration option DefaultTimerAccuracySec= has been added that controls the default AccuracySec= setting of .timer units. * Timer units gained a new WakeSystem= switch. If enabled, timers configured this way will cause the system to resume from system suspend (if the system supports that, which most do these days). * Timer units gained a new Persistent= switch. If enabled, timers configured this way will save to disk when they have been last triggered. This information is then used on next reboot to possible execute overdue timer events, that could not take place because the system was powered off. This enables simple anacron-like behaviour for timer units. * systemctl's "list-timers" will now also list the time a timer unit was last triggered in addition to the next time it will be triggered. * systemd-networkd will now assign predictable IPv4LL addresses to its local interfaces. Contributions from: Brandon Philips, Daniel Buch, Daniel Mack, Dave Reisner, David Herrmann, Gerd Hoffmann, Greg Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna, Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-03-25 CHANGES WITH 211: * A new unit file setting RestrictAddressFamilies= has been added to restrict which socket address families unit processes gain access to. This takes address family names like "AF_INET" or "AF_UNIX", and is useful to minimize the attack surface of services via exotic protocol stacks. This is built on seccomp system call filters. * Two new unit file settings RuntimeDirectory= and RuntimeDirectoryMode= have been added that may be used to manage a per-daemon runtime directories below /run. This is an alternative for setting up directory permissions with tmpfiles snippets, and has the advantage that the runtime directory's lifetime is bound to the daemon runtime and that the daemon starts up with an empty directory each time. This is particularly useful when writing services that drop privileges using the User= or Group= setting. * The DeviceAllow= unit setting now supports globbing for matching against device group names. * The systemd configuration file system.conf gained new settings DefaultCPUAccounting=, DefaultBlockIOAccounting=, DefaultMemoryAccounting= to globally turn on/off accounting for specific resources (cgroups) for all units. These settings may still be overridden individually in each unit though. * systemd-gpt-auto-generator is now able to discover /srv and root partitions in addition to /home and swap partitions. It also supports LUKS-encrypted partitions now. With this in place, automatic discovery of partitions to mount following the Discoverable Partitions Specification (https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec) is now a lot more complete. This allows booting without /etc/fstab and without root= on the kernel command line on systems prepared appropriately. * systemd-nspawn gained a new --image= switch which allows booting up disk images and Linux installations on any block device that follow the Discoverable Partitions Specification (see above). This means that installations made with appropriately updated installers may now be started and deployed using container managers, completely unmodified. (We hope that libvirt-lxc will add support for this feature soon, too.) * systemd-nspawn gained a new --network-macvlan= setting to set up a private macvlan interface for the container. Similarly, systemd-networkd gained a new Kind=macvlan setting in .netdev files. * systemd-networkd now supports configuring local addresses using IPv4LL. * A new tool systemd-network-wait-online has been added to synchronously wait for network connectivity using systemd-networkd. * The sd-bus.h bus API gained a new sd_bus_track object for tracking the life-cycle of bus peers. Note that sd-bus.h is still not a public API though (unless you specify --enable-kdbus on the configure command line, which however voids your warranty and you get no API stability guarantee). * The $XDG_RUNTIME_DIR runtime directories for each user are now individual tmpfs instances, which has the benefit of introducing separate pools for each user, with individual size limits, and thus making sure that unprivileged clients can no longer negatively impact the system or other users by filling up their $XDG_RUNTIME_DIR. A new logind.conf setting RuntimeDirectorySize= has been introduced that allows controlling the default size limit for all users. It defaults to 10% of the available physical memory. This is no replacement for quotas on tmpfs though (which the kernel still does not support), as /dev/shm and /tmp are still shared resources used by both the system and unprivileged users. * logind will now automatically turn off automatic suspending on laptop lid close when more than one display is connected. This was previously expected to be implemented individually in desktop environments (such as GNOME), however has been added to logind now, in order to fix a boot-time race where a desktop environment might not have been started yet and thus not been able to take an inhibitor lock at the time where logind already suspends the system due to a closed lid. * logind will now wait at least 30s after each system suspend/resume cycle, and 3min after system boot before suspending the system due to a closed laptop lid. This should give USB docking stations and similar enough time to be probed and configured after system resume and boot in order to then act as suspend blocker. * systemd-run gained a new --property= setting which allows initialization of resource control properties (and others) for the created scope or service unit. Example: "systemd-run --property=BlockIOWeight=10 updatedb" may be used to run updatedb at a low block IO scheduling weight. * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches now also work in --scope mode. * When systemd is compiled with kdbus support, basic support for enforced policies is now in place. (Note that enabling kdbus still voids your warranty and no API compatibility promises are made.) Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni, Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt, Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-03-12 CHANGES WITH 210: * systemd will now relabel /dev after loading the SMACK policy according to SMACK rules. * A new unit file option AppArmorProfile= has been added to set the AppArmor profile for the processes of a unit. * A new condition check ConditionArchitecture= has been added to conditionalize units based on the system architecture, as reported by uname()'s "machine" field. * systemd-networkd now supports matching on the system virtualization, architecture, kernel command line, host name and machine ID. * logind is now a lot more aggressive when suspending the machine due to a closed laptop lid. Instead of acting only on the lid close action, it will continuously watch the lid status and act on it. This is useful for laptops where the power button is on the outside of the chassis so that it can be reached without opening the lid (such as the Lenovo Yoga). On those machines, logind will now immediately re-suspend the machine if the power button has been accidentally pressed while the laptop was suspended and in a backpack or similar. * logind will now watch SW_DOCK switches and inhibit reaction to the lid switch if it is pressed. This means that logind will not suspend the machine anymore if the lid is closed and the system is docked, if the laptop supports SW_DOCK notifications via the input layer. Note that ACPI docking stations do not generate this currently. Also note that this logic is usually not fully sufficient and Desktop Environments should take a lid switch inhibitor lock when an external display is connected, as systemd will not watch this on its own. * nspawn will now make use of the devices cgroup controller by default, and only permit creation of and access to the usual API device nodes like /dev/null or /dev/random, as well as access to (but not creation of) the pty devices. * We will now ship a default .network file for systemd-networkd that automatically configures DHCP for network interfaces created by nspawn's --network-veth or --network-bridge= switches. * systemd will now understand the usual M, K, G, T suffixes according to SI conventions (i.e. to the base 1000) when referring to throughput and hardware metrics. It will stay with IEC conventions (i.e. to the base 1024) for software metrics, according to what is customary according to Wikipedia. We explicitly document which base applies for each configuration option. * The DeviceAllow= setting in unit files now supports a syntax to whitelist an entire group of devices node majors at once, based on the /proc/devices listing. For example, with the string "char-pts", it is now possible to whitelist all current and future pseudo-TTYs at once. * sd-event learned a new "post" event source. Event sources of this type are triggered by the dispatching of any event source of a type that is not "post". This is useful for implementing clean-up and check event sources that are triggered by other work being done in the program. * systemd-networkd is no longer statically enabled, but uses the usual [Install] sections so that it can be enabled/disabled using systemctl. It still is enabled by default however. * When creating a veth interface pair with systemd-nspawn, the host side will now be prefixed with "vb-" if --network-bridge= is used, and with "ve-" if --network-veth is used. This way, it is easy to distinguish these cases on the host, for example to apply different configuration to them with systemd-networkd. * The compatibility libraries for libsystemd-journal.so, libsystem-id128.so, libsystemd-login.so and libsystemd-daemon.so do not make use of IFUNC anymore. Instead, we now build libsystemd.so multiple times under these alternative names. This means that the footprint is drastically increased, but given that these are transitional compatibility libraries, this should not matter much. This change has been made necessary to support the ARM platform for these compatibility libraries, as the ARM toolchain is not really at the same level as the toolchain for other architectures like x86 and does not support IFUNC. Please make sure to use --enable-compat-libs only during a transitional period! Contributions from: Andreas Fuchs, Armin K., Colin Walters, Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni, Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach, Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-02-24 CHANGES WITH 209: * A new component "systemd-networkd" has been added that can be used to configure local network interfaces statically or via DHCP. It is capable of bringing up bridges, VLANs, and bonding. Currently, no hook-ups for interactive network configuration are provided. Use this for your initrd, container, embedded, or server setup if you need a simple, yet powerful, network configuration solution. This configuration subsystem is quite nifty, as it allows wildcard hotplug matching in interfaces. For example, with a single configuration snippet, you can configure that all Ethernet interfaces showing up are automatically added to a bridge, or similar. It supports link-sensing and more. * A new tool "systemd-socket-proxyd" has been added which can act as a bidirectional proxy for TCP sockets. This is useful for adding socket activation support to services that do not actually support socket activation, including virtual machines and the like. * Add a new tool to save/restore rfkill state on shutdown/boot. * Save/restore state of keyboard backlights in addition to display backlights on shutdown/boot. * udev learned a new SECLABEL{} construct to label device nodes with a specific security label when they appear. For now, only SECLABEL{selinux} is supported, but the syntax is prepared for additional security frameworks. * udev gained a new scheme to configure link-level attributes from files in /etc/systemd/network/*.link. These files can match against MAC address, device path, driver name and type, and will apply attributes like the naming policy, link speed, MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC address assignment policy (randomized, ...). * The configuration of network interface naming rules for "permanent interface names" has changed: a new NamePolicy= setting in the [Link] section of .link files determines the priority of possible naming schemes (onboard, slot, MAC, path). The default value of this setting is determined by /usr/lib/net/links/99-default.link. Old 80-net-name-slot.rules udev configuration file has been removed, so local configuration overriding this file should be adapted to override 99-default.link instead. * When the User= switch is used in a unit file, also initialize $SHELL= based on the user database entry. * systemd no longer depends on libdbus. All communication is now done with sd-bus, systemd's low-level bus library implementation. * kdbus support has been added to PID 1 itself. When kdbus is enabled, this causes PID 1 to set up the system bus and enable support for a new ".busname" unit type that encapsulates bus name activation on kdbus. It works a little bit like ".socket" units, except for bus names. A new generator has been added that converts classic dbus1 service activation files automatically into native systemd .busname and .service units. * sd-bus: add a light-weight vtable implementation that allows defining objects on the bus with a simple static const vtable array of its methods, signals and properties. * systemd will not generate or install static dbus introspection data anymore to /usr/share/dbus-1/interfaces, as the precise format of these files is unclear, and nothing makes use of it. * A proxy daemon is now provided to proxy clients connecting via classic D-Bus AF_UNIX sockets to kdbus, to provide full compatibility with classic D-Bus. * A bus driver implementation has been added that supports the classic D-Bus bus driver calls on kdbus, also for compatibility purposes. * A new API "sd-event.h" has been added that implements a minimal event loop API built around epoll. It provides a couple of features that direct epoll usage is lacking: prioritization of events, scales to large numbers of timer events, per-event timer slack (accuracy), system-wide coalescing of timer events, exit handlers, watchdog supervision support using systemd's sd_notify() API, child process handling. * A new API "sd-rntl.h" has been added that provides an API around the route netlink interface of the kernel, similar in style to "sd-bus.h". * A new API "sd-dhcp-client.h" has been added that provides a small DHCPv4 client-side implementation. This is used by "systemd-networkd". * There is a new kernel command line option "systemd.restore_state=0|1". When set to "0", none of the systemd tools will restore saved runtime state to hardware devices. More specifically, the rfkill and backlight states are not restored. * The FsckPassNo= compatibility option in mount/service units has been removed. The fstab generator will now add the necessary dependencies automatically, and does not require PID1's support for that anymore. * journalctl gained a new switch, --list-boots, that lists recent boots with their times and boot IDs. * The various tools like systemctl, loginctl, timedatectl, busctl, systemd-run, ... have gained a new switch "-M" to connect to a specific, local OS container (as direct connection, without requiring SSH). This works on any container that is registered with machined, such as those created by libvirt-lxc or nspawn. * systemd-run and systemd-analyze also gained support for "-H" to connect to remote hosts via SSH. This is particularly useful for systemd-run because it enables queuing of jobs onto remote systems. * machinectl gained a new command "login" to open a getty login in any local container. This works with any container that is registered with machined (such as those created by libvirt-lxc or nspawn), and which runs systemd inside. * machinectl gained a new "reboot" command that may be used to trigger a reboot on a specific container that is registered with machined. This works on any container that runs an init system of some kind. * systemctl gained a new "list-timers" command to print a nice listing of installed timer units with the times they elapse next. * Alternative reboot() parameters may now be specified on the "systemctl reboot" command line and are passed to the reboot() system call. * systemctl gained a new --job-mode= switch to configure the mode to queue a job with. This is a more generic version of --fail, --irreversible, and --ignore-dependencies, which are still available but not advertised anymore. * /etc/systemd/system.conf gained new settings to configure various default timeouts of units, as well as the default start limit interval and burst. These may still be overridden within each Unit. * PID1 will now export on the bus profile data of the security policy upload process (such as the SELinux policy upload to the kernel). * journald: when forwarding logs to the console, include timestamps (following the setting in /sys/module/printk/parameters/time). * OnCalendar= in timer units now understands the special strings "yearly" and "annually". (Both are equivalent) * The accuracy of timer units is now configurable with the new AccuracySec= setting. It defaults to 1min. * A new dependency type JoinsNamespaceOf= has been added that allows running two services within the same /tmp and network namespace, if PrivateNetwork= or PrivateTmp= are used. * A new command "cat" has been added to systemctl. It outputs the original unit file of a unit, and concatenates the contents of additional "drop-in" unit file snippets, so that the full configuration is shown. * systemctl now supports globbing on the various "list-xyz" commands, like "list-units" or "list-sockets", as well as on those commands which take multiple unit names. * journalctl's --unit= switch gained support for globbing. * All systemd daemons now make use of the watchdog logic so that systemd automatically notices when they hang. * If the $container_ttys environment variable is set, getty-generator will automatically spawn a getty for each listed tty. This is useful for container managers to request login gettys to be spawned on as many ttys as needed. * %h, %s, %U specifier support is not available anymore when used in unit files for PID 1. This is because NSS calls are not safe from PID 1. They stay available for --user instances of systemd, and as special case for the root user. * loginctl gained a new "--no-legend" switch to turn off output of the legend text. * The "sd-login.h" API gained three new calls: sd_session_is_remote(), sd_session_get_remote_user(), sd_session_get_remote_host() to query information about remote sessions. * The udev hardware database now also carries vendor/product information of SDIO devices. * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to determine whether watchdog notifications are requested by the system manager. * Socket-activated per-connection services now include a short description of the connection parameters in the description. * tmpfiles gained a new "--boot" option. When this is not used, only lines where the command character is not suffixed with "!" are executed. When this option is specified, those options are executed too. This partitions tmpfiles directives into those that can be safely executed at any time, and those which should be run only at boot (for example, a line that creates /run/nologin). * A new API "sd-resolve.h" has been added which provides a simple asynchronous wrapper around glibc NSS host name resolution calls, such as getaddrinfo(). In contrast to glibc's getaddrinfo_a(), it does not use signals. In contrast to most other asynchronous name resolution libraries, this one does not reimplement DNS, but reuses NSS, so that alternate host name resolution systems continue to work, such as mDNS, LDAP, etc. This API is based on libasyncns, but it has been cleaned up for inclusion in systemd. * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h", "sd-daemon.h" are no longer found in individual libraries libsystemd-journal.so, libsystemd-login.so, libsystemd-id128.so, libsystemd-daemon.so. Instead, we have merged them into a single library, libsystemd.so, which provides all symbols. The reason for this is cyclic dependencies, as these libraries tend to use each other's symbols. So far, we have managed to workaround that by linking a copy of a good part of our code into each of these libraries again and again, which, however, makes certain things hard to do, like sharing static variables. Also, it substantially increases footprint. With this change, there is only one library for the basic APIs systemd provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this library as well, however are subject to the --enable-kdbus switch (see below). Note that "sd-dhcp-client.h" is not part of this library (this is because it only consumes, never provides, services of/to other APIs). To make the transition easy from the separate libraries to the unified one, we provide the --enable-compat-libs compile-time switch which will generate stub libraries that are compatible with the old ones but redirect all calls to the new one. * All of the kdbus logic and the new APIs "sd-bus.h", "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h", and "sd-utf8.h" are compile-time optional via the "--enable-kdbus" switch, and they are not compiled in by default. To make use of kdbus, you have to explicitly enable the switch. Note however, that neither the kernel nor the userspace API for all of this is considered stable yet. We want to maintain the freedom to still change the APIs for now. By specifying this build-time switch, you acknowledge that you are aware of the instability of the current APIs. * Also, note that while kdbus is pretty much complete, it lacks one thing: proper policy support. This means you can build a fully working system with all features; however, it will be highly insecure. Policy support will be added in one of the next releases, at the same time that we will declare the APIs stable. * When the kernel command line argument "kdbus" is specified, systemd will automatically load the kdbus.ko kernel module. At this stage of development, it is only useful for testing kdbus and should not be used in production. Note: if "--enable-kdbus" is specified, and the kdbus.ko kernel module is available, and "kdbus" is added to the kernel command line, the entire system runs with kdbus instead of dbus-daemon, with the above mentioned problem of missing the system policy enforcement. Also a future version of kdbus.ko or a newer systemd will not be compatible with each other, and will unlikely be able to boot the machine if only one of them is updated. * systemctl gained a new "import-environment" command which uploads the caller's environment (or parts thereof) into the service manager so that it is inherited by services started by the manager. This is useful to upload variables like $DISPLAY into the user service manager. * A new PrivateDevices= switch has been added to service units which allows running a service with a namespaced /dev directory that does not contain any device nodes for physical devices. More specifically, it only includes devices such as /dev/null, /dev/urandom, and /dev/zero which are API entry points. * logind has been extended to support behaviour like VT switching on seats that do not support a VT. This makes multi-session available on seats that are not the first seat (seat0), and on systems where kernel support for VTs has been disabled at compile-time. * If a process holds a delay lock for system sleep or shutdown and fails to release it in time, we will now log its identity. This makes it easier to identify processes that cause slow suspends or power-offs. * When parsing /etc/crypttab, support for a new key-slot= option as supported by Debian is added. It allows indicating which LUKS slot to use on disk, speeding up key loading. * The sd_journald_sendv() API call has been checked and officially declared to be async-signal-safe so that it may be invoked from signal handlers for logging purposes. * Boot-time status output is now enabled automatically after a short timeout if boot does not progress, in order to give the user an indication what she or he is waiting for. * The boot-time output has been improved to show how much time remains until jobs expire. * The KillMode= switch in service units gained a new possible value "mixed". If set, and the unit is shut down, then the initial SIGTERM signal is sent only to the main daemon process, while the following SIGKILL signal is sent to all remaining processes of the service. * When a scope unit is registered, a new property "Controller" may be set. If set to a valid bus name, systemd will send a RequestStop() signal to this name when it would like to shut down the scope. This may be used to hook manager logic into the shutdown logic of scope units. Also, scope units may now be put in a special "abandoned" state, in which case the manager process which created them takes no further responsibilities for it. * When reading unit files, systemd will now verify the access mode of these files, and warn about certain suspicious combinations. This has been added to make it easier to track down packaging bugs where unit files are marked executable or world-writable. * systemd-nspawn gained a new "--setenv=" switch to set container-wide environment variables. The similar option in systemd-activate was renamed from "--environment=" to "--setenv=" for consistency. * systemd-nspawn has been updated to create a new kdbus domain for each container that is invoked, thus allowing each container to have its own set of system and user buses, independent of the host. * systemd-nspawn gained a new --drop-capability= switch to run the container with less capabilities than the default. Both --drop-capability= and --capability= now take the special string "all" for dropping or keeping all capabilities. * systemd-nspawn gained new switches for executing containers with specific SELinux labels set. * systemd-nspawn gained a new --quiet switch to not generate any additional output but the container's own console output. * systemd-nspawn gained a new --share-system switch to run a container without PID namespacing enabled. * systemd-nspawn gained a new --register= switch to control whether the container is registered with systemd-machined or not. This is useful for containers that do not run full OS images, but only specific apps. * systemd-nspawn gained a new --keep-unit which may be used when invoked as the only program from a service unit, and results in registration of the unit service itself in systemd-machined, instead of a newly opened scope unit. * systemd-nspawn gained a new --network-interface= switch for moving arbitrary interfaces to the container. The new --network-veth switch creates a virtual Ethernet connection between host and container. The new --network-bridge= switch then allows assigning the host side of this virtual Ethernet connection to a bridge device. * systemd-nspawn gained a new --personality= switch for setting the kernel personality for the container. This is useful when running a 32-bit container on a 64-bit host. A similar option Personality= is now also available for service units to use. * logind will now also track a "Desktop" identifier for each session which encodes the desktop environment of it. This is useful for desktop environments that want to identify multiple running sessions of itself easily. * A new SELinuxContext= setting for service units has been added that allows setting a specific SELinux execution context for a service. * Most systemd client tools will now honour $SYSTEMD_LESS for settings of the "less" pager. By default, these tools will override $LESS to allow certain operations to work, such as jump-to-the-end. With $SYSTEMD_LESS, it is possible to influence this logic. * systemd's "seccomp" hook-up has been changed to make use of the libseccomp library instead of using its own implementation. This has benefits for portability among other things. * For usage together with SystemCallFilter=, a new SystemCallErrorNumber= setting has been introduced that allows configuration of a system error number to be returned on filtered system calls, instead of immediately killing the process. Also, SystemCallArchitectures= has been added to limit access to system calls of a particular architecture (in order to turn off support for unused secondary architectures). There is also a global SystemCallArchitectures= setting in system.conf now to turn off support for non-native system calls system-wide. * systemd requires a kernel with a working name_to_handle_at(), please see the kernel config requirements in the README file. Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov, Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera, Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters, Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa, David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov, Elia Pinto, Florian Weimer, George McCollister, Goffredo Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld, Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg, Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael Marineau, Michael Scherer, Michał Górny, Michal Sekletar, Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt, Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters, Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else, Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek — Berlin, 2014-02-20 CHANGES WITH 208: * logind has gained support for facilitating privileged input and drm device access for unprivileged clients. This work is useful to allow Wayland display servers (and similar programs, such as kmscon) to run under the user's ID and access input and drm devices which are normally protected. When this is used (and the kernel is new enough) logind will "mute" IO on the file descriptors passed to Wayland as long as it is in the background and "unmute" it if it returns into the foreground. This allows secure session switching without allowing background sessions to eavesdrop on input and display data. This also introduces session switching support if VT support is turned off in the kernel, and on seats that are not seat0. * A new kernel command line option luks.options= is understood now which allows specifying LUKS options for usage for LUKS encrypted partitions specified with luks.uuid=. * tmpfiles.d(5) snippets may now use specifier expansion in path names. More specifically %m, %b, %H, %v, are now replaced by the local machine id, boot id, hostname, and kernel version number. * A new tmpfiles.d(5) command "m" has been introduced which may be used to change the owner/group/access mode of a file or directory if it exists, but do nothing if it does not. * This release removes high-level support for the MemorySoftLimit= cgroup setting. The underlying kernel cgroup attribute memory.soft_limit= is currently badly designed and likely to be removed from the kernel API in its current form, hence we should not expose it for now. * The memory.use_hierarchy cgroup attribute is now enabled for all cgroups systemd creates in the memory cgroup hierarchy. This option is likely to be come the built-in default in the kernel anyway, and the non-hierarchical mode never made much sense in the intrinsically hierarchical cgroup system. * A new field _SYSTEMD_SLICE= is logged along with all journal messages containing the slice a message was generated from. This is useful to allow easy per-customer filtering of logs among other things. * systemd-journald will no longer adjust the group of journal files it creates to the "systemd-journal" group. Instead we rely on the journal directory to be owned by the "systemd-journal" group, and its setgid bit set, so that the kernel file system layer will automatically enforce that journal files inherit this group assignment. The reason for this change is that we cannot allow NSS look-ups from journald which would be necessary to resolve "systemd-journal" to a numeric GID, because this might create deadlocks if NSS involves synchronous queries to other daemons (such as nscd, or sssd) which in turn are logging clients of journald and might block on it, which would then dead lock. A tmpfiles.d(5) snippet included in systemd will make sure the setgid bit and group are properly set on the journal directory if it exists on every boot. However, we recommend adjusting it manually after upgrades too (or from RPM scriptlets), so that the change is not delayed until next reboot. * Backlight and random seed files in /var/lib/ have moved into the /var/lib/systemd/ directory, in order to centralize all systemd generated files in one directory. * Boot time performance measurements (as displayed by "systemd-analyze" for example) will now read ACPI 5.0 FPDT performance information if that's available to determine how much time BIOS and boot loader initialization required. With a sufficiently new BIOS you hence no longer need to boot with Gummiboot to get access to such information. Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters, Cristian Rodríguez, Dave Reisner, David Herrmann, David Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt, Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty, Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek — Berlin, 2013-10-02 CHANGES WITH 207: * The Restart= option for services now understands a new on-watchdog setting, which will restart the service automatically if the service stops sending out watchdog keep alive messages (as configured with WatchdogSec=). * The getty generator (which is responsible for bringing up a getty on configured serial consoles) will no longer only start a getty on the primary kernel console but on all others, too. This makes the order in which console= is specified on the kernel command line less important. * libsystemd-logind gained a new sd_session_get_vt() call to retrieve the VT number of a session. * If the option "tries=0" is set for an entry of /etc/crypttab its passphrase is queried indefinitely instead of any maximum number of tries. * If a service with a configure PID file terminates its PID file will now be removed automatically if it still exists afterwards. This should put an end to stale PID files. * systemd-run will now also take relative binary path names for execution and no longer insists on absolute paths. * InaccessibleDirectories= and ReadOnlyDirectories= now take paths that are optionally prefixed with "-" to indicate that it should not be considered a failure if they do not exist. * journalctl -o (and similar commands) now understands a new output mode "short-precise", it is similar to "short" but shows timestamps with usec accuracy. * The option "discard" (as known from Debian) is now synonymous to "allow-discards" in /etc/crypttab. In fact, "discard" is preferred now (since it is easier to remember and type). * Some licensing clean-ups were made, so that more code is now LGPL-2.1 licensed than before. * A minimal tool to save/restore the display backlight brightness across reboots has been added. It will store the backlight setting as late as possible at shutdown, and restore it as early as possible during reboot. * A logic to automatically discover and enable home and swap partitions on GPT disks has been added. With this in place /etc/fstab becomes optional for many setups as systemd can discover certain partitions located on the root disk automatically. Home partitions are recognized under their GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap partitions are recognized under their GPT type ID 0657fd6da4ab43c484e50933c84b4f4f. * systemd will no longer pass any environment from the kernel or initrd to system services. If you want to set an environment for all services, do so via the kernel command line systemd.setenv= assignment. * The systemd-sysctl tool no longer natively reads the file /etc/sysctl.conf. If desired, the file should be symlinked from /etc/sysctl.d/99-sysctl.conf. Apart from providing legacy support by a symlink rather than built-in code, it also makes the otherwise hidden order of application of the different files visible. (Note that this partly reverts to a pre-198 application order of sysctl knobs!) * The "systemctl set-log-level" and "systemctl dump" commands have been moved to systemd-analyze. * systemd-run learned the new --remain-after-exit switch, which causes the scope unit not to be cleaned up automatically after the process terminated. * tmpfiles learned a new --exclude-prefix= switch to exclude certain paths from operation. * journald will now automatically flush all messages to disk as soon as a message at the log level CRIT, ALERT or EMERG is received. Contributions from: Andrew Cook, Brandon Philips, Christian Hesse, Christoph Junghans, Colin Walters, Daniel Schaal, Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer, Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt, Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering, Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, Michael Marineau, Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao, William Giokas, Zbigniew Jędrzejewski-Szmek — Berlin, 2013-09-13 CHANGES WITH 206: * The documentation has been updated to cover the various new concepts introduced with 205. * Unit files now understand the new %v specifier which resolves to the kernel version string as returned by "uname -r". * systemctl now supports filtering the unit list output by load state, active state and sub state, using the new --state= parameter. * "systemctl status" will now show the results of the condition checks (like ConditionPathExists= and similar) of the last start attempts of the unit. They are also logged to the journal. * "journalctl -b" may now be used to look for boot output of a specific boot. Try "journalctl -b -1" for the previous boot, but the syntax is substantially more powerful. * "journalctl --show-cursor" has been added which prints the cursor string the last shown log line. This may then be used with the new "journalctl --after-cursor=" switch to continue browsing logs from that point on. * "journalctl --force" may now be used to force regeneration of an FSS key. * Creation of "dead" device nodes has been moved from udev into kmod and tmpfiles. Previously, udev would read the kmod databases to pre-generate dead device nodes based on meta information contained in kernel modules, so that these would be auto-loaded on access rather then at boot. As this does not really have much to do with the exposing actual kernel devices to userspace this has always been slightly alien in the udev codebase. Following the new scheme kmod will now generate a runtime snippet for tmpfiles from the module meta information and it now is tmpfiles' job to the create the nodes. This also allows overriding access and other parameters for the nodes using the usual tmpfiles facilities. As side effect this allows us to remove the CAP_SYS_MKNOD capability bit from udevd entirely. * logind's device ACLs may now be applied to these "dead" devices nodes too, thus finally allowing managed access to devices such as /dev/snd/sequencer without loading the backing module right-away. * A new RPM macro has been added that may be used to apply tmpfiles configuration during package installation. * systemd-detect-virt and ConditionVirtualization= now can detect User-Mode-Linux machines (UML). * journald will now implicitly log the effective capabilities set of processes in the message metadata. * systemd-cryptsetup has gained support for TrueCrypt volumes. * The initrd interface has been simplified (more specifically, support for passing performance data via environment variables and fsck results via files in /run has been removed). These features were non-essential, and are nowadays available in a much nicer way by having systemd in the initrd serialize its state and have the hosts systemd deserialize it again. * The udev "keymap" data files and tools to apply keyboard specific mappings of scan to key codes, and force-release scan code lists have been entirely replaced by a udev "keyboard" builtin and a hwdb data file. * systemd will now honour the kernel's "quiet" command line argument also during late shutdown, resulting in a completely silent shutdown when used. * There's now an option to control the SO_REUSEPORT socket option in .socket units. * Instance units will now automatically get a per-template subslice of system.slice unless something else is explicitly configured. For example, instances of sshd@.service will now implicitly be placed in system-sshd.slice rather than system.slice as before. * Test coverage support may now be enabled at build time. Contributions from: Dave Reisner, Frederic Crozat, Harald Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden, Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William Giokas, Zbigniew Jędrzejewski-Szmek — Berlin, 2013-07-23 CHANGES WITH 205: * Two new unit types have been introduced: Scope units are very similar to service units, however, are created out of pre-existing processes — instead of PID 1 forking off the processes. By using scope units it is possible for system services and applications to group their own child processes (worker processes) in a powerful way which then maybe used to organize them, or kill them together, or apply resource limits on them. Slice units may be used to partition system resources in an hierarchical fashion and then assign other units to them. By default there are now three slices: system.slice (for all system services), user.slice (for all user sessions), machine.slice (for VMs and containers). Slices and scopes have been introduced primarily in context of the work to move cgroup handling to a single-writer scheme, where only PID 1 creates/removes/manages cgroups. * There's a new concept of "transient" units. In contrast to normal units these units are created via an API at runtime, not from configuration from disk. More specifically this means it is now possible to run arbitrary programs as independent services, with all execution parameters passed in via bus APIs rather than read from disk. Transient units make systemd substantially more dynamic then it ever was, and useful as a general batch manager. * logind has been updated to make use of scope and slice units for managing user sessions. As a user logs in he will get his own private slice unit, to which all sessions are added as scope units. We also added support for automatically adding an instance of user@.service for the user into the slice. Effectively logind will no longer create cgroup hierarchies on its own now, it will defer entirely to PID 1 for this by means of scope, service and slice units. Since user sessions this way become entities managed by PID 1 the output of "systemctl" is now a lot more comprehensive. * A new mini-daemon "systemd-machined" has been added which may be used by virtualization managers to register local VMs/containers. nspawn has been updated accordingly, and libvirt will be updated shortly. machined will collect a bit of meta information about the VMs/containers, and assign them their own scope unit (see above). The collected meta-data is then made available via the "machinectl" tool, and exposed in "ps" and similar tools. machined/machinectl is compile-time optional. * As discussed earlier, the low-level cgroup configuration options ControlGroup=, ControlGroupModify=, ControlGroupPersistent=, ControlGroupAttribute= have been removed. Please use high-level attribute settings instead as well as slice units. * A new bus call SetUnitProperties() has been added to alter various runtime parameters of a unit. This is primarily useful to alter cgroup parameters dynamically in a nice way, but will be extended later on to make more properties modifiable at runtime. systemctl gained a new set-properties command that wraps this call. * A new tool "systemd-run" has been added which can be used to run arbitrary command lines as transient services or scopes, while configuring a number of settings via the command line. This tool is currently very basic, however already very useful. We plan to extend this tool to even allow queuing of execution jobs with time triggers from the command line, similar in fashion to "at". * nspawn will now inform the user explicitly that kernels with audit enabled break containers, and suggest the user to turn off audit. * Support for detecting the IMA and AppArmor security frameworks with ConditionSecurity= has been added. * journalctl gained a new "-k" switch for showing only kernel messages, mimicking dmesg output; in addition to "--user" and "--system" switches for showing only user's own logs and system logs. * systemd-delta can now show information about drop-in snippets extending unit files. * libsystemd-bus has been substantially updated but is still not available as public API. * systemd will now look for the "debug" argument on the kernel command line and enable debug logging, similar to what "systemd.log_level=debug" already did before. * "systemctl set-default", "systemctl get-default" has been added to configure the default.target symlink, which controls what to boot into by default. * "systemctl set-log-level" has been added as a convenient way to raise and lower systemd logging threshold. * "systemd-analyze plot" will now show the time the various generators needed for execution, as well as information about the unit file loading. * libsystemd-journal gained a new sd_journal_open_files() call for opening specific journal files. journactl also gained a new switch to expose this new functionality. Previously we only supported opening all files from a directory, or all files from the system, as opening individual files only is racy due to journal file rotation. * systemd gained the new DefaultEnvironment= setting in /etc/systemd/system.conf to set environment variables for all services. * If a privileged process logs a journal message with the OBJECT_PID= field set, then journald will automatically augment this with additional OBJECT_UID=, OBJECT_GID=, OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if system services want to log events about specific client processes. journactl/systemctl has been updated to make use of this information if all log messages regarding a specific unit is requested. Contributions from: Auke Kok, Chengwei Yang, Colin Walters, Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave Reisner, David Coppa, David King, David Strauss, Eelco Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer, Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan, Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar, Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach, 장동준 CHANGES WITH 204: * The Python bindings gained some minimal support for the APIs exposed by libsystemd-logind. * ConditionSecurity= gained support for detecting SMACK. Since this condition already supports SELinux and AppArmor we only miss IMA for this. Patches welcome! Contributions from: Karol Lewandowski, Lennart Poettering, Zbigniew Jędrzejewski-Szmek CHANGES WITH 203: * systemd-nspawn will now create /etc/resolv.conf if necessary, before bind-mounting the host's file onto it. * systemd-nspawn will now store meta information about a container on the container's cgroup as extended attribute fields, including the root directory. * The cgroup hierarchy has been reworked in many ways. All objects any of the components systemd creates in the cgroup tree are now suffixed. More specifically, user sessions are now placed in cgroups suffixed with ".session", users in cgroups suffixed with ".user", and nspawn containers in cgroups suffixed with ".nspawn". Furthermore, all cgroup names are now escaped in a simple scheme to avoid collision of userspace object names with kernel filenames. This work is preparation for making these objects relocatable in the cgroup tree, in order to allow easy resource partitioning of these objects without causing naming conflicts. * systemctl list-dependencies gained the new switches --plain, --reverse, --after and --before. * systemd-inhibit now shows the process name of processes that have taken an inhibitor lock. * nss-myhostname will now also resolve "localhost" implicitly. This makes /etc/hosts an optional file and nicely handles that on IPv6 ::1 maps to both "localhost" and the local hostname. * libsystemd-logind.so gained a new call sd_get_machine_names() to enumerate running containers and VMs (currently only supported by very new libvirt and nspawn). sd_login_monitor can now be used to watch VMs/containers coming and going. * .include is not allowed recursively anymore, and only in unit files. Usually it is better to use drop-in snippets in .d/*.conf anyway, as introduced with systemd 198. * systemd-analyze gained a new "critical-chain" command that determines the slowest chain of units run during system boot-up. It is very useful for tracking down where optimizing boot time is the most beneficial. * systemd will no longer allow manipulating service paths in the name=systemd:/system cgroup tree using ControlGroup= in units. (But is still fine with it in all other dirs.) * There's a new systemd-nspawn@.service service file that may be used to easily run nspawn containers as system services. With the container's root directory in /var/lib/container/foobar it is now sufficient to run "systemctl start systemd-nspawn@foobar.service" to boot it. * systemd-cgls gained a new parameter "--machine" to list only the processes within a certain container. * ConditionSecurity= now can check for "apparmor". We still are lacking checks for SMACK and IMA for this condition check though. Patches welcome! * A new configuration file /etc/systemd/sleep.conf has been added that may be used to configure which kernel operation systemd is supposed to execute when "suspend", "hibernate" or "hybrid-sleep" is requested. This makes the new kernel "freeze" state accessible to the user. * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape the passed argument if applicable. Contributions from: Auke Kok, Colin Guthrie, Colin Walters, Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner, Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn, MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew Jędrzejewski-Szmek CHANGES WITH 202: * The output of 'systemctl list-jobs' got some polishing. The '--type=' argument may now be passed more than once. A new command 'systemctl list-sockets' has been added which shows a list of kernel sockets systemd is listening on with the socket units they belong to, plus the units these socket units activate. * The experimental libsystemd-bus library got substantial updates to work in conjunction with the (also experimental) kdbus kernel project. It works well enough to exchange messages with some sophistication. Note that kdbus is not ready yet, and the library is mostly an elaborate test case for now, and not installable. * systemd gained a new unit 'systemd-static-nodes.service' that generates static device nodes earlier during boot, and can run in conjunction with udev. * libsystemd-login gained a new call sd_pid_get_user_unit() to retrieve the user systemd unit a process is running in. This is useful for systems where systemd is used as session manager. * systemd-nspawn now places all containers in the new /machine top-level cgroup directory in the name=systemd hierarchy. libvirt will soon do the same, so that we get a uniform separation of /system, /user and /machine for system services, user processes and containers/virtual machines. This new cgroup hierarchy is also useful to stick stable names to specific container instances, which can be recognized later this way (this name may be controlled via systemd-nspawn's new -M switch). libsystemd-login also gained a new call sd_pid_get_machine_name() to retrieve the name of the container/VM a specific process belongs to. * bootchart can now store its data in the journal. * libsystemd-journal gained a new call sd_journal_add_conjunction() for AND expressions to the matching logic. This can be used to express more complex logical expressions. * journactl can now take multiple --unit= and --user-unit= switches. * The cryptsetup logic now understands the "luks.key=" kernel command line switch for specifying a file to read the decryption key from. Also, if a configured key file is not found the tool will now automatically fall back to prompting the user. * Python systemd.journal module was updated to wrap recently added functions from libsystemd-journal. The interface was changed to bring the low level interface in s.j._Reader closer to the C API, and the high level interface in s.j.Reader was updated to wrap and convert all data about an entry. Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer, Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer, Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt, Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks, Tom Gundersen, Zbigniew Jędrzejewski-Szmek CHANGES WITH 201: * journalctl --update-catalog now understands a new --root= option to operate on catalogs found in a different root directory. * During shutdown after systemd has terminated all running services a final killing loop kills all remaining left-over processes. We will now print the name of these processes when we send SIGKILL to them, since this usually indicates a problem. * If /etc/crypttab refers to password files stored on configured mount points automatic dependencies will now be generated to ensure the specific mount is established first before the key file is attempted to be read. * 'systemctl status' will now show information about the network sockets a socket unit is listening on. * 'systemctl status' will also shown information about any drop-in configuration file for units. (Drop-In configuration files in this context are files such as /etc/systemd/systemd/foobar.service.d/*.conf) * systemd-cgtop now optionally shows summed up CPU times of cgroups. Press '%' while running cgtop to switch between percentage and absolute mode. This is useful to determine which cgroups use up the most CPU time over the entire runtime of the system. systemd-cgtop has also been updated to be 'pipeable' for processing with further shell tools. * 'hostnamectl set-hostname' will now allow setting of FQDN hostnames. * The formatting and parsing of time span values has been changed. The parser now understands fractional expressions such as "5.5h". The formatter will now output fractional expressions for all time spans under 1min, i.e. "5.123456s" rather than "5s 123ms 456us". For time spans under 1s millisecond values are shown, for those under 1ms microsecond values are shown. This should greatly improve all time-related output of systemd. * libsystemd-login and libsystemd-journal gained new functions for querying the poll() events mask and poll() timeout value for integration into arbitrary event loops. * localectl gained the ability to list available X11 keymaps (models, layouts, variants, options). * 'systemd-analyze dot' gained the ability to filter for specific units via shell-style globs, to create smaller, more useful graphs. I.e. it is now possible to create simple graphs of all the dependencies between only target units, or of all units that Avahi has dependencies with. Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck, Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau, Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie, Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach CHANGES WITH 200: * The boot-time readahead implementation for rotating media will now read the read-ahead data in multiple passes which consist of all read requests made in equidistant time intervals. This means instead of strictly reading read-ahead data in its physical order on disk we now try to find a middle ground between physical and access time order. * /etc/os-release files gained a new BUILD_ID= field for usage on operating systems that provide continuous builds of OS images. Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín William Douglas, Zbigniew Jędrzejewski-Szmek CHANGES WITH 199: * systemd-python gained an API exposing libsystemd-daemon. * The SMACK setup logic gained support for uploading CIPSO security policy. * Behaviour of PrivateTmp=, ReadWriteDirectories=, ReadOnlyDirectories= and InaccessibleDirectories= has changed. The private /tmp and /var/tmp directories are now shared by all processes of a service (which means ExecStartPre= may now leave data in /tmp that ExecStart= of the same service can still access). When a service is stopped its temporary directories are immediately deleted (normal clean-up with tmpfiles is still done in addition to this though). * By default, systemd will now set a couple of sysctl variables in the kernel: the safe sysrq options are turned on, IP route verification is turned on, and source routing disabled. The recently added hardlink and softlink protection of the kernel is turned on. These settings should be reasonably safe, and good defaults for all new systems. * The predictable network naming logic may now be turned off with a new kernel command line switch: net.ifnames=0. * A new libsystemd-bus module has been added that implements a pretty complete D-Bus client library. For details see: https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html * journald will now explicitly flush the journal files to disk at the latest 5min after each write. The file will then also be marked offline until the next write. This should increase reliability in case of a crash. The synchronization delay can be configured via SyncIntervalSec= in journald.conf. * There's a new remote-fs-setup.target unit that can be used to pull in specific services when at least one remote file system is to be mounted. * There are new targets timers.target and paths.target as canonical targets to pull user timer and path units in from. This complements sockets.target with a similar purpose for socket units. * libudev gained a new call udev_device_set_attribute_value() to set sysfs attributes of a device. * The udev daemon now sets the default number of worker processes executed in parallel based on the number of available CPUs instead of the amount of available RAM. This is supposed to provide a more reliable default and limit a too aggressive parallelism for setups with 1000s of devices connected. Contributions from: Auke Kok, Colin Walters, Cristian Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering, Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl, Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen, Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek CHANGES WITH 198: * Configuration of unit files may now be extended via drop-in files without having to edit/override the unit files themselves. More specifically, if the administrator wants to change one value for a service file foobar.service he can now do so by dropping in a configuration snippet into /etc/systemd/system/foobar.service.d/*.conf. The unit logic will load all these snippets and apply them on top of the main unit configuration file, possibly extending or overriding its settings. Using these drop-in snippets is generally nicer than the two earlier options for changing unit files locally: copying the files from /usr/lib/systemd/system/ to /etc/systemd/system/ and editing them there; or creating a new file in /etc/systemd/system/ that incorporates the original one via ".include". Drop-in snippets into these .d/ directories can be placed in any directory systemd looks for units in, and the usual overriding semantics between /usr/lib, /etc and /run apply for them too. * Most unit file settings which take lists of items can now be reset by assigning the empty string to them. For example, normally, settings such as Environment=FOO=BAR append a new environment variable assignment to the environment block, each time they are used. By assigning Environment= the empty string the environment block can be reset to empty. This is particularly useful with the .d/*.conf drop-in snippets mentioned above, since this adds the ability to reset list settings from vendor unit files via these drop-ins. * systemctl gained a new "list-dependencies" command for listing the dependencies of a unit recursively. * Inhibitors are now honored and listed by "systemctl suspend", "systemctl poweroff" (and similar) too, not only GNOME. These commands will also list active sessions by other users. * Resource limits (as exposed by the various control group controllers) can now be controlled dynamically at runtime for all units. More specifically, you can now use a command like "systemctl set-cgroup-attr foobar.service cpu.shares 2000" to alter the CPU shares a specific service gets. These settings are stored persistently on disk, and thus allow the administrator to easily adjust the resource usage of services with a few simple commands. This dynamic resource management logic is also available to other programs via the bus. Almost any kernel cgroup attribute and controller is supported. * systemd-vconsole-setup will now copy all font settings to all allocated VTs, where it previously applied them only to the foreground VT. * libsystemd-login gained the new sd_session_get_tty() API call. * This release drops support for a few legacy or distribution-specific LSB facility names when parsing init scripts: $x-display-manager, $mail-transfer-agent, $mail-transport-agent, $mail-transfer-agent, $smtp, $null. Also, the mail-transfer-agent.target unit backing this has been removed. Distributions which want to retain compatibility with this should carry the burden for supporting this themselves and patch support for these back in, if they really need to. Also, the facilities $syslog and $local_fs are now ignored, since systemd does not support early-boot LSB init scripts anymore, and these facilities are implied anyway for normal services. syslog.target has also been removed. * There are new bus calls on PID1's Manager object for cancelling jobs, and removing snapshot units. Previously, both calls were only available on the Job and Snapshot objects themselves. * systemd-journal-gatewayd gained SSL support. * The various "environment" files, such as /etc/locale.conf now support continuation lines with a backslash ("\") as last character in the line, similarly in style (but different) to how this is supported in shells. * For normal user processes the _SYSTEMD_USER_UNIT= field is now implicitly appended to every log entry logged. systemctl has been updated to filter by this field when operating on a user systemd instance. * nspawn will now implicitly add the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities to the capabilities set for the container. This makes it easier to boot unmodified Fedora systems in a container, which however still requires audit=0 to be passed on the kernel command line. Auditing in kernel and userspace is unfortunately still too broken in context of containers, hence we recommend compiling it out of the kernel or using audit=0. Hopefully this will be fixed one day for good in the kernel. * nspawn gained the new --bind= and --bind-ro= parameters to bind mount specific directories from the host into the container. * nspawn will now mount its own devpts file system instance into the container, in order not to leak pty devices from the host into the container. * systemd will now read the firmware boot time performance information from the EFI variables, if the used boot loader supports this, and takes it into account for boot performance analysis via "systemd-analyze". This is currently supported only in conjunction with Gummiboot, but could be supported by other boot loaders too. For details see: https://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface * A new generator has been added that automatically mounts the EFI System Partition (ESP) to /boot, if that directory exists, is empty, and no other file system has been configured to be mounted there. * logind will now send out PrepareForSleep(false) out unconditionally, after coming back from suspend. This may be used by applications as asynchronous notification for system resume events. * "systemctl unlock-sessions" has been added, that allows unlocking the screens of all user sessions at once, similar to how "systemctl lock-sessions" already locked all users sessions. This is backed by a new D-Bus call UnlockSessions(). * "loginctl seat-status" will now show the master device of a seat. (i.e. the device of a seat that needs to be around for the seat to be considered available, usually the graphics card). * tmpfiles gained a new "X" line type, that allows configuration of files and directories (with wildcards) that shall be excluded from automatic cleanup ("aging"). * udev default rules set the device node permissions now only at "add" events, and do not change them any longer with a later "change" event. * The log messages for lid events and power/sleep keypresses now carry a message ID. * We now have a substantially larger unit test suite, but this continues to be work in progress. * udevadm hwdb gained a new --root= parameter to change the root directory to operate relative to. * logind will now issue a background sync() request to the kernel early at shutdown, so that dirty buffers are flushed to disk early instead of at the last moment, in order to optimize shutdown times a little. * A new bootctl tool has been added that is an interface for certain boot loader operations. This is currently a preview and is likely to be extended into a small mechanism daemon like timedated, localed, hostnamed, and can be used by graphical UIs to enumerate available boot options, and request boot into firmware operations. * systemd-bootchart has been relicensed to LGPLv2.1+ to match the rest of the package. It also has been updated to work correctly in initrds. * Policykit previously has been runtime optional, and is now also compile time optional via a configure switch. * systemd-analyze has been reimplemented in C. Also "systemctl dot" has moved into systemd-analyze. * "systemctl status" with no further parameters will now print the status of all active or failed units. * Operations such as "systemctl start" can now be executed with a new mode "--irreversible" which may be used to queue operations that cannot accidentally be reversed by a later job queuing. This is by default used to make shutdown requests more robust. * The Python API of systemd now gained a new module for reading journal files. * A new tool kernel-install has been added that can install kernel images according to the Boot Loader Specification: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec * Boot time console output has been improved to provide animated boot time output for hanging jobs. * A new tool systemd-activate has been added which can be used to test socket activation with, directly from the command line. This should make it much easier to test and debug socket activation in daemons. * journalctl gained a new "--reverse" (or -r) option to show journal output in reverse order (i.e. newest line first). * journalctl gained a new "--pager-end" (or -e) option to jump to immediately jump to the end of the journal in the pager. This is only supported in conjunction with "less". * journalctl gained a new "--user-unit=" option, that works similarly to "--unit=" but filters for user units rather than system units. * A number of unit files to ease adoption of systemd in initrds has been added. This moves some minimal logic from the various initrd implementations into systemd proper. * The journal files are now owned by a new group "systemd-journal", which exists specifically to allow access to the journal, and nothing else. Previously, we used the "adm" group for that, which however possibly covers more than just journal/log file access. This new group is now already used by systemd-journal-gatewayd to ensure this daemon gets access to the journal files and as little else as possible. Note that "make install" will also set FS ACLs up for /var/log/journal to give "adm" and "wheel" read access to it, in addition to "systemd-journal" which owns the journal files. We recommend that packaging scripts also add read access to "adm" + "wheel" to /var/log/journal, and all existing/future journal files. To normal users and administrators little changes, however packagers need to ensure to create the "systemd-journal" system group at package installation time. * The systemd-journal-gatewayd now runs as unprivileged user systemd-journal-gateway:systemd-journal-gateway. Packaging scripts need to create these system user/group at installation time. * timedated now exposes a new boolean property CanNTP that indicates whether a local NTP service is available or not. * systemd-detect-virt will now also detect xen PVs * The pstore file system is now mounted by default, if it is available. * In addition to the SELinux and IMA policies we will now also load SMACK policies at early boot. Contributions from: Adel Gadllah, Aleksander Morgado, Auke Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch, Daniel Wallace, Dave Reisner, David Herrmann, David Strauss, Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer, Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil, Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, William Giokas, Zbigniew Jędrzejewski-Szmek, Zeeshan Ali (Khattak) CHANGES WITH 197: * Timer units now support calendar time events in addition to monotonic time events. That means you can now trigger a unit based on a calendar time specification such as "Thu,Fri 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first or fifth day of any month of the year 2013, given that it is a thursday or friday. This brings timer event support considerably closer to cron's capabilities. For details on the supported calendar time specification language see systemd.time(7). * udev now supports a number of different naming policies for network interfaces for predictable names, and a combination of these policies is now the default. Please see this wiki document for details: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames * Auke Kok's bootchart implementation has been added to the systemd tree. It is an optional component that can graph the boot in quite some detail. It is one of the best bootchart implementations around and minimal in its code and dependencies. * nss-myhostname has been integrated into the systemd source tree. nss-myhostname guarantees that the local hostname always stays resolvable via NSS. It has been a weak requirement of systemd-hostnamed since a long time, and since its code is actually trivial we decided to just include it in systemd's source tree. It can be turned off with a configure switch. * The read-ahead logic is now capable of properly detecting whether a btrfs file system is on SSD or rotating media, in order to optimize the read-ahead scheme. Previously, it was only capable of detecting this on traditional file systems such as ext4. * In udev, additional device properties are now read from the IAB in addition to the OUI database. Also, Bluetooth company identities are attached to the devices as well. * In service files %U may be used as specifier that is replaced by the configured user name of the service. * nspawn may now be invoked without a controlling TTY. This makes it suitable for invocation as its own service. This may be used to set up a simple containerized server system using only core OS tools. * systemd and nspawn can now accept socket file descriptors when they are started for socket activation. This enables implementation of socket activated nspawn containers. i.e. think about autospawning an entire OS image when the first SSH or HTTP connection is received. We expect that similar functionality will also be added to libvirt-lxc eventually. * journalctl will now suppress ANSI color codes when presenting log data. * systemctl will no longer show control group information for a unit if the control group is empty anyway. * logind can now automatically suspend/hibernate/shutdown the system on idle. * /etc/machine-info and hostnamed now also expose the chassis type of the system. This can be used to determine whether the local system is a laptop, desktop, handset or tablet. This information may either be configured by the user/vendor or is automatically determined from ACPI and DMI information if possible. * A number of PolicyKit actions are now bound together with "imply" rules. This should simplify creating UIs because many actions will now authenticate similar ones as well. * Unit files learnt a new condition ConditionACPower= which may be used to conditionalize a unit depending on whether an AC power source is connected or not, of whether the system is running on battery power. * systemctl gained a new "is-failed" verb that may be used in shell scripts and suchlike to check whether a specific unit is in the "failed" state. * The EnvironmentFile= setting in unit files now supports file globbing, and can hence be used to easily read a number of environment files at once. * systemd will no longer detect and recognize specific distributions. All distribution-specific #ifdeffery has been removed, systemd is now fully generic and distribution-agnostic. Effectively, not too much is lost as a lot of the code is still accessible via explicit configure switches. However, support for some distribution specific legacy configuration file formats has been dropped. We recommend distributions to simply adopt the configuration files everybody else uses now and convert the old configuration from packaging scripts. Most distributions already did that. If that's not possible or desirable, distributions are welcome to forward port the specific pieces of code locally from the git history. * When logging a message about a unit systemd will now always log the unit name in the message meta data. * localectl will now also discover system locale data that is not stored in locale archives, but directly unpacked. * logind will no longer unconditionally use framebuffer devices as seat masters, i.e. as devices that are required to be existing before a seat is considered preset. Instead, it will now look for all devices that are tagged as "seat-master" in udev. By default, framebuffer devices will be marked as such, but depending on local systems, other devices might be marked as well. This may be used to integrate graphics cards using closed source drivers (such as NVidia ones) more nicely into logind. Note however, that we recommend using the open source NVidia drivers instead, and no udev rules for the closed-source drivers will be shipped from us upstream. Contributions from: Adam Williamson, Alessandro Crismani, Auke Kok, Colin Walters, Daniel Wallace, Dave Reisner, David Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra, Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry, Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek CHANGES WITH 196: * udev gained support for loading additional device properties from an indexed database that is keyed by vendor/product IDs and similar device identifiers. For the beginning this "hwdb" is populated with data from the well-known PCI and USB database, but also includes PNP, ACPI and OID data. In the longer run this indexed database shall grow into becoming the one central database for non-essential userspace device metadata. Previously, data from the PCI/USB database was only attached to select devices, since the lookup was a relatively expensive operation due to O(n) time complexity (with n being the number of entries in the database). Since this is now O(1), we decided to add in this data for all devices where this is available, by default. Note that the indexed database needs to be rebuilt when new data files are installed. To achieve this you need to update your packaging scripts to invoke "udevadm hwdb --update" after installation of hwdb data files. For RPM-based distributions we introduced the new %udev_hwdb_update macro for this purpose. * The Journal gained support for the "Message Catalog", an indexed database to link up additional information with journal entries. For further details please check: https://www.freedesktop.org/wiki/Software/systemd/catalog The indexed message catalog database also needs to be rebuilt after installation of message catalog files. Use "journalctl --update-catalog" for this. For RPM-based distributions we introduced the %journal_catalog_update macro for this purpose. * The Python Journal bindings gained support for the standard Python logging framework. * The Journal API gained new functions for checking whether the underlying file system of a journal file is capable of properly reporting file change notifications, or whether applications that want to reflect journal changes "live" need to recheck journal files continuously in appropriate time intervals. * It is now possible to set the "age" field for tmpfiles entries to 0, indicating that files matching this entry shall always be removed when the directories are cleaned up. * coredumpctl gained a new "gdb" verb which invokes gdb right-away on the selected coredump. * There's now support for "hybrid sleep" on kernels that support this, in addition to "suspend" and "hibernate". Use "systemctl hybrid-sleep" to make use of this. * logind's HandleSuspendKey= setting (and related settings) now gained support for a new "lock" setting to simply request the screen lock on all local sessions, instead of actually executing a suspend or hibernation. * systemd will now mount the EFI variables file system by default. * Socket units now gained support for configuration of the SMACK security label. * timedatectl will now output the time of the last and next daylight saving change. * We dropped support for various legacy and distro-specific concepts, such as insserv, early-boot SysV services (i.e. those for non-standard runlevels such as 'b' or 'S') or ArchLinux /etc/rc.conf support. We recommend the distributions who still need support this to either continue to maintain the necessary patches downstream, or find a different solution. (Talk to us if you have questions!) * Various systemd components will now bypass PolicyKit checks for root and otherwise handle properly if PolicyKit is not found to be around. This should fix most issues for PolicyKit-less systems. Quite frankly this should have been this way since day one. It is absolutely our intention to make systemd work fine on PolicyKit-less systems, and we consider it a bug if something does not work as it should if PolicyKit is not around. * For embedded systems it is now possible to build udev and systemd without blkid and/or kmod support. * "systemctl switch-root" is now capable of switching root more than once. I.e. in addition to transitions from the initrd to the host OS it is now possible to transition to further OS images from the host. This is useful to implement offline updating tools. * Various other additions have been made to the RPM macros shipped with systemd. Use %udev_rules_update() after installing new udev rules files. %_udevhwdbdir, %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir, %_sysctldir are now available which resolve to the right directories for packages to place various data files in. * journalctl gained the new --full switch (in addition to --all, to disable ellipsation for long messages. Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel, Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner, Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers, Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas, Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl, Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen, Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek CHANGES WITH 195: * journalctl gained new --since= and --until= switches to filter by time. It also now supports nice filtering for units via --unit=/-u. * Type=oneshot services may use ExecReload= and do the right thing. * The journal daemon now supports time-based rotation and vacuuming, in addition to the usual disk-space based rotation. * The journal will now index the available field values for each field name. This enables clients to show pretty drop downs of available match values when filtering. The bash completion of journalctl has been updated accordingly. journalctl gained a new switch -F to list all values a certain field takes in the journal database. * More service events are now written as structured messages to the journal, and made recognizable via message IDs. * The timedated, localed and hostnamed mini-services which previously only provided support for changing time, locale and hostname settings from graphical DEs such as GNOME now also have a minimal (but very useful) text-based client utility each. This is probably the nicest way to changing these settings from the command line now, especially since it lists available options and is fully integrated with bash completion. * There's now a new tool "systemd-coredumpctl" to list and extract coredumps from the journal. * We now install a README each in /var/log/ and /etc/rc.d/init.d explaining where the system logs and init scripts went. This hopefully should help folks who go to that dirs and look into the otherwise now empty void and scratch their heads. * When user-services are invoked (by systemd --user) the $MANAGERPID env var is set to the PID of systemd. * SIGRTMIN+24 when sent to a --user instance will now result in immediate termination of systemd. * gatewayd received numerous feature additions such as a "follow" mode, for live syncing and filtering. * browse.html now allows filtering and showing detailed information on specific entries. Keyboard navigation and mouse screen support has been added. * gatewayd/journalctl now supports HTML5/JSON Server-Sent-Events as output. * The SysV init script compatibility logic will now heuristically determine whether a script supports the "reload" verb, and only then make this available as "systemctl reload". * "systemctl status --follow" has been removed, use "journalctl -u" instead. * journald.conf's RuntimeMinSize=, PersistentMinSize= settings have been removed since they are hardly useful to be configured. * And I'd like to take the opportunity to specifically mention Zbigniew for his great contributions. Zbigniew, you rock! Contributions from: Andrew Eikum, Christian Hesse, Colin Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich, Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew Jędrzejewski-Szmek, Сковорода Никита Андреевич CHANGES WITH 194: * If /etc/vconsole.conf is non-existent or empty we will no longer load any console font or key map at boot by default. Instead the kernel defaults will be left intact. This is definitely the right thing to do, as no configuration should mean no configuration, and hard-coding font names that are different on all archs is probably a bad idea. Also, the kernel default key map and font should be good enough for most cases anyway, and mostly identical to the userspace fonts/key maps we previously overloaded them with. If distributions want to continue to default to a non-kernel font or key map they should ship a default /etc/vconsole.conf with the appropriate contents. Contributions from: Colin Walters, Daniel J Walsh, Dave Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek CHANGES WITH 193: * journalctl gained a new --cursor= switch to show entries starting from the specified location in the journal. * We now enforce a size limit on journal entry fields exported with "-o json" in journalctl. Fields larger than 4K will be assigned null. This can be turned off with --all. * An (optional) journal gateway daemon is now available as "systemd-journal-gatewayd.service". This service provides access to the journal via HTTP and JSON. This functionality will be used to implement live log synchronization in both pull and push modes, but has various other users too, such as easy log access for debugging of embedded devices. Right now it is already useful to retrieve the journal via HTTP: # systemctl start systemd-journal-gatewayd.service # wget http://localhost:19531/entries This will download the journal contents in a /var/log/messages compatible format. The same as JSON: # curl -H"Accept: application/json" http://localhost:19531/entries This service is also accessible via a web browser where a single static HTML5 app is served that uses the JSON logic to enable the user to do some basic browsing of the journal. This will be extended later on. Here's an example screenshot of this app in its current state: http://0pointer.de/public/journal-gatewayd Contributions from: Kay Sievers, Lennart Poettering, Robert Milasan, Tom Gundersen CHANGES WITH 192: * The bash completion logic is now available for journalctl too. * We do not mount the "cpuset" controller anymore together with "cpu" and "cpuacct", as "cpuset" groups generally cannot be started if no parameters are assigned to it. "cpuset" hence broke code that assumed it could create "cpu" groups and just start them. * journalctl -f will now subscribe to terminal size changes, and line break accordingly. Contributions from: Dave Reisner, Kay Sievers, Lennart Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín CHANGES WITH 191: * nspawn will now create a symlink /etc/localtime in the container environment, copying the host's timezone setting. Previously this has been done via a bind mount, but since symlinks cannot be bind mounted this has now been changed to create/update the appropriate symlink. * journalctl -n's line number argument is now optional, and will default to 10 if omitted. * journald will now log the maximum size the journal files may take up on disk. This is particularly useful if the default built-in logic of determining this parameter from the file system size is used. Use "systemctl status systemd-journald.service" to see this information. * The multi-seat X wrapper tool has been stripped down. As X is now capable of enumerating graphics devices via udev in a seat-aware way the wrapper is not strictly necessary anymore. A stripped down temporary stop-gap is still shipped until the upstream display managers have been updated to fully support the new X logic. Expect this wrapper to be removed entirely in one of the next releases. * HandleSleepKey= in logind.conf has been split up into HandleSuspendKey= and HandleHibernateKey=. The old setting is not available anymore. X11 and the kernel are distinguishing between these keys and we should too. This also means the inhibition lock for these keys has been split into two. Contributions from: Dave Airlie, Eelco Dolstra, Lennart Poettering, Lukas Nykryn, Václav Pavlín CHANGES WITH 190: * Whenever a unit changes state we will now log this to the journal and show along the unit's own log output in "systemctl status". * ConditionPathIsMountPoint= can now properly detect bind mount points too. (Previously, a bind mount of one file system to another place in the same file system could not be detected as mount, since they shared struct stat's st_dev field.) * We will now mount the cgroup controllers cpu, cpuacct, cpuset and the controllers net_cls, net_prio together by default. * nspawn containers will now have a virtualized boot ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted over with a randomized ID at container initialization). This has the effect of making "journalctl -b" do the right thing in a container. * The JSON output journal serialization has been updated not to generate "endless" list objects anymore, but rather one JSON object per line. This is more in line how most JSON parsers expect JSON objects. The new output mode "json-pretty" has been added to provide similar output, but neatly aligned for readability by humans. * We dropped all explicit sync() invocations in the shutdown code. The kernel does this implicitly anyway in the kernel reboot() syscall. halt(8)'s -n option is now a compatibility no-op. * We now support virtualized reboot() in containers, as supported by newer kernels. We will fall back to exit() if CAP_SYS_REBOOT is not available to the container. Also, nspawn makes use of this now and will actually reboot the container if the containerized OS asks for that. * journalctl will only show local log output by default now. Use --merge (-m) to show remote log output, too. * libsystemd-journal gained the new sd_journal_get_usage() call to determine the current disk usage of all journal files. This is exposed in the new "journalctl --disk-usage" command. * journald gained a new configuration setting SplitMode= in journald.conf which may be used to control how user journals are split off. See journald.conf(5) for details. * A new condition type ConditionFileNotEmpty= has been added. * tmpfiles' "w" lines now support file globbing, to write multiple files at once. * We added Python bindings for the journal submission APIs. More Python APIs for a number of selected APIs will likely follow. Note that we intend to add native bindings only for the Python language, as we consider it common enough to deserve bindings shipped within systemd. There are various projects outside of systemd that provide bindings for languages such as PHP or Lua. * Many conditions will now resolve specifiers such as %i. In addition, PathChanged= and related directives of .path units now support specifiers as well. * There's now a new RPM macro definition for the system preset dir: %_presetdir. * journald will now warn if it ca not forward a message to the syslog daemon because its socket is full. * timedated will no longer write or process /etc/timezone, except on Debian. As we do not support late mounted /usr anymore /etc/localtime always being a symlink is now safe, and hence the information in /etc/timezone is not necessary anymore. * logind will now always reserve one VT for a text getty (VT6 by default). Previously if more than 6 X sessions where started they took up all the VTs with auto-spawned gettys, so that no text gettys were available anymore. * udev will now automatically inform the btrfs kernel logic about btrfs RAID components showing up. This should make simple hotplug based btrfs RAID assembly work. * PID 1 will now increase its RLIMIT_NOFILE to 64K by default (but not for its children which will stay at the kernel default). This should allow setups with a lot more listening sockets. * systemd will now always pass the configured timezone to the kernel at boot. timedated will do the same when the timezone is changed. * logind's inhibition logic has been updated. By default, logind will now handle the lid switch, the power and sleep keys all the time, even in graphical sessions. If DEs want to handle these events on their own they should take the new handle-power-key, handle-sleep-key and handle-lid-switch inhibitors during their runtime. A simple way to achieve that is to invoke the DE wrapped in an invocation of: systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ... * Access to unit operations is now checked via SELinux taking the unit file label and client process label into account. * systemd will now notify the administrator in the journal when he over-mounts a non-empty directory. * There are new specifiers that are resolved in unit files, for the host name (%H), the machine ID (%m) and the boot ID (%b). Contributions from: Allin Cottrell, Auke Kok, Brandon Philips, Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz, Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek CHANGES WITH 189: * Support for reading structured kernel messages from /dev/kmsg has now been added and is enabled by default. * Support for reading kernel messages from /proc/kmsg has now been removed. If you want kernel messages in the journal make sure to run a recent kernel (>= 3.5) that supports reading structured messages from /dev/kmsg (see above). /proc/kmsg is now exclusive property of classic syslog daemons again. * The libudev API gained the new udev_device_new_from_device_id() call. * The logic for file system namespace (ReadOnlyDirectory=, ReadWriteDirectoy=, PrivateTmp=) has been reworked not to require pivot_root() anymore. This means fewer temporary directories are created below /tmp for this feature. * nspawn containers will now see and receive all submounts made on the host OS below the root file system of the container. * Forward Secure Sealing is now supported for Journal files, which provide cryptographical sealing of journal files so that attackers cannot alter log history anymore without this being detectable. Lennart will soon post a blog story about this explaining it in more detail. * There are two new service settings RestartPreventExitStatus= and SuccessExitStatus= which allow configuration of exit status (exit code or signal) which will be excepted from the restart logic, resp. consider successful. * journalctl gained the new --verify switch that can be used to check the integrity of the structure of journal files and (if Forward Secure Sealing is enabled) the contents of journal files. * nspawn containers will now be run with /dev/stdin, /dev/fd/ and similar symlinks pre-created. This makes running shells as container init process a lot more fun. * The fstab support can now handle PARTUUID= and PARTLABEL= entries. * A new ConditionHost= condition has been added to match against the hostname (with globs) and machine ID. This is useful for clusters where a single OS image is used to provision a large number of hosts which shall run slightly different sets of services. * Services which hit the restart limit will now be placed in a failure state. Contributions from: Bertram Poettering, Dave Reisner, Huang Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek CHANGES WITH 188: * When running in --user mode systemd will now become a subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps tree a lot more organized. * A new PartOf= unit dependency type has been introduced that may be used to group services in a natural way. * "systemctl enable" may now be used to enable instances of services. * journalctl now prints error log levels in red, and warning/notice log levels in bright white. It also supports filtering by log level now. * cgtop gained a new -n switch (similar to top), to configure the maximum number of iterations to run for. It also gained -b, to run in batch mode (accepting no input). * The suffix ".service" may now be omitted on most systemctl command lines involving service unit names. * There's a new bus call in logind to lock all sessions, as well as a loginctl verb for it "lock-sessions". * libsystemd-logind.so gained a new call sd_journal_perror() that works similar to libc perror() but logs to the journal and encodes structured information about the error number. * /etc/crypttab entries now understand the new keyfile-size= option. * shutdown(8) now can send a (configurable) wall message when a shutdown is cancelled. * The mount propagation mode for the root file system will now default to "shared", which is useful to make containers work nicely out-of-the-box so that they receive new mounts from the host. This can be undone locally by running "mount --make-rprivate /" if needed. * The prefdm.service file has been removed. Distributions should maintain this unit downstream if they intend to keep it around. However, we recommend writing normal unit files for display managers instead. * Since systemd is a crucial part of the OS we will now default to a number of compiler switches that improve security (hardening) such as read-only relocations, stack protection, and suchlike. * The TimeoutSec= setting for services is now split into TimeoutStartSec= and TimeoutStopSec= to allow configuration of individual time outs for the start and the stop phase of the service. Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer, Jim Meyering, Kay Sievers, Lennart Poettering, Mantas Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom Gundersen, Zbigniew Jędrzejewski-Szmek CHANGES WITH 187: * The journal and id128 C APIs are now fully documented as man pages. * Extra safety checks have been added when transitioning from the initial RAM disk to the main system to avoid accidental data loss. * /etc/crypttab entries now understand the new keyfile-offset= option. * systemctl -t can now be used to filter by unit load state. * The journal C API gained the new sd_journal_wait() call to make writing synchronous journal clients easier. * journalctl gained the new -D switch to show journals from a specific directory. * journalctl now displays a special marker between log messages of two different boots. * The journal is now explicitly flushed to /var via a service systemd-journal-flush.service, rather than implicitly simply by seeing /var/log/journal to be writable. * journalctl (and the journal C APIs) can now match for much more complex expressions, with alternatives and disjunctions. * When transitioning from the initial RAM disk to the main system we will now kill all processes in a killing spree to ensure no processes stay around by accident. * Three new specifiers may be used in unit files: %u, %h, %s resolve to the user name, user home directory resp. user shell. This is useful for running systemd user instances. * We now automatically rotate journal files if their data object hash table gets a fill level > 75%. We also size the hash table based on the configured maximum file size. This together should lower hash collisions drastically and thus speed things up a bit. * journalctl gained the new "--header" switch to introspect header data of journal files. * A new setting SystemCallFilters= has been added to services which may be used to apply blacklists or whitelists to system calls. This is based on SECCOMP Mode 2 of Linux 3.5. * nspawn gained a new --link-journal= switch (and quicker: -j) to link the container journal with the host. This makes it very easy to centralize log viewing on the host for all guests while still keeping the journal files separated. * Many bugfixes and optimizations Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew Jędrzejewski-Szmek CHANGES WITH 186: * Several tools now understand kernel command line arguments, which are only read when run in an initial RAM disk. They usually follow closely their normal counterparts, but are prefixed with rd. * There's a new tool to analyze the readahead files that are automatically generated at boot. Use: /usr/lib/systemd/systemd-readahead analyze /.readahead * We now provide an early debug shell on tty9 if this enabled. Use: systemctl enable debug-shell.service * All plymouth related units have been moved into the Plymouth package. Please make sure to upgrade your Plymouth version as well. * systemd-tmpfiles now supports getting passed the basename of a configuration file only, in which case it will look for it in all appropriate directories automatically. * udevadm info now takes a /dev or /sys path as argument, and does the right thing. Example: udevadm info /dev/sda udevadm info /sys/class/block/sda * systemctl now prints a warning if a unit is stopped but a unit that might trigger it continues to run. Example: a service is stopped but the socket that activates it is left running. * "systemctl status" will now mention if the log output was shortened due to rotation since a service has been started. * The journal API now exposes functions to determine the "cutoff" times due to rotation. * journald now understands SIGUSR1 and SIGUSR2 for triggering immediately flushing of runtime logs to /var if possible, resp. for triggering immediate rotation of the journal files. * It is now considered an error if a service is attempted to be stopped that is not loaded. * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames. * systemd-analyze now supports Python 3 * tmpfiles now supports cleaning up directories via aging where the first level dirs are always kept around but directories beneath it automatically aged. This is enabled by prefixing the age field with '~'. * Seat objects now expose CanGraphical, CanTTY properties which is required to deal with very fast bootups where the display manager might be running before the graphics drivers completed initialization. * Seat objects now expose a State property. * We now include RPM macros for service enabling/disabling based on the preset logic. We recommend RPM based distributions to make use of these macros if possible. This makes it simpler to reuse RPM spec files across distributions. * We now make sure that the collected systemd unit name is always valid when services log to the journal via STDOUT/STDERR. * There's a new man page kernel-command-line(7) detailing all command line options we understand. * The fstab generator may now be disabled at boot by passing fstab=0 on the kernel command line. * A new kernel command line option modules-load= is now understood to load a specific kernel module statically, early at boot. * Unit names specified on the systemctl command line are now automatically escaped as needed. Also, if file system or device paths are specified they are automatically turned into the appropriate mount or device unit names. Example: systemctl status /home systemctl status /dev/sda * The SysVConsole= configuration option has been removed from system.conf parsing. * The SysV search path is no longer exported on the D-Bus Manager object. * The Names= option has been removed from unit file parsing. * There's a new man page bootup(7) detailing the boot process. * Every unit and every generator we ship with systemd now comes with full documentation. The self-explanatory boot is complete. * A couple of services gained "systemd-" prefixes in their name if they wrap systemd code, rather than only external code. Among them fsck@.service which is now systemd-fsck@.service. * The HaveWatchdog property has been removed from the D-Bus Manager object. * systemd.confirm_spawn= on the kernel command line should now work sensibly. * There's a new man page crypttab(5) which details all options we actually understand. * systemd-nspawn gained a new --capability= switch to pass additional capabilities to the container. * timedated will now read known NTP implementation unit names from /usr/lib/systemd/ntp-units.d/*.list, systemd-timedated-ntp.target has been removed. * journalctl gained a new switch "-b" that lists log data of the current boot only. * The notify socket is in the abstract namespace again, in order to support daemons which chroot() at start-up. * There is a new Storage= configuration option for journald which allows configuration of where log data should go. This also provides a way to disable journal logging entirely, so that data collected is only forwarded to the console, the kernel log buffer or another syslog implementation. * Many bugfixes and optimizations Contributions from: Auke Kok, Colin Guthrie, Dave Reisner, David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering, Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel, Shawn Landden, Tom Gundersen CHANGES WITH 185: * "systemctl help " now shows the man page if one is available. * Several new man pages have been added. * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole= can now be specified in journald.conf. These options allow reducing the amount of data stored on disk or forwarded by the log level. * TimerSlackNSec= can now be specified in system.conf for PID1. This allows system-wide power savings. Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen, Lennart Poettering, Malte Starostik, Marc-Antoine Perennou, Matthias Clasen CHANGES WITH 184: * logind is now capable of (optionally) handling power and sleep keys as well as the lid switch. * journalctl now understands the syntax "journalctl /usr/bin/avahi-daemon" to get all log output of a specific daemon. * CapabilityBoundingSet= in system.conf now also influences the capability bound set of usermode helpers of the kernel. Contributions from: Daniel Drake, Daniel J. Walsh, Gert Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers, Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul Menzel, Shawn Landden, Tero Roponen, Tom Gundersen CHANGES WITH 183: * Note that we skipped 139 releases here in order to set the new version to something that is greater than both udev's and systemd's most recent version number. * udev: all udev sources are merged into the systemd source tree now. All future udev development will happen in the systemd tree. It is still fully supported to use the udev daemon and tools without systemd running, like in initramfs or other init systems. Building udev though, will require the *build* of the systemd tree, but udev can be properly *run* without systemd. * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles should be used to create dead device nodes as workarounds for broken subsystems. * udev: RUN+="socket:..." and udev_monitor_new_from_socket() is no longer supported. udev_monitor_new_from_netlink() needs to be used to subscribe to events. * udev: when udevd is started by systemd, processes which are left behind by forking them off of udev rules, are unconditionally cleaned up and killed now after the event handling has finished. Services or daemons must be started as systemd services. Services can be pulled-in by udev to get started, but they can no longer be directly forked by udev rules. * udev: the daemon binary is called systemd-udevd now and installed in /usr/lib/systemd/. Standalone builds or non-systemd systems need to adapt to that, create symlink, or rename the binary after building it. * libudev no longer provides these symbols: udev_monitor_from_socket() udev_queue_get_failed_list_entry() udev_get_{dev,sys,run}_path() The versions number was bumped and symbol versioning introduced. * systemd-loginctl and systemd-journalctl have been renamed to loginctl and journalctl to match systemctl. * The config files: /etc/systemd/systemd-logind.conf and /etc/systemd/systemd-journald.conf have been renamed to logind.conf and journald.conf. Package updates should rename the files to the new names on upgrade. * For almost all files the license is now LGPL2.1+, changed from the previous GPL2.0+. Exceptions are some minor stuff of udev (which will be changed to LGPL2.1 eventually, too), and the MIT licensed sd-daemon.[ch] library that is suitable to be used as drop-in files. * systemd and logind now handle system sleep states, in particular suspending and hibernating. * logind now implements a sleep/shutdown/idle inhibiting logic suitable for a variety of uses. Soonishly Lennart will blog about this in more detail. * var-run.mount and var-lock.mount are no longer provided (which previously bind mounted these directories to their new places). Distributions which have not converted these directories to symlinks should consider stealing these files from git history and add them downstream. * We introduced the Documentation= field for units and added this to all our shipped units. This is useful to make it easier to explore the boot and the purpose of the various units. * All smaller setup units (such as systemd-vconsole-setup.service) now detect properly if they are run in a container and are skipped when appropriate. This guarantees an entirely noise-free boot in Linux container environments such as systemd-nspawn. * A framework for implementing offline system updates is now integrated, for details see: https://www.freedesktop.org/wiki/Software/systemd/SystemUpdates * A new service type Type=idle is available now which helps us avoiding ugly interleaving of getty output and boot status messages. * There's now a system-wide CapabilityBoundingSet= option to globally reduce the set of capabilities for the system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO, CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or even CAP_NET_ADMIN system-wide for secure systems. * There are now system-wide DefaultLimitXXX= options to globally change the defaults of the various resource limits for all units started by PID 1. * Harald Hoyer's systemd test suite has been integrated into systemd which allows easy testing of systemd builds in qemu and nspawn. (This is really awesome! Ask us for details!) * The fstab parser is now implemented as generator, not inside of PID 1 anymore. * systemctl will now warn you if .mount units generated from /etc/fstab are out of date due to changes in fstab that have not been read by systemd yet. * systemd is now suitable for usage in initrds. Dracut has already been updated to make use of this. With this in place initrds get a slight bit faster but primarily are much easier to introspect and debug since "systemctl status" in the host system can be used to introspect initrd services, and the journal from the initrd is kept around too. * systemd-delta has been added, a tool to explore differences between user/admin configuration and vendor defaults. * PrivateTmp= now affects both /tmp and /var/tmp. * Boot time status messages are now much prettier and feature proper english language. Booting up systemd has never been so sexy. * Read-ahead pack files now include the inode number of all files to pre-cache. When the inode changes the pre-caching is not attempted. This should be nicer to deal with updated packages which might result in changes of read-ahead patterns. * We now temporaritly lower the kernel's read_ahead_kb variable when collecting read-ahead data to ensure the kernel's built-in read-ahead does not add noise to our measurements of necessary blocks to pre-cache. * There's now RequiresMountsFor= to add automatic dependencies for all mounts necessary for a specific file system path. * MountAuto= and SwapAuto= have been removed from system.conf. Mounting file systems at boot has to take place in systemd now. * nspawn now learned a new switch --uuid= to set the machine ID on the command line. * nspawn now learned the -b switch to automatically search for an init system. * vt102 is now the default TERM for serial TTYs, upgraded from vt100. * systemd-logind now works on VT-less systems. * The build tree has been reorganized. The individual components now have directories of their own. * A new condition type ConditionPathIsReadWrite= is now available. * nspawn learned the new -C switch to create cgroups for the container in other hierarchies. * We now have support for hardware watchdogs, configurable in system.conf. * The scheduled shutdown logic now has a public API. * We now mount /tmp as tmpfs by default, but this can be masked and /etc/fstab can override it. * Since udisks does not make use of /media anymore we are not mounting a tmpfs on it anymore. * journalctl gained a new --local switch to only interleave locally generated journal files. * We can now load the IMA policy at boot automatically. * The GTK tools have been split off into a systemd-ui. Contributions from: Andreas Schwab, Auke Kok, Ayan George, Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal, Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers, Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure, Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom Gundersen CHANGES WITH 44: * This is mostly a bugfix release * Support optional initialization of the machine ID from the KVM or container configured UUID. * Support immediate reboots with "systemctl reboot -ff" * Show /etc/os-release data in systemd-analyze output * Many bugfixes for the journal, including endianness fixes and ensuring that disk space enforcement works * sd-login.h is C++ compatible again * Extend the /etc/os-release format on request of the Debian folks * We now refuse non-UTF8 strings used in various configuration and unit files. This is done to ensure we do not pass invalid data over D-Bus or expose it elsewhere. * Register Mimo USB Screens as suitable for automatic seat configuration * Read SELinux client context from journal clients in a race free fashion * Reorder configuration file lookup order. /etc now always overrides /run in order to allow the administrator to always and unconditionally override vendor-supplied or automatically generated data. * The various user visible bits of the journal now have man pages. We still lack man pages for the journal API calls however. * We now ship all man pages in HTML format again in the tarball. Contributions from: Dave Reisner, Dirk Eibach, Frederic Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry Reding CHANGES WITH 43: * This is mostly a bugfix release * systems lacking /etc/os-release are no longer supported. * Various functionality updates to libsystemd-login.so * Track class of PAM logins to distinguish greeters from normal user logins. Contributions from: Kay Sievers, Lennart Poettering, Michael Biebl CHANGES WITH 42: * This is an important bugfix release for v41. * Building man pages is now optional which should be useful for those building systemd from git but unwilling to install xsltproc. * Watchdog support for supervising services is now usable. In a future release support for hardware watchdogs (i.e. /dev/watchdog) will be added building on this. * Service start rate limiting is now configurable and can be turned off per service. When a start rate limit is hit a reboot can automatically be triggered. * New CanReboot(), CanPowerOff() bus calls in systemd-logind. Contributions from: Benjamin Franzke, Bill Nottingham, Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal Schmidt, Michał Górny, Piotr Drąg CHANGES WITH 41: * The systemd binary is installed /usr/lib/systemd/systemd now; An existing /sbin/init symlink needs to be adapted with the package update. * The code that loads kernel modules has been ported to invoke libkmod directly, instead of modprobe. This means we do not support systems with module-init-tools anymore. * Watchdog support is now already useful, but still not complete. * A new kernel command line option systemd.setenv= is understood to set system wide environment variables dynamically at boot. * We now limit the set of capabilities of systemd-journald. * We now set SIGPIPE to ignore by default, since it only is useful in shell pipelines, and has little use in general code. This can be disabled with IgnoreSIPIPE=no in unit files. Contributions from: Benjamin Franzke, Kay Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen, William Douglas CHANGES WITH 40: * This is mostly a bugfix release * We now expose the reason why a service failed in the "Result" D-Bus property. * Rudimentary service watchdog support (will be completed over the next few releases.) * When systemd forks off in order execute some service we will now immediately changes its argv[0] to reflect which process it will execute. This is useful to minimize the time window with a generic argv[0], which makes bootcharts more useful Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt, Mike Kazantsev, Ray Strode CHANGES WITH 39: * This is mostly a test release, but incorporates many bugfixes. * New systemd-cgtop tool to show control groups by their resource usage. * Linking against libacl for ACLs is optional again. If disabled, support tracking device access for active logins goes becomes unavailable, and so does access to the user journals by the respective users. * If a group "adm" exists, journal files are automatically owned by them, thus allow members of this group full access to the system journal as well as all user journals. * The journal now stores the SELinux context of the logging client for all entries. * Add C++ inclusion guards to all public headers * New output mode "cat" in the journal to print only text messages, without any meta data like date or time. * Include tiny X server wrapper as a temporary stop-gap to teach XOrg udev display enumeration. This is used by display managers such as gdm, and will go away as soon as XOrg learned native udev hotplugging for display devices. * Add new systemd-cat tool for executing arbitrary programs with STDERR/STDOUT connected to the journal. Can also act as BSD logger replacement, and does so by default. * Optionally store all locally generated coredumps in the journal along with meta data. * systemd-tmpfiles learnt four new commands: n, L, c, b, for writing short strings to files (for usage for /sys), and for creating symlinks, character and block device nodes. * New unit file option ControlGroupPersistent= to make cgroups persistent, following the mechanisms outlined in https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups * Support multiple local RTCs in a sane way * No longer monopolize IO when replaying readahead data on rotating disks, since we might starve non-file-system IO to death, since fanotify() will not see accesses done by blkid, or fsck. * Do not show kernel threads in systemd-cgls anymore, unless requested with new -k switch. Contributions from: Dan Horák, Kay Sievers, Lennart Poettering, Michal Schmidt CHANGES WITH 38: * This is mostly a test release, but incorporates many bugfixes. * The git repository moved to: git://anongit.freedesktop.org/systemd/systemd ssh://git.freedesktop.org/git/systemd/systemd * First release with the journal http://0pointer.de/blog/projects/the-journal.html * The journal replaces both systemd-kmsg-syslogd and systemd-stdout-bridge. * New sd_pid_get_unit() API call in libsystemd-logind * Many systemadm clean-ups * Introduce remote-fs-pre.target which is ordered before all remote mounts and may be used to start services before all remote mounts. * Added Mageia support * Add bash completion for systemd-loginctl * Actively monitor PID file creation for daemons which exit in the parent process before having finished writing the PID file in the daemon process. Daemons which do this need to be fixed (i.e. PID file creation must have finished before the parent exits), but we now react a bit more gracefully to them. * Add colourful boot output, mimicking the well-known output of existing distributions. * New option PassCredentials= for socket units, for compatibility with a recent kernel ABI breakage. * /etc/rc.local is now hooked in via a generator binary, and thus will no longer act as synchronization point during boot. * systemctl list-unit-files now supports --root=. * systemd-tmpfiles now understands two new commands: z, Z for relabelling files according to the SELinux database. This is useful to apply SELinux labels to specific files in /sys, among other things. * Output of SysV services is now forwarded to both the console and the journal by default, not only just the console. * New man pages for all APIs from libsystemd-login. * The build tree got reorganized and the build system is a lot more modular allowing embedded setups to specifically select the components of systemd they are interested in. * Support for Linux systems lacking the kernel VT subsystem is restored. * configure's --with-rootdir= got renamed to --with-rootprefix= to follow the naming used by udev and kmod * Unless specified otherwise we will now install to /usr instead of /usr/local by default. * Processes with '@' in argv[0][0] are now excluded from the final shut-down killing spree, following the logic explained in: https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons * All processes remaining in a service cgroup when we enter the START or START_PRE states are now killed with SIGKILL. That means it is no longer possible to spawn background processes from ExecStart= lines (which was never supported anyway, and bad style). * New PropagateReloadTo=/PropagateReloadFrom= options to bind reloading of units together. Contributions from: Bill Nottingham, Daniel J. Walsh, Dave Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt, Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek