From 2875a36b77c42eb71583c44a99c3178a634684d2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sun, 14 Jul 2019 13:18:37 +0200 Subject: [PATCH] NEWS: add some notes for v243 Let's get this ball rolling. --- NEWS | 203 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 190 insertions(+), 13 deletions(-) diff --git a/NEWS b/NEWS index a7a2574762..f476c853cd 100644 --- a/NEWS +++ b/NEWS @@ -35,14 +35,18 @@ CHANGES WITH 243 in spe: are harder to type, but we believe the change from 5 digit PIDs to 7 digit PIDs is not too hampering for usability. - * MemoryLow and MemoryMin gained hierarchy-aware counterparts, - DefaultMemoryLow and DefaultMemoryMin, which can be used to + * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts, + DefaultMemoryLow= and DefaultMemoryMin=, which can be used to hierarchically set default memory protection values for a particular subtree of the unit hierarchy. * Memory protection directives can now take a value of zero, allowing explicit opting out of a default value propagated by an ancestor. + * A new setting DisableControllers= has been added that may be used to + explicitly disable one or more cgroups controllers for a unit and all + its children. + * systemd now defaults to the "unified" cgroup hierarchy setup during build-time, i.e. -Ddefault-hierarchy=unified is now the build-time default. Previously, -Ddefault-hierarchy=hybrid was the default. This @@ -73,23 +77,23 @@ CHANGES WITH 243 in spe: * libidn2 is used by default if both libidn2 and libidn are installed. Please use -Dlibidn=true when libidn is favorable. - * The D-Bus "wire format" for CPUAffinity attribute is changed on + * The D-Bus "wire format" of the CPUAffinity= attribute is changed on big-endian machines. Before, bytes were written and read in native machine order as exposed by the native libc __cpu_mask interface. Now, little-endian order is always used (CPUs 0–7 are described by bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on). This change fixes D-Bus calls that cross endianness boundary. - The presentation format used for CPUAffinity by systemctl show and - systemd-analyze dump is changed to present CPU indices instead of the - raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be shown - as CPUAffinity=03000000000000000000000000000… (on little-endian) or - CPUAffinity=00000000000000300000000000000… (on 64-bit big-endian), - and is now shown as CPUAffinity=0-1, matching the input format. The - maximum integer that will be printed in new format is 8191 (four - digits), while the old format always used a very long number (with - the length varying by architecture), so they can be unambiguously - distinguished. + The presentation format used for CPUAffinity= by "systemctl show" and + "systemd-analyze dump" is changed to present CPU indices instead of + the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be + shown as CPUAffinity=03000000000000000000000000000… (on + little-endian) or CPUAffinity=00000000000000300000000000000… (on + 64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the + input format. The maximum integer that will be printed in the new + format is 8191 (four digits), while the old format always used a very + long number (with the length varying by architecture), so they can be + unambiguously distinguished. * /usr/sbin/halt.local is no longer supported. Implementation in distributions was inconsistent and it seems this functionality was @@ -113,6 +117,179 @@ CHANGES WITH 243 in spe: overridden on per-service basis. Related setting NUMAMask= is used to specify NUMA node mask that should be associated with the selected policy. + + * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel + generates when processes it manages a reaching their memory limits, + and will place their units in a special state, and optionally kill or + stop the whole unit. + + * The service manager will now expose bus properties for the IO + resources used by units. This information is also shown in "systemctl + status" now (for services that have IOAccounting=yes set). Moreover, + the IO accounting data is included in the resource log message + generated whenever a unit stops. + + * units may now configure an explicit time-out to apply to when killed + with SIGABRT, for example when a service watchdog is hit. Previously, + the regular TimeoutStopSec= time-out was applied in this case too — + now a separate time-out may be set using TimeoutAbortSec=. + + * Services may now send a special WATCHDOG=trigger message with + sd_notify() to trigger an immediate "watchdog missed" event, and thus + request service take down. This is useful both for testing watchdog + handling, but also for defining error paths in services, that shall + be handled the same way as watchdog events. + + * There are two new per-unit settings IPIngressFilterPath= and + IPEgressFilterPath= which allow configuration of a BPF program + (usually by specifying a path to a program uploaded to /sys/fs/bpf/) + to apply to the IP packet ingress/egress path of all processes of a + unit. This is useful to allow running systemd services with BPF + programs set up externally. + + * systemctl gained a new "clean" verb for removing the state, cache, + runtime or logs directories of a service while it is terminated. The + new verb may also be used to remove the state maintained on disk for + timer units that have Persistent= configured. + + * During the last phase of shutdown systemd will now automatically + increase the log level configured in the "kernel.printk" sysctl so + that any relevant loggable events happening during late shutdown are + made visible. Previously, loggable events happening so late during + shutdown were generally lost if the "kernel.printk" sysctl was set to + high thresholds, as regular logging daemons are terminated at that + time and thus nothing is written to disk. + + * If processes terminated during the last phase of shutdown do not exit + quickly systemd will now show their names after a short time, to make + debugging easier. After a longer time-out they are forcibly killed, + as before. + + * journalctl (and the other tools that display logs) will now highlight + warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where + shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs + are now shown in blue color, to separate them visually from regular + logs. References to configuration files are now turned into clickable + links on terminals that support that. + + * systemd-journald will now stop logging to /var/log/journal during + shutdown when /var/ is on a separate mount, so that it can be + unmounted safely during shutdown. + + * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode. + + * The predictable naming scheme for network devices now supports + generating predictable names for "netdevsim" devices. + + * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm + interfaces natively. + + * systemd-networkd's bridge FDB support now allows configuration of a + destination address for each entry (Destination=), as well as the + VXLAN VNI (VNI=), as well as an option to declare what an entry is + associated with (AssociatedWith=). + + * systemd-networkd's DHCPv4 support now understands a new MaxAttempts= + option for configuring the maximum number of attempts to request a + DHCP lease. It also learnt a new BlackList= option for blacklisting + DHCP servers (a similar setting has also been added to the IPv6 RA + client), as well as a SendRelease= option for configuring whether to + send a DHCP RELEASE message when terminating. + + * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured + seperately in the [DHCPv4] and [DHCPv6] sections. + + * systemd-networkd's VXLAN support gained a new option + GenericProtocolExtension= for enabling XVLAN Generic Protocol + Extension support, as well as IPDoNotFragment= for setting the IP + "Don't fragment" bit on outgoing packets. A similar option has been + added to the GENEVE support. + + * In systemd-networkd's [Route] section you may now configure + FastOpenNoCookie= for configuring per-route TCP fast-open support, as + well as TTLPropagate= for configuring Label Switched Path (LSP) TTL + propagation. The Type= setting now supports local, broadcast, + anycast, multicast, any, xresolve routes, too. + + * systemd-networkd's [Network] section learnt a new option + DefaultRouteOnDevice= for automatically configuring a default route + onto the network device. + + * systemd-networkd's bridging support gained two new options ProxyARP= + and ProxyARPWifi= for configuring proxy ARP behaviour as well as + MulticastRouter= for configureing multicast routing behaviour. + + * systemd-networkd's FooOverUDP support gained the ability to configure + local and peer IP addresses via Local= and Peer=. A new option + PeerPort= may be used to configure the peer's IP port. + + * systemd-networkd's TUN support gained a new setting VnetHeader= for + tweaking Generic Segment Offload support. + + * networkctl gained a new "delete" command for removing virtual network + devices, as well as a new "--stats" switch for showing device + statistics. + + * systemd-networkd's .network and .link files gained a new Property= + setting in the [Match] section, to match against devices with + specific udev properties. + + * systemd-networkd's tunnel support gained a new option + AssignToLoopback= for selecting whether to use the loopback device + "lo" as underlying device. + + * systemd-networkd's MACAddress= setting in the [Network] section has + been renamed to LinkLayerAddress=, and it now allows configuration of + IP addresses, too. + + * The CriticalConnection= setting in .network files is now deprecated, + and replaced by a new KeepConfiguration= setting which allows more + detailed configuration of the IP configuration to keep in place. + + * systemd-analyze gained a new "timestamp" verb for parsing and + converting timestamps. It's similar to the existing "systemd-analyze + calendar" command which does the same for recurring calendar + events. It also gained a new "condition" verb for parsing and testing + ConditionXYZ= expressions. + + * systemd-logind now exposes a per-session SetBrightness() bus call, + which may be used to securely change the brightness of a kernel + brightness device, if it belongs to the session's seat. By using this + call unprivileged clients can make changes to "backlight" and "leds" + devices securely with strict requirements on session + membership. Desktop environments may use this to generically make + brightness changes to such devices without shipping private SUID + binaries for that purpose. + + * "udevadm info" gained a --wait-for-initialization switch to wait for + a device to be initialized. + + * systemd-hibernate-resume-generator will now look for resumeflags= on + the kernel command line, which is similar to rootflags= and may be + used to configure device timeouts for waiting for the hibernation + device to show up. + + * sd-event learnt a new API call sd_event_source_disable_unref() for + disabling and unref'ing an event source in a single function. A + related call sd_event_source_disable_unrefp() has been added for use + with GCC's cleanup extension. + + * The sd-id128.h public API gained a new definition + SD_ID128_UUID_FORMAT_STR for formatting a 128bit ID in UUID format + with printf(). + + * "busctl introspect" gained a new switch --xml-interface for dumping + XML introspection data unmodified. + + * PID 1 may now show the unit name instead of the unit description + string in its status output during boot. This may be configured in + the StatusUnitFormat= setting in /etc/systemd/system.conf or the + kernel command line option systemd.status_unit_format=. + + * The systemd.debug_shell kernel command line option now optionally + takes a tty name to spawn the debug shell on, which allows selecting + a different tty than the built-in default. + … CHANGES WITH 242: