mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
start updating NEWS for 254
This commit is contained in:
parent
b89531159a
commit
b0f0218553
162
NEWS
162
NEWS
@ -24,6 +24,168 @@ CHANGES WITH 254 in spe:
|
||||
permit more impactful operations such as system suspend to local
|
||||
users.
|
||||
|
||||
* The sd-journal API learnt a new call sd_journal_get_seqnum() for
|
||||
retrieving the current log record's sequence number and sequence
|
||||
number ID, which allows applications to order records the same way as
|
||||
journal does internally already. The sequence number is now alos
|
||||
exported in the JSON and "export" output of the journal.
|
||||
|
||||
* The default keymap to apply may now be chosen at build-time via the
|
||||
new default-keymap meson option.
|
||||
|
||||
* "Startup" memory settings are now supported. Previously IO and CPU
|
||||
settings were already supported via StartupCPUWeight= and similar,
|
||||
this adds the same logic for the various per-unit memory settings
|
||||
StartupMemoryMax= and related.
|
||||
|
||||
* The service manager gained support for enqueuing POSIX signals to
|
||||
services that carry an additional integer value, exposing the
|
||||
sigqueue() systemd call. This is exposed via new D-Bus calls
|
||||
QueueSignalUnit() (and related), as well as in systemctl via the new
|
||||
--kill-value= parameter.
|
||||
|
||||
* systemd-notify gained a new --exec switch, which makes it execute the
|
||||
specified command line after sending the requested messages. This is
|
||||
useful for sending out READY=1 first, and then continuing invocation
|
||||
without changing process ID, so that the tool can be nicely used
|
||||
within an ExecStart= line of a unit file that uses Type=ready.
|
||||
|
||||
* systemd-repart's drop-in files gained a new ExcludeFiles= option which
|
||||
may be used to exclude certain files from the effect of CopyFiles=,
|
||||
which allows populating newly created partitions automatically.
|
||||
|
||||
* bootctl gained a new switch --print-root-device (or short: -R) that
|
||||
prints the main block device the root file system is backed by. It's
|
||||
useful for invocations such as "cfdisk $(bootctl -R)" to quickly have
|
||||
a look at the partition table of the running OS.
|
||||
|
||||
* systemctl gained a new "list-paths" verb, which shows all currently
|
||||
active .path units, similar to how "systemctl list-timers" shows
|
||||
active timers, and "systemctl list-sockets" shows active sockets.
|
||||
|
||||
* The sd-event API gained new calls sd_event_add_memory_pressure(),
|
||||
sd_event_source_set_memory_pressure_type(),
|
||||
sd_event_source_set_memory_pressure_period() for creating and
|
||||
configuring an event source that is called whenever the OS signals
|
||||
memory pressure. Another call sd_event_trim_memory() is provided that
|
||||
compacts the process' memory use by releasing allocated but unused
|
||||
malloc() memory back to the kernel. This should improve system
|
||||
behaviour under memory pressure, as on Linux traditionally provided no
|
||||
mechanism to return process memory back to the kernel if the kernel
|
||||
was under pressure to acquire some. This makes use of the kernel's PSI
|
||||
interface. Most long-running services that systemd contains have been
|
||||
hooked up with this, and in particular systems with little memory
|
||||
should benefit from this.
|
||||
|
||||
* Service units learnt the new MemoryPressureWatch=,
|
||||
MemoryPressureThresholdSec= for configuring the PSI memory pressure
|
||||
logic individually. If these options are used the
|
||||
$MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
|
||||
variables will be set for the invoked services processes to inform
|
||||
them about the requested memory pressure behaviour. (This is used by
|
||||
the aforementioned sd-events API additions, if set.)
|
||||
|
||||
* systemd-analyze gained a new "malloc" verb that shows the output
|
||||
generated by glibc's malloc_info() on services that support it. Right
|
||||
now, only the service manager has been updated accordingly.
|
||||
|
||||
* systemd-stub will now look for the SMBIOS Type 1 field
|
||||
"io.systemd.stub.kernel-cmdline-extra" and append its value to the
|
||||
kernel command line it invokes. This is useful for VMMs such as qemu
|
||||
to pass additional kernel command lines into the system even when
|
||||
booting via full UEFI.
|
||||
|
||||
* The sd-login API gained a new call sd_session_get_username() for
|
||||
returning the user name who owns a specific login session. It also
|
||||
gained a new call sd_session_get_start_time() for retrieving the time
|
||||
the login session started. A new call sd_uid_get_login_time() returns
|
||||
the time the specified user the time since when they most recently
|
||||
were logged in continously with at least one session.
|
||||
|
||||
* JSON user records gained a new set of fields capabilityAmbientSet and
|
||||
capabilityBoundingSet which contain a list of POSIX capabilities to
|
||||
set for the logged in users in the ambient and bounding sets,
|
||||
respectively. homectl gained the ability to configure these two sets
|
||||
for users via --capability-bounding-set=/--capability-ambient-set=.
|
||||
|
||||
* pam_systemd learnt two new module options
|
||||
default-capability-bounding-set= + default-capability-ambient-set= to
|
||||
configure the default bounding sets for users as they are logging in,
|
||||
if the JSON user record doesn't specify this explicitly (see
|
||||
above). The built-in default for the ambient set now contains the
|
||||
CAP_WAKE_ALARM, thus allowing regular users who may log in locally to
|
||||
resume from a system suspend via a timer. (see above)
|
||||
|
||||
* Most of systemd's long-running services now have a generic handler of
|
||||
the SIGRTMIN+18 signal handler which executes various operations
|
||||
depending ont the sigqueue() parameter sent along. For example, values
|
||||
0x100…0x107 allow changing the maximum log level of such
|
||||
services. 0x200…0x203 allow changing the log target of such
|
||||
services. 0x300 make the services trim their memory similar to the
|
||||
automatic PSI triggered action, see above. 0x301 make the services
|
||||
output their malloc_info() data to the logs.
|
||||
|
||||
* systemd-dissect will now show the intended CPU architecture of an
|
||||
inspected DDI.
|
||||
|
||||
* networkd's GENEVE support as gained a new .network optoin
|
||||
InheritInnerProtocol=.
|
||||
|
||||
* systemd-dissect will now install itself as mount helper for the "ddi"
|
||||
pseudo-file type. This means you may now mount DDIs directly via
|
||||
/bin/mount or /etc/fstab, making full use of embedded Verity
|
||||
information and all other DDI features. Example: mount -t ddi
|
||||
myimage.raw /some/where
|
||||
|
||||
* The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
|
||||
value "auto". If used a kernel will be automatically analyzed, and if
|
||||
it qualifies as UKI it will be installed as if the setting was to set
|
||||
to "uki", otherwise via "bls".
|
||||
|
||||
* udevadm gained the new "verify" verb for validating udev rules files
|
||||
offline.
|
||||
|
||||
* udev will now create symlinks to loopback block devices in the
|
||||
/dev/loop/by-ref/ directory that are based on the .lo_file_name string
|
||||
field selected during allocation. The systemd-dissect tool and the
|
||||
util-linux losetup command now supports a complementing new switch
|
||||
--loop-ref= for selecting the string. This means a loopback block
|
||||
device may now be allocated under a caller chosen reference and can
|
||||
subsequently be referenced by that without having to look up the block
|
||||
device name the caller ended up with first.
|
||||
|
||||
* udev also creates symlinks to loopback block devices in the
|
||||
/dev/loop/by-ref/ directory based on the .st_dev/st_ino fields of the
|
||||
inode attached to the loopback block device. This means that attaching
|
||||
a file to a loopback device will implicitly make a handle available to
|
||||
find it via that file's inode information.
|
||||
|
||||
* The systemd-dissect tool gained the new switches --attach/--detach for
|
||||
attaching a DDI to a loopback block device without mounting it. It
|
||||
will automatically derive the right sector size from the image and set
|
||||
up Verity and similar, but not mount the file systems in it.
|
||||
|
||||
* When systemd-gpt-auto-generator or the DDI mounting logic mount an ESP
|
||||
or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
|
||||
implied. Given that these file systems are typically untrusted
|
||||
territory this should make mounting them automatically have less of a
|
||||
security impact.
|
||||
|
||||
* If MemoryDenyWriteExecute= is enabled for a service and the kernel
|
||||
supports the new PR_SET_MDWE prctl() call it is used in preference
|
||||
over seccomp() based system call filtering to achieve the same.
|
||||
|
||||
* systemctl gained a new --when= switch which is honoured by the various
|
||||
forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
|
||||
scheduling these operations by time, similar in fashion to how this
|
||||
has been supported by SysV shutdown.
|
||||
|
||||
* machinectl gained new "edit" and "cat" verbs for editing .nspawn
|
||||
files, inspired by systemctl's verbs of the same which edit unit
|
||||
files.
|
||||
|
||||
Caught up to cafd2c0be404cb8879f91d15e05cc8b695b32629
|
||||
|
||||
CHANGES WITH 253:
|
||||
|
||||
Announcements of Future Feature Removals and Incompatible Changes:
|
||||
|
Loading…
Reference in New Issue
Block a user