diff --git a/NEWS b/NEWS index 07e8a9925a..18606cf855 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,92 @@ systemd System and Service Manager CHANGES WITH 246 in spe: + + * The various programs included in systemd can now optionally output + their log messages on stderr prefixed with a timestamp, controlled by + the $SYSTEMD_LOG_TIME environment variable. + + * A new boolean kernel command line option systemd.swap= has been + added, which may be used to turn off automatic activation of swap + devices, as listed in /etc/fstab. + + * The CPUAffinity= setting in service unit files now supports a new + special value "numa". If used, the NUMA mask is copied into the CPU + affinity mask. + + * The man pages for the sd-bus and sd-hwdb APIs have been completed. + + * networkctl gained the new "forcerenew" command for forcing all DHCP + server clients to renew their lease. The interface "status" output + will now show numerous additional fields of information about an + interface. There are new "up" and "down" commands to bring specific + interfaces up or down. + + * systemd-networkd's [IPv6Prefix] section in .network files gained a + new boolean setting Assign=. If enabled an address from the prefix is + automatically assigned to the interface. + + * systemd-networkd's [Network] section gained a new setting + IPv6PDSubnetId= that allows explicit configuration of the preferred + subnet that networkd's Prefix Delegation logic assigns to an + interfaces. + + * systemd-networkd gained support for configuring the HTB queuing + discipline in the [HierarchyTokenBucket] and + [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may + be configured in the [PFIFO] section, "GRED" in + [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake" + in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and + [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO], + "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast] and + "HHF" in [HeavyHitterFilter]. + + * systemd-networkd gained support for a new Termination= setting in the + [CAN] section for configuring the termination resistor. It also + gained a new ListenOnly= setting for controlling whether to only + listen on CAN interfaces, without interfering with traffic otherwise + (which is useful for debugging/monitoring CAN network + traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have + been added to configure various CAN-FD aspects. + + * .link files managed by systemd-udevd gained options RxFlowControl=, + TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in + order to configure various flow control parameters. They also gained + RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo + frame ring buffer sizes. + + * systemd-networkd's [DHCPv6] section gained a new WithoutRA= boolean + setting. If enabled, DHCPv6 will be attempted right-away without + requiring an Router Advertisement packet suggesting it + first. Conversely, the [IPv6AcceptRA] gained a boolean option + DHCPv6Client= that may be used to turn off the DHCPv6 client even if + the RA packets suggest it. + + * systemd-networkd's [DHCPv4] section gained a new setting UseGateway= + which may be used to turn off use of the gateway information provided + by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be + used to configure how to process leases that lack a lifetime option. + + * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new + setting SendVendorOption= allowing configuration of additional vendor + options to send in the DHCP requests/responses. The [DHCPv6] section + gained a new SendOption= setting for sending arbitrary DHCP + options. RequestOptions= has been added to request arbitrary options + from the server. UserClass= has been added to set the DHCP user class + field. + + * systemd-networkd's [DHCPServer] section gained a new set of options + POP3Servers=, SMTPServers=, LPRServers= for including server + information about these three protocols in the DHCP lease. It also + gained support for including "MUD" URLs ("Manufacturer Usage + Description"). Support for "MUD" URLs was also added to the LLDP + stack, configurable in the [LLDP] section in .network files. + + * systemd-resolved's DNS= configuration option now optionally accepts + DNS server addresses suffixed by "#" followed by a host name. If + used, the DNS-over-TLS certificate is validated to match the + specified hostname. + * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows systemd-coredump to save core files for suid processes. When saving the core file, systemd-coredump will use the effective uid and gid of @@ -14,6 +100,244 @@ CHANGES WITH 246 in spe: can now be suspended or resumed either using new systemctl verbs, freeze and thaw respectively, or via D-Bus. + * A new sd-path.h API has been added to libsystemd. It provides a + simple API for retrieving various search paths and primary + directories for various resources. + + * The sd-bus API gained a number of convenience functions that take + va_list arguments rather than "...". For example, there's now + sd_bus_call_methodv() to match sd_bus_call_method(). Previously, + these were missing since the calls are convenience calls only and + could be put together from the more low-level functions they build + on. + + * sd-bus vtable entries learnt a new flag SD_BUS_VTABLE_ABSOLUTE_OFFSET + which alters how the userdata pointer to pass to the callbacks is + determined. If the flag is set the offset field is converted as-is + into a pointer, without adding it to the object pointer the vtable is + associated with. + + * sd-bus now exposed four new functions: + sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() + + sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will + validate strings to check if they qualify as various D-Bus concepts. + + * systemctl gained a new "-P" switch that is a shortcut for "--value + --property=…". + + * The expectations on user/group name syntax are now documented in + detail; documentation how classic home directories may be converted + into home directories managed by homed has been added; documentation + regarding integration of homed/userdb functionality in desktops has + been added: + + https://systemd.io/USER_NAMES + https://systemd.io/CONVERTING_TO_HOMED + https://systemd.io/USERDB_AND_DESKTOPS + + * systemd-run gained a new switch --slice-inherit. If specified the + unit it generates is placed in the same slice as the systemd-run + process itself. + + * service unit files now accept a new setting CoredumpFilter= which + allows configuration of the memory sections coredumps of the + service's processes shall include. + + * coredumpctl gained a new --file= switch, matching the same one in + journalctl: a specific journal file may be specified to read the + coredump data from. + + * Various D-Bus APIs of systemd daemons now have man pages that + document the methods, signals and properties. + + * journald.conf gained a new boolean setting Audit= that may be used to + control whether systemd-journald will enable audit during + initialization. + + * A new default .network file is now shipped that matches TUN/TAP + devices that begin with "vt-" in their name. Such interfaces will + have IP routing onto the host links set up automatically. This is + supposed to be used by VM managers to trivially acquire a network + interface which is fully set up for host communication, simply by + carefully picking an interface name to use. + + * All D-Bus services shipped in systemd now implement the generic + LogControl1 D-Bus API which allows clients to change log level + + target of the service during runtime. + + * systemd-nspawn's --resolv-conf= switch gained a number of new + supported values. Specifically, options starting with "replace-" are + like those prefixed "copy-" but replace any existing resolv.conf + file. And options ending in "-uplink" and "-stub" can now be used to + propagate other flavours of resolv.conf into the container (as + defined by systemd-resolved). + + * systemd-binfmt gained a new switch --unregister for unregistering all + registered entries at once. This is now invoked automatically at + shutdown, so that binary formats registered with the "F" flag will + not block clean file system unmounting. + + * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other + configuration files that support specifier expansion learnt six new + specifiers: %a resolves to the current architecture, %o/%w/%B/%W + resolve to the various ID fields from /etc/os-release, %l resolves to + the "short" hostname of the system, i.e. the kernel configured + hostname, truncated at the first dot. + + * systemd-notify's --pid= switch gained new values: "parent", "self", + "auto" for controlling which PID to send to the service managing: the + systemd-notify process' PID, or the one of the process invoking it. + + * When sending a file descriptor (fd) to the service manager to keep + track of, using the sd_notify() mechanism, a new parameter FDPOLL=0 + may be specified. If passed the service manager will refrain from + poll()ing on the file descriptor. Traditionally (and when the + parameter is not specified), the service manager will poll it for + POLLHUP or POLLERR events, and immediately close the fds in that + case. + + * A new call sd_notify_barrier() has been added to the sd-daemon.h + API. The call will block until all previously sent sd_notify() + messages have been processed by the service manager. This is useful + to remove races caused by a process already having disappeared at the + time a notification message is processed by the service manager, + making correct attribution impossible. The systemd-notify tool will + now make use of this call implicitly, but this can be turned off again + via the new --no-block switch. + + * systemd-logind's Session bus object learnt a new method call + SetType() for temporarily updating the session type of an already + allocated session. This is useful for upgrading tty sessions to + graphical ones once a compositor is invoked. + + * .mount units gained a new ReadWriteOnly= boolean option. If set the + it will not be attempted to mount a file system read-only if mounting + it read-write mode doesn't succeed. An option x-systemd.rw-only is + available in /etc/fstab to control the same. + + * coredumps collected by systemd-coredump may now be compressed using + the zstd algorithm. + + * journalctl's "-o cat" output mode will now show one or more journal + fields specified with --output-fields= instead of unconditionally + MESSAGE=. This is useful to retrieve a very specific set of fields + without any decoration. + + * systemd-socket-proxy gained a new switch --exit-idle-time= for + configuring an exit-on-idle time. + + * systemd-homed's LUKS backend gained the ability to discard empty file + system blocks automatically when the user logs out. This is enabled + by default to ensure that home directories take minimal space when + logged out but get full size guarantees when logged in. This may be + controlled with the new --luks-offline-discard= switch to homectl. + + * If systemd-homed detects that /home/ is encrypted as a whole it will + now default to the directory or subvolume backends instead of the + LUKS backend, in order to avoid double encryption. The default + storage and file system may now be configured explicitly, too, via + the new /etc/systemd/homed.conf configuration file. + + * when systemd-journald's log stream is broken up into multiple lines + because the PID of the sender changed this is indicated in the + generated log records via the _LINE_BREAK=pid-change field. + + * systemd-networkd's .netdev files now support a new setting + VLANProtocol= in the [Bridge] section that allows configuration of + the VLAN protocol to use. + + * systemd-repart's --empty= setting gained a new value "create". If + specified a new empty regular disk image file is created under the + specified name. It's size may be specified with the new --size= + option. The latter is also supported without the "create" mode, in + order to grow existing disk image files to the specified size. These + two new options make are useful when creating or manipulating + disk images instead of operating on actual block devices. + + * systemd-repart drop-ins now support a new UUID= setting to control + the UUID to assign to a newly created partition. + + * StandardError= and StandardOutput= in unit files no longer support + the "syslog" and "syslog-console" switches. They were long removed + from the documentation, but will now result in warnings when used, + and be converted to "journal" and "journal+console" automatically. + + * systemd-networkd supports a new Group= setting in the [Link] section + of the .network files, to control the link group. + + * Two new unit file settings + ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been + added. They may be used to check whether a specific file system path + resides on a block device that is encrypted on the block level + (i.e. using dm-crypt/LUKS). + + * Another pair of new settings ConditionEnvironment=/AssertEnvironment= + has been added that may be used for simple environment checks. This + is particularly useful when passing in environment variables from a + container manager (or from PAM in case of the systemd --user + instance). + + * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is + not automatically set to "Y" at boot, in order to enable pstore + generation for collection with systemd-pstore. + + * New kernel command line options systemd.condition-needs-update= and + systemd.condition-first-boot= have been added, which override the + result of the ConditionNeedsUpdate= and ConditionFirstBoot= + conditions. + + * A new kernel command line option systemd.clock-usec= has been added + that allows setting the system clock to the specified time in µs + since Jan 1st, 1970 early during boot. This is in particular useful + in order to make test cases more reliable. + + * A new kernel command line option systemd.hostname= has been added + that allows controlling the hostname that is initialized early during + boot. + + * The /etc/crypttab tmp option now optionally takes an argument + selecting the file system to use. Moreover, the default is now + changed from ext2 to ext4. + + * There's a new /etc/crypttab option "keyfile-erase". If specified the + key file listed in the same line is removed after use, regardless if + volume activation was successful or not. This is useful if the key + file is only acquired transiently at runtime and shall be erased + before the system continues to boot. + + * There's also a new /etc/crypttab option "try-empty-password". If + specified, before asking the user for a password it is attempted to + unlock the volume with an empty password. This is useful for + installing encrypted images whose password shall be set on first boot + instead of at installation time. + + * systemd-cryptsetup will now attempt to load the keys to unlock + volumes with automatically from files in + /etc/cryptsetup-keys.d/.key and + /run/cryptsetup-keys.d/.key, if any of these files exist. + + * logind.conf gained a new RuntimeDirectoryInodesMax= setting to + control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs + instance. + + * systemd-firstboot gained a new --root-password-hashed= parameter for + setting the root user's password as UNIX password hash. There's a new + --delete-root-password switch which instead of setting a password for + the root user, removes it so that log-in without a password is + permitted. There's now --force which if specified means any existing + configuration is overwritten by the specified settings. It also + gained a new --kernel-command-line= parameter which may be used to + set the /etc/kernel/cmdline file of an OS image. + + * A new generator systemd-xdg-autostart-generator has been added. It + automatically generates systemd unit files from XDG autostart + .desktop files, and is useful for allowing systemd to manage services + defined that way safely and automatically. + + * systemd will now log about all left-over processes remaining in a + unit when the unit is stopped. It will now warn about services using + KillMode=none, as this is generally an unsafe thing to make use of. + CHANGES WITH 245: * A new tool "systemd-repart" has been added, that operates as an