diff options
author | Jonathan Maw <jonathan.maw@codethink.co.uk> | 2013-06-28 10:30:15 +0000 |
---|---|---|
committer | Jonathan Maw <jonathan.maw@codethink.co.uk> | 2013-06-28 10:30:15 +0000 |
commit | daba2f7416861898b2c01926ae6a2ef19fecfaab (patch) | |
tree | 6b159c5e7d612368e6bbb8e138ae3db15005c201 /NEWS | |
parent | 9a332ba261bea9e9f3c0915bc6f0c6a0d45a1d5d (diff) | |
parent | 606c24e3bd41207c395f24a56bcfcad791e265a5 (diff) | |
download | systemd-daba2f7416861898b2c01926ae6a2ef19fecfaab.tar.gz |
Merge tag 'v204' into new-systemd
systemd 204
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 581 |
1 files changed, 577 insertions, 4 deletions
@@ -1,5 +1,578 @@ systemd System and Service Manager +CHANGES WITH 204: + + * The Python bindings gained some minimal support for the APIs + exposed by libsystemd-logind. + + * ConditionSecurity= gained support for detecting SMACK. Since + this condition already supports SELinux and AppArmor we only + miss IMA for this. Patches welcome! + + Contributions from: Karol Lewandowski, Lennart Poettering, + Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 203: + + * systemd-nspawn will now create /etc/resolv.conf if + necessary, before bind-mounting the host's file onto it. + + * systemd-nspawn will now store meta information about a + container on the container's cgroup as extended attribute + fields, including the root directory. + + * The cgroup hierarchy has been reworked in many ways. All + objects any of the components systemd creates in the cgroup + tree are now suffixed. More specifically, user sessions are + now placed in cgroups suffixed with ".session", users in + cgroups suffixed with ".user", and nspawn containers in + cgroups suffixed with ".nspawn". Furthermore, all cgroup + names are now escaped in a simple scheme to avoid collision + of userspace object names with kernel filenames. This work + is preparation for making these objects relocatable in the + cgroup tree, in order to allow easy resource partitioning of + these objects without causing naming conflicts. + + * systemctl list-dependencies gained the new switches + --plain, --reverse, --after and --before. + + * systemd-inhibit now shows the process name of processes that + have taken an inhibitor lock. + + * nss-myhostname will now also resolve "localhost" + implicitly. This makes /etc/hosts an optional file and + nicely handles that on IPv6 ::1 maps to both "localhost" and + the local hostname. + + * libsystemd-logind.so gained a new call + sd_get_machine_names() to enumerate running containers and + VMs (currently only supported by very new libvirt and + nspawn). sd_login_monitor can now be used to watch + VMs/containers coming and going. + + * .include is not allowed recursively anymore, and only in + unit files. Usually it is better to use drop-in snippets in + .d/*.conf anyway, as introduced with systemd 198. + + * systemd-analyze gained a new "critical-chain" command that + determines the slowest chain of units run during system + boot-up. It is very useful for tracking down where + optimizing boot time is the most beneficial. + + * systemd will no longer allow manipulating service paths in + the name=systemd:/system cgroup tree using ControlGroup= in + units. (But is still fine with it in all other dirs.) + + * There's a new systemd-nspawn@.service service file that may + be used to easily run nspawn containers as system + services. With the container's root directory in + /var/lib/container/foobar it is now sufficient to run + "systemctl start systemd-nspawn@foobar.service" to boot it. + + * systemd-cgls gained a new parameter "--machine" to list only + the processes within a certain container. + + * ConditionSecurity= now can check for "apparmor". We still + are lacking checks for SMACK and IMA for this condition + check though. Patches welcome! + + * A new configuration file /etc/systemd/sleep.conf has been + added that may be used to configure which kernel operation + systemd is supposed to execute when "suspend", "hibernate" + or "hybrid-sleep" is requested. This makes the new kernel + "freeze" state accessible to the user. + + * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape + the passed argument if applicable. + + Contributions from: Auke Kok, Colin Guthrie, Colin Walters, + Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner, + Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh + Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn, + MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel + Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom + Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew + Jędrzejewski-Szmek + +CHANGES WITH 202: + + * The output of 'systemctl list-jobs' got some polishing. The + '--type=' argument may now be passed more than once. A new + command 'systemctl list-sockets' has been added which shows + a list of kernel sockets systemd is listening on with the + socket units they belong to, plus the units these socket + units activate. + + * The experimental libsystemd-bus library got substantial + updates to work in conjunction with the (also experimental) + kdbus kernel project. It works well enough to exchange + messages with some sophistication. Note that kdbus is not + ready yet, and the library is mostly an elaborate test case + for now, and not installable. + + * systemd gained a new unit 'systemd-static-nodes.service' + that generates static device nodes earlier during boot, and + can run in conjunction with udev. + + * libsystemd-login gained a new call sd_pid_get_user_unit() + to retrieve the user systemd unit a process is running + in. This is useful for systems where systemd is used as + session manager. + + * systemd-nspawn now places all containers in the new /machine + top-level cgroup directory in the name=systemd + hierarchy. libvirt will soon do the same, so that we get a + uniform separation of /system, /user and /machine for system + services, user processes and containers/virtual + machines. This new cgroup hierarchy is also useful to stick + stable names to specific container instances, which can be + recognized later this way (this name may be controlled + via systemd-nspawn's new -M switch). libsystemd-login also + gained a new call sd_pid_get_machine_name() to retrieve the + name of the container/VM a specific process belongs to. + + * bootchart can now store its data in the journal. + + * libsystemd-journal gained a new call + sd_journal_add_conjunction() for AND expressions to the + matching logic. This can be used to express more complex + logical expressions. + + * journactl can now take multiple --unit= and --user-unit= + switches. + + * The cryptsetup logic now understands the "luks.key=" kernel + command line switch for specifying a file to read the + decryption key from. Also, if a configured key file is not + found the tool will now automatically fall back to prompting + the user. + + * Python systemd.journal module was updated to wrap recently + added functions from libsystemd-journal. The interface was + changed to bring the low level interface in s.j._Reader + closer to the C API, and the high level interface in + s.j.Reader was updated to wrap and convert all data about + an entry. + + Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer, + Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart + Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer, + Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt, + Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks, + Tom Gundersen, Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 201: + + * journalctl --update-catalog now understands a new --root= + option to operate on catalogs found in a different root + directory. + + * During shutdown after systemd has terminated all running + services a final killing loop kills all remaining left-over + processes. We will now print the name of these processes + when we send SIGKILL to them, since this usually indicates a + problem. + + * If /etc/crypttab refers to password files stored on + configured mount points automatic dependencies will now be + generated to ensure the specific mount is established first + before the key file is attempted to be read. + + * 'systemctl status' will now show information about the + network sockets a socket unit is listening on. + + * 'systemctl status' will also shown information about any + drop-in configuration file for units. (Drop-In configuration + files in this context are files such as + /etc/systemd/systemd/foobar.service.d/*.conf) + + * systemd-cgtop now optionally shows summed up CPU times of + cgroups. Press '%' while running cgtop to switch between + percentage and absolute mode. This is useful to determine + which cgroups use up the most CPU time over the entire + runtime of the system. systemd-cgtop has also been updated + to be 'pipeable' for processing with further shell tools. + + * 'hostnamectl set-hostname' will now allow setting of FQDN + hostnames. + + * The formatting and parsing of time span values has been + changed. The parser now understands fractional expressions + such as "5.5h". The formatter will now output fractional + expressions for all time spans under 1min, i.e. "5.123456s" + rather than "5s 123ms 456us". For time spans under 1s + millisecond values are shown, for those under 1ms + microsecond values are shown. This should greatly improve + all time-related output of systemd. + + * libsystemd-login and libsystemd-journal gained new + functions for querying the poll() events mask and poll() + timeout value for integration into arbitrary event + loops. + + * localectl gained the ability to list available X11 keymaps + (models, layouts, variants, options). + + * 'systemd-analyze dot' gained the ability to filter for + specific units via shell-style globs, to create smaller, + more useful graphs. I.e. it's now possible to create simple + graphs of all the dependencies between only target units, or + of all units that Avahi has dependencies with. + + Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck, + Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly + Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau, + Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal + Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie, + Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav + Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach + +CHANGES WITH 200: + + * The boot-time readahead implementation for rotating media + will now read the read-ahead data in multiple passes which + consist of all read requests made in equidistant time + intervals. This means instead of strictly reading read-ahead + data in its physical order on disk we now try to find a + middle ground between physical and access time order. + + * /etc/os-release files gained a new BUILD_ID= field for usage + on operating systems that provide continuous builds of OS + images. + + Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers, + Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín + William Douglas, Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 199: + + * systemd-python gained an API exposing libsystemd-daemon. + + * The SMACK setup logic gained support for uploading CIPSO + security policy. + + * Behaviour of PrivateTmp=, ReadWriteDirectories=, + ReadOnlyDirectories= and InaccessibleDirectories= has + changed. The private /tmp and /var/tmp directories are now + shared by all processes of a service (which means + ExecStartPre= may now leave data in /tmp that ExecStart= of + the same service can still access). When a service is + stopped its temporary directories are immediately deleted + (normal clean-up with tmpfiles is still done in addition to + this though). + + * By default, systemd will now set a couple of sysctl + variables in the kernel: the safe sysrq options are turned + on, IP route verification is turned on, and source routing + disabled. The recently added hardlink and softlink + protection of the kernel is turned on. These settings should + be reasonably safe, and good defaults for all new systems. + + * The predictable network naming logic may now be turned off + with a new kernel command line switch: net.ifnames=0. + + * A new libsystemd-bus module has been added that implements a + pretty complete D-Bus client library. For details see: + + http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html + + * journald will now explicitly flush the journal files to disk + at the latest 5min after each write. The file will then also + be marked offline until the next write. This should increase + reliability in case of a crash. The synchronization delay + can be configured via SyncIntervalSec= in journald.conf. + + * There's a new remote-fs-setup.target unit that can be used + to pull in specific services when at least one remote file + system is to be mounted. + + * There are new targets timers.target and paths.target as + canonical targets to pull user timer and path units in + from. This complements sockets.target with a similar + purpose for socket units. + + * libudev gained a new call udev_device_set_attribute_value() + to set sysfs attributes of a device. + + * The udev daemon now sets the default number of worker + processes executed in parallel based on the number of available + CPUs instead of the amount of available RAM. This is supposed + to provide a more reliable default and limit a too aggressive + paralellism for setups with 1000s of devices connected. + + Contributions from: Auke Kok, Colin Walters, Cristian + Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes + Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan + Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering, + Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl, + Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen, + Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel + Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, + Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 198: + + * Configuration of unit files may now be extended via drop-in + files without having to edit/override the unit files + themselves. More specifically, if the administrator wants to + change one value for a service file foobar.service he can + now do so by dropping in a configuration snippet into + /etc/systemd/system/foobar.service.d/*.conf. The unit logic + will load all these snippets and apply them on top of the + main unit configuration file, possibly extending or + overriding its settings. Using these drop-in snippets is + generally nicer than the two earlier options for changing + unit files locally: copying the files from + /usr/lib/systemd/system/ to /etc/systemd/system/ and editing + them there; or creating a new file in /etc/systemd/system/ + that incorporates the original one via ".include". Drop-in + snippets into these .d/ directories can be placed in any + directory systemd looks for units in, and the usual + overriding semantics between /usr/lib, /etc and /run apply + for them too. + + * Most unit file settings which take lists of items can now be + reset by assigning the empty string to them. For example, + normally, settings such as Environment=FOO=BAR append a new + environment variable assignment to the environment block, + each time they are used. By assigning Environment= the empty + string the environment block can be reset to empty. This is + particularly useful with the .d/*.conf drop-in snippets + mentioned above, since this adds the ability to reset list + settings from vendor unit files via these drop-ins. + + * systemctl gained a new "list-dependencies" command for + listing the dependencies of a unit recursively. + + * Inhibitors are now honored and listed by "systemctl + suspend", "systemctl poweroff" (and similar) too, not only + GNOME. These commands will also list active sessions by + other users. + + * Resource limits (as exposed by the various control group + controllers) can now be controlled dynamically at runtime + for all units. More specifically, you can now use a command + like "systemctl set-cgroup-attr foobar.service cpu.shares + 2000" to alter the CPU shares a specific service gets. These + settings are stored persistently on disk, and thus allow the + administrator to easily adjust the resource usage of + services with a few simple commands. This dynamic resource + management logic is also available to other programs via the + bus. Almost any kernel cgroup attribute and controller is + supported. + + * systemd-vconsole-setup will now copy all font settings to + all allocated VTs, where it previously applied them only to + the foreground VT. + + * libsystemd-login gained the new sd_session_get_tty() API + call. + + * This release drops support for a few legacy or + distribution-specific LSB facility names when parsing init + scripts: $x-display-manager, $mail-transfer-agent, + $mail-transport-agent, $mail-transfer-agent, $smtp, + $null. Also, the mail-transfer-agent.target unit backing + this has been removed. Distributions which want to retain + compatibility with this should carry the burden for + supporting this themselves and patch support for these back + in, if they really need to. Also, the facilities $syslog and + $local_fs are now ignored, since systemd does not support + early-boot LSB init scripts anymore, and these facilities + are implied anyway for normal services. syslog.target has + also been removed. + + * There are new bus calls on PID1's Manager object for + cancelling jobs, and removing snapshot units. Previously, + both calls were only available on the Job and Snapshot + objects themselves. + + * systemd-journal-gatewayd gained SSL support. + + * The various "environment" files, such as /etc/locale.conf + now support continuation lines with a backslash ("\") as + last character in the line, similar in style (but different) + to how this is supported in shells. + + * For normal user processes the _SYSTEMD_USER_UNIT= field is + now implicitly appended to every log entry logged. systemctl + has been updated to filter by this field when operating on a + user systemd instance. + + * nspawn will now implicitly add the CAP_AUDIT_WRITE and + CAP_AUDIT_CONTROL capabilities to the capabilities set for + the container. This makes it easier to boot unmodified + Fedora systems in a container, which however still requires + audit=0 to be passed on the kernel command line. Auditing in + kernel and userspace is unfortunately still too broken in + context of containers, hence we recommend compiling it out + of the kernel or using audit=0. Hopefully this will be fixed + one day for good in the kernel. + + * nspawn gained the new --bind= and --bind-ro= parameters to + bind mount specific directories from the host into the + container. + + * nspawn will now mount its own devpts file system instance + into the container, in order not to leak pty devices from + the host into the container. + + * systemd will now read the firmware boot time performance + information from the EFI variables, if the used boot loader + supports this, and takes it into account for boot performance + analysis via "systemd-analyze". This is currently supported + only in conjunction with Gummiboot, but could be supported + by other boot loaders too. For details see: + + http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface + + * A new generator has been added that automatically mounts the + EFI System Partition (ESP) to /boot, if that directory + exists, is empty, and no other file system has been + configured to be mounted there. + + * logind will now send out PrepareForSleep(false) out + unconditionally, after coming back from suspend. This may be + used by applications as asynchronous notification for + system resume events. + + * "systemctl unlock-sessions" has been added, that allows + unlocking the screens of all user sessions at once, similar + how "systemctl lock-sessions" already locked all users + sessions. This is backed by a new D-Bus call UnlockSessions(). + + * "loginctl seat-status" will now show the master device of a + seat. (i.e. the device of a seat that needs to be around for + the seat to be considered available, usually the graphics + card). + + * tmpfiles gained a new "X" line type, that allows + configuration of files and directories (with wildcards) that + shall be excluded from automatic cleanup ("aging"). + + * udev default rules set the device node permissions now only + at "add" events, and do not change them any longer with a + later "change" event. + + * The log messages for lid events and power/sleep keypresses + now carry a message ID. + + * We now have a substantially larger unit test suite, but this + continues to be work in progress. + + * udevadm hwdb gained a new --root= parameter to change the + root directory to operate relative to. + + * logind will now issue a background sync() request to the kernel + early at shutdown, so that dirty buffers are flushed to disk early + instead of at the last moment, in order to optimize shutdown + times a little. + + * A new bootctl tool has been added that is an interface for + certain boot loader operations. This is currently a preview + and is likely to be extended into a small mechanism daemon + like timedated, localed, hostnamed, and can be used by + graphical UIs to enumerate available boot options, and + request boot into firmware operations. + + * systemd-bootchart has been relicensed to LGPLv2.1+ to match + the rest of the package. It also has been updated to work + correctly in initrds. + + * Policykit previously has been runtime optional, and is now + also compile time optional via a configure switch. + + * systemd-analyze has been reimplemented in C. Also "systemctl + dot" has moved into systemd-analyze. + + * "systemctl status" with no further parameters will now print + the status of all active or failed units. + + * Operations such as "systemctl start" can now be executed + with a new mode "--irreversible" which may be used to queue + operations that cannot accidentally be reversed by a later + job queuing. This is by default used to make shutdown + requests more robust. + + * The Python API of systemd now gained a new module for + reading journal files. + + * A new tool kernel-install has been added that can install + kernel images according to the Boot Loader Specification: + + http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec + + * Boot time console output has been improved to provide + animated boot time output for hanging jobs. + + * A new tool systemd-activate has been added which can be used + to test socket activation with, directly from the command + line. This should make it much easier to test and debug + socket activation in daemons. + + * journalctl gained a new "--reverse" (or -r) option to show + journal output in reverse order (i.e. newest line first). + + * journalctl gained a new "--pager-end" (or -e) option to jump + to immediately jump to the end of the journal in the + pager. This is only supported in conjunction with "less". + + * journalctl gained a new "--user-unit=" option, that works + similar to "--unit=" but filters for user units rather than + system units. + + * A number of unit files to ease adoption of systemd in + initrds has been added. This moves some minimal logic from + the various initrd implementations into systemd proper. + + * The journal files are now owned by a new group + "systemd-journal", which exists specifically to allow access + to the journal, and nothing else. Previously, we used the + "adm" group for that, which however possibly covers more + than just journal/log file access. This new group is now + already used by systemd-journal-gatewayd to ensure this + daemon gets access to the journal files and as little else + as possible. Note that "make install" will also set FS ACLs + up for /var/log/journal to give "adm" and "wheel" read + access to it, in addition to "systemd-journal" which owns + the journal files. We recommend that packaging scripts also + add read access to "adm" + "wheel" to /var/log/journal, and + all existing/future journal files. To normal users and + administrators little changes, however packagers need to + ensure to create the "systemd-journal" system group at + package installation time. + + * The systemd-journal-gatewayd now runs as unprivileged user + systemd-journal-gateway:systemd-journal-gateway. Packaging + scripts need to create these system user/group at + installation time. + + * timedated now exposes a new boolean property CanNTP that + indicates whether a local NTP service is available or not. + + * systemd-detect-virt will now also detect xen PVs + + * The pstore file system is now mounted by default, if it is + available. + + * In addition to the SELinux and IMA policies we will now also + load SMACK policies at early boot. + + Contributions from: Adel Gadllah, Aleksander Morgado, Auke + Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch, + Daniel Wallace, Dave Reisner, David Herrmann, David Strauss, + Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer, + Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering, + Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin + Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael + Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil, + Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor + Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob + Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven + Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom + Gundersen, Umut Tezduyar, William Giokas, Zbigniew + Jędrzejewski-Szmek, Zeeshan Ali (Khattak) + CHANGES WITH 197: * Timer units now support calendar time events in addition to @@ -180,7 +753,7 @@ CHANGES WITH 196: the underlying file system of a journal file is capable of properly reporting file change notifications, or whether applications that want to reflect journal changes "live" - need to recheck journal files continously in appropriate + need to recheck journal files continuously in appropriate time intervals. * It is now possible to set the "age" field for tmpfiles @@ -513,7 +1086,7 @@ CHANGES WITH 190: * There's now a new RPM macro definition for the system preset dir: %_presetdir. - * journald will now warn if it can't foward a message to the + * journald will now warn if it can't forward a message to the syslog daemon because it's socket is full. * timedated will no longer write or process /etc/timezone, @@ -648,7 +1221,7 @@ CHANGES WITH 188: the maximum number of iterations to run for. It also gained -b, to run in batch mode (accepting no input). - * The suffix ".service" may now be ommited on most systemctl + * The suffix ".service" may now be omitted on most systemctl command lines involving service unit names. * There's a new bus call in logind to lock all sessions, as @@ -1137,7 +1710,7 @@ CHANGES WITH 44: * Show /etc/os-release data in systemd-analyze output - * Many bugfixes for the journal, including endianess fixes and + * Many bugfixes for the journal, including endianness fixes and ensuring that disk space enforcement works * sd-login.h is C++ comptaible again |