1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

start updating NEWS for 254

This commit is contained in:
Lennart Poettering 2023-06-27 13:13:27 +02:00
parent b89531159a
commit b0f0218553

162
NEWS
View File

@ -24,6 +24,168 @@ CHANGES WITH 254 in spe:
permit more impactful operations such as system suspend to local
users.
* The sd-journal API learnt a new call sd_journal_get_seqnum() for
retrieving the current log record's sequence number and sequence
number ID, which allows applications to order records the same way as
journal does internally already. The sequence number is now alos
exported in the JSON and "export" output of the journal.
* The default keymap to apply may now be chosen at build-time via the
new default-keymap meson option.
* "Startup" memory settings are now supported. Previously IO and CPU
settings were already supported via StartupCPUWeight= and similar,
this adds the same logic for the various per-unit memory settings
StartupMemoryMax= and related.
* The service manager gained support for enqueuing POSIX signals to
services that carry an additional integer value, exposing the
sigqueue() systemd call. This is exposed via new D-Bus calls
QueueSignalUnit() (and related), as well as in systemctl via the new
--kill-value= parameter.
* systemd-notify gained a new --exec switch, which makes it execute the
specified command line after sending the requested messages. This is
useful for sending out READY=1 first, and then continuing invocation
without changing process ID, so that the tool can be nicely used
within an ExecStart= line of a unit file that uses Type=ready.
* systemd-repart's drop-in files gained a new ExcludeFiles= option which
may be used to exclude certain files from the effect of CopyFiles=,
which allows populating newly created partitions automatically.
* bootctl gained a new switch --print-root-device (or short: -R) that
prints the main block device the root file system is backed by. It's
useful for invocations such as "cfdisk $(bootctl -R)" to quickly have
a look at the partition table of the running OS.
* systemctl gained a new "list-paths" verb, which shows all currently
active .path units, similar to how "systemctl list-timers" shows
active timers, and "systemctl list-sockets" shows active sockets.
* The sd-event API gained new calls sd_event_add_memory_pressure(),
sd_event_source_set_memory_pressure_type(),
sd_event_source_set_memory_pressure_period() for creating and
configuring an event source that is called whenever the OS signals
memory pressure. Another call sd_event_trim_memory() is provided that
compacts the process' memory use by releasing allocated but unused
malloc() memory back to the kernel. This should improve system
behaviour under memory pressure, as on Linux traditionally provided no
mechanism to return process memory back to the kernel if the kernel
was under pressure to acquire some. This makes use of the kernel's PSI
interface. Most long-running services that systemd contains have been
hooked up with this, and in particular systems with little memory
should benefit from this.
* Service units learnt the new MemoryPressureWatch=,
MemoryPressureThresholdSec= for configuring the PSI memory pressure
logic individually. If these options are used the
$MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
variables will be set for the invoked services processes to inform
them about the requested memory pressure behaviour. (This is used by
the aforementioned sd-events API additions, if set.)
* systemd-analyze gained a new "malloc" verb that shows the output
generated by glibc's malloc_info() on services that support it. Right
now, only the service manager has been updated accordingly.
* systemd-stub will now look for the SMBIOS Type 1 field
"io.systemd.stub.kernel-cmdline-extra" and append its value to the
kernel command line it invokes. This is useful for VMMs such as qemu
to pass additional kernel command lines into the system even when
booting via full UEFI.
* The sd-login API gained a new call sd_session_get_username() for
returning the user name who owns a specific login session. It also
gained a new call sd_session_get_start_time() for retrieving the time
the login session started. A new call sd_uid_get_login_time() returns
the time the specified user the time since when they most recently
were logged in continously with at least one session.
* JSON user records gained a new set of fields capabilityAmbientSet and
capabilityBoundingSet which contain a list of POSIX capabilities to
set for the logged in users in the ambient and bounding sets,
respectively. homectl gained the ability to configure these two sets
for users via --capability-bounding-set=/--capability-ambient-set=.
* pam_systemd learnt two new module options
default-capability-bounding-set= + default-capability-ambient-set= to
configure the default bounding sets for users as they are logging in,
if the JSON user record doesn't specify this explicitly (see
above). The built-in default for the ambient set now contains the
CAP_WAKE_ALARM, thus allowing regular users who may log in locally to
resume from a system suspend via a timer. (see above)
* Most of systemd's long-running services now have a generic handler of
the SIGRTMIN+18 signal handler which executes various operations
depending ont the sigqueue() parameter sent along. For example, values
0x100…0x107 allow changing the maximum log level of such
services. 0x200…0x203 allow changing the log target of such
services. 0x300 make the services trim their memory similar to the
automatic PSI triggered action, see above. 0x301 make the services
output their malloc_info() data to the logs.
* systemd-dissect will now show the intended CPU architecture of an
inspected DDI.
* networkd's GENEVE support as gained a new .network optoin
InheritInnerProtocol=.
* systemd-dissect will now install itself as mount helper for the "ddi"
pseudo-file type. This means you may now mount DDIs directly via
/bin/mount or /etc/fstab, making full use of embedded Verity
information and all other DDI features. Example: mount -t ddi
myimage.raw /some/where
* The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
value "auto". If used a kernel will be automatically analyzed, and if
it qualifies as UKI it will be installed as if the setting was to set
to "uki", otherwise via "bls".
* udevadm gained the new "verify" verb for validating udev rules files
offline.
* udev will now create symlinks to loopback block devices in the
/dev/loop/by-ref/ directory that are based on the .lo_file_name string
field selected during allocation. The systemd-dissect tool and the
util-linux losetup command now supports a complementing new switch
--loop-ref= for selecting the string. This means a loopback block
device may now be allocated under a caller chosen reference and can
subsequently be referenced by that without having to look up the block
device name the caller ended up with first.
* udev also creates symlinks to loopback block devices in the
/dev/loop/by-ref/ directory based on the .st_dev/st_ino fields of the
inode attached to the loopback block device. This means that attaching
a file to a loopback device will implicitly make a handle available to
find it via that file's inode information.
* The systemd-dissect tool gained the new switches --attach/--detach for
attaching a DDI to a loopback block device without mounting it. It
will automatically derive the right sector size from the image and set
up Verity and similar, but not mount the file systems in it.
* When systemd-gpt-auto-generator or the DDI mounting logic mount an ESP
or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
implied. Given that these file systems are typically untrusted
territory this should make mounting them automatically have less of a
security impact.
* If MemoryDenyWriteExecute= is enabled for a service and the kernel
supports the new PR_SET_MDWE prctl() call it is used in preference
over seccomp() based system call filtering to achieve the same.
* systemctl gained a new --when= switch which is honoured by the various
forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
scheduling these operations by time, similar in fashion to how this
has been supported by SysV shutdown.
* machinectl gained new "edit" and "cat" verbs for editing .nspawn
files, inspired by systemctl's verbs of the same which edit unit
files.
Caught up to cafd2c0be404cb8879f91d15e05cc8b695b32629
CHANGES WITH 253:
Announcements of Future Feature Removals and Incompatible Changes: