summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS621
1 files changed, 569 insertions, 52 deletions
diff --git a/NEWS b/NEWS
index fb00f4ba63..c67b5b068a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,506 @@
systemd System and Service Manager
+CHANGES WITH 240:
+
+ * NoNewPrivileges=yes has been set for all long-running services
+ implemented by systemd. Previously, this was problematic due to
+ SELinux (as this would also prohibit the transition from PID1's label
+ to the service's label). This restriction has since been lifted, but
+ an SELinux policy update is required.
+ (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
+
+ * DynamicUser=yes is dropped from systemd-networkd.service,
+ systemd-resolved.service and systemd-timesyncd.service, which was
+ enabled in v239 for systemd-networkd.service and systemd-resolved.service,
+ and since v236 for systemd-timesyncd.service. The users and groups
+ systemd-network, systemd-resolve and systemd-timesync are created
+ by systemd-sysusers again. Distributors or system administrators
+ may need to create these users and groups if they not exist (or need
+ to re-enable DynamicUser= for those units) while upgrading systemd.
+
+ * When unit files are loaded from disk, previously systemd would
+ sometimes (depending on the unit loading order) load units from the
+ target path of symlinks in .wants/ or .requires/ directories of other
+ units. This meant that unit could be loaded from different paths
+ depending on whether the unit was requested explicitly or as a
+ dependency of another unit, not honouring the priority of directories
+ in search path. It also meant that it was possible to successfully
+ load and start units which are not found in the unit search path, as
+ long as they were requested as a dependency and linked to from
+ .wants/ or .requires/. The target paths of those symlinks are not
+ used for loading units anymore and the unit file must be found in
+ the search path.
+
+ * A new service type has been added: Type=exec. It's very similar to
+ Type=simple but ensures the service manager will wait for both fork()
+ and execve() of the main service binary to complete before proceeding
+ with follow-up units. This is primarily useful so that the manager
+ propagates any errors in the preparation phase of service execution
+ back to the job that requested the unit to be started. For example,
+ consider a service that has ExecStart= set to a file system binary
+ that doesn't exist. With Type=simple starting the unit would be
+ considered instantly successful, as only fork() has to complete
+ successfully and the manager does not wait for execve(), and hence
+ its failure is seen "too late". With the new Type=exec service type
+ starting the unit will fail, as the manager will wait for the
+ execve() and notice its failure, which is then propagated back to the
+ start job.
+
+ NOTE: with the next release 241 of systemd we intend to change the
+ systemd-run tool to default to Type=exec for transient services
+ started by it. This should be mostly safe, but in specific corner
+ cases might result in problems, as the systemd-run tool will then
+ block on NSS calls (such as user name look-ups due to User=) done
+ between the fork() and execve(), which under specific circumstances
+ might cause problems. It is recommended to specify "-p Type=simple"
+ explicitly in the few cases where this applies. For regular,
+ non-transient services (i.e. those defined with unit files on disk)
+ we will continue to default to Type=simple.
+
+ * The Linux kernel's current default RLIMIT_NOFILE resource limit for
+ userspace processes is set to 1024 (soft) and 4096
+ (hard). Previously, systemd passed this on unmodified to all
+ processes it forked off. With this systemd release the hard limit
+ systemd passes on is increased to 512K, overriding the kernel's
+ defaults and substantially increasing the number of simultaneous file
+ descriptors unprivileged userspace processes can allocate. Note that
+ the soft limit remains at 1024 for compatibility reasons: the
+ traditional UNIX select() call cannot deal with file descriptors >=
+ 1024 and increasing the soft limit globally might thus result in
+ programs unexpectedly allocating a high file descriptor and thus
+ failing abnormally when attempting to use it with select() (of
+ course, programs shouldn't use select() anymore, and prefer
+ poll()/epoll, but the call unfortunately remains undeservedly popular
+ at this time). This change reflects the fact that file descriptor
+ handling in the Linux kernel has been optimized in more recent
+ kernels and allocating large numbers of them should be much cheaper
+ both in memory and in performance than it used to be. Programs that
+ want to take benefit of the increased limit have to "opt-in" into
+ high file descriptors explicitly by raising their soft limit. Of
+ course, when they do that they must acknowledge that they cannot use
+ select() anymore (and neither can any shared library they use — or
+ any shared library used by any shared library they use and so on).
+ Which default hard limit is most appropriate is of course hard to
+ decide. However, given reports that ~300K file descriptors are used
+ in real-life applications we believe 512K is sufficiently high as new
+ default for now. Note that there are also reports that using very
+ high hard limits (e.g. 1G) is problematic: some software allocates
+ large arrays with one element for each potential file descriptor
+ (Java, …) — a high hard limit thus triggers excessively large memory
+ allocations in these applications. Hopefully, the new default of 512K
+ is a good middle ground: higher than what real-life applications
+ currently need, and low enough for avoid triggering excessively large
+ allocations in problematic software. (And yes, somebody should fix
+ Java.)
+
+ * The fs.nr_open and fs.file-max sysctls are now automatically bumped
+ to the highest possible values, as separate accounting of file
+ descriptors is no longer necessary, as memcg tracks them correctly as
+ part of the memory accounting anyway. Thus, from the four limits on
+ file descriptors currently enforced (fs.file-max, fs.nr_open,
+ RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
+ and keep only the latter two. A set of build-time options
+ (-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
+ has been added to revert this change in behaviour, which might be
+ an option for systems that turn off memcg in the kernel.
+
+ * When no /etc/locale.conf file exists (and hence no locale settings
+ are in place), systemd will now use the "C.UTF-8" locale by default,
+ and set LANG= to it. This locale is supported by various
+ distributions including Fedora, with clear indications that upstream
+ glibc is going to make it available too. This locale enables UTF-8
+ mode by default, which appears appropriate for 2018.
+
+ * The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
+ default. This effectively switches the RFC3704 Reverse Path filtering
+ from Strict mode to Loose mode. This is more appropriate for hosts
+ that have multiple links with routes to the same networks (e.g.
+ a client with a Wi-Fi and Ethernet both connected to the internet).
+
+ Consult the kernel documentation for details on this sysctl:
+ https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
+
+ * CPUAccounting=yes no longer enables the CPU controller when using
+ kernel 4.15+ and the unified cgroup hierarchy, as required accounting
+ statistics are now provided independently from the CPU controller.
+
+ * Support for disabling a particular cgroup controller within a sub-tree
+ has been added through the DisableControllers= directive.
+
+ * cgroup_no_v1=all on the kernel command line now also implies
+ using the unified cgroup hierarchy, unless one explicitly passes
+ systemd.unified_cgroup_hierarchy=0 on the kernel command line.
+
+ * The new "MemoryMin=" unit file property may now be used to set the
+ memory usage protection limit of processes invoked by the unit. This
+ controls the cgroupsv2 memory.min attribute. Similarly, the new
+ "IODeviceLatencyTargetSec=" property has been added, wrapping the new
+ cgroupsv2 io.latency cgroup property for configuring per-service I/O
+ latency.
+
+ * systemd now supports the cgroupsv2 devices BPF logic, as counterpart
+ to the cgroupsv1 "devices" cgroup controller.
+
+ * systemd-escape now is able to combine --unescape with --template. It
+ also learnt a new option --instance for extracting and unescaping the
+ instance part of a unit name.
+
+ * sd-bus now provides the sd_bus_message_readv() which is similar to
+ sd_bus_message_read() but takes a va_list object. The pair
+ sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
+ has been added for configuring the default method call timeout to
+ use. sd_bus_error_move() may be used to efficiently move the contents
+ from one sd_bus_error structure to another, invalidating the
+ source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
+ be used to control whether a bus connection object is automatically
+ flushed when an sd-event loop is exited.
+
+ * When processing classic BSD syslog log messages, journald will now
+ save the original time-stamp string supplied in the new
+ SYSLOG_TIMESTAMP= journal field. This permits consumers to
+ reconstruct the original BSD syslog message more correctly.
+
+ * StandardOutput=/StandardError= in service files gained support for
+ new "append:…" parameters, for connecting STDOUT/STDERR of a service
+ to a file, and appending to it.
+
+ * The signal to use as last step of killing of unit processes is now
+ configurable. Previously it was hard-coded to SIGKILL, which may now
+ be overridden with the new KillSignal= setting. Note that this is the
+ signal used when regular termination (i.e. SIGTERM) does not suffice.
+ Similarly, the signal used when aborting a program in case of a
+ watchdog timeout may now be configured too (WatchdogSignal=).
+
+ * The XDG_SESSION_DESKTOP environment variable may now be configured in
+ the pam_systemd argument line, using the new desktop= switch. This is
+ useful to initialize it properly from a display manager without
+ having to touch C code.
+
+ * Most configuration options that previously accepted percentage values
+ now also accept permille values with the '‰' suffix (instead of '%').
+
+ * systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
+ DNS-over-TLS.
+
+ * systemd-resolved's configuration file resolved.conf gained a new
+ option ReadEtcHosts= which may be used to turn off processing and
+ honoring /etc/hosts entries.
+
+ * The "--wait" switch may now be passed to "systemctl
+ is-system-running", in which case the tool will synchronously wait
+ until the system finished start-up.
+
+ * hostnamed gained a new bus call to determine the DMI product UUID.
+
+ * On x86-64 systemd will now prefer using the RDRAND processor
+ instruction over /dev/urandom whenever it requires randomness that
+ neither has to be crypto-grade nor should be reproducible. This
+ should substantially reduce the amount of entropy systemd requests
+ from the kernel during initialization on such systems, though not
+ reduce it to zero. (Why not zero? systemd still needs to allocate
+ UUIDs and such uniquely, which require high-quality randomness.)
+
+ * networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
+ tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
+ for forcing the "Other Information" bit in IPv6 RA messages. The
+ bonding logic gained four new options AdActorSystemPriority=,
+ AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
+ aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
+ shuffling of flows. The tunnel logic gained a new
+ IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
+ Deployment. The policy rule logic gained four new options IPProtocol=,
+ SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
+ support for the MulticastToUnicast= option. networkd also gained
+ support for configuring static IPv4 ARP or IPv6 neighbor entries.
+
+ * .preset files (as read by 'systemctl preset') may now be used to
+ instantiate services.
+
+ * /etc/crypttab now understands the sector-size= option to configure
+ the sector size for an encrypted partition.
+
+ * Key material for encrypted disks may now be placed on a formatted
+ medium, and referenced from /etc/crypttab by the UUID of the file
+ system, followed by "=" suffixed by the path to the key file.
+
+ * The "collect" udev component has been removed without replacement, as
+ it is neither used nor maintained.
+
+ * When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
+ LogsDirectory=, ConfigurationDirectory= settings are used in a
+ service the executed processes will now receive a set of environment
+ variables containing the full paths of these directories.
+ Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
+ LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
+ are used. Note that these options may be used multiple times per
+ service in which case the resulting paths will be concatenated and
+ separated by colons.
+
+ * Predictable interface naming has been extended to cover InfiniBand
+ NICs. They will be exposed with an "ib" prefix.
+
+ * tmpfiles.d/ line types may now be suffixed with a '-' character, in
+ which case the respective line failing is ignored.
+
+ * .link files may now be used to configure the equivalent to the
+ "ethtool advertise" commands.
+
+ * The sd-device.h and sd-hwdb.h APIs are now exported, as an
+ alternative to libudev.h. Previously, the latter was just an internal
+ wrapper around the former, but now these two APIs are exposed
+ directly.
+
+ * sd-id128.h gained a new function sd_id128_get_boot_app_specific()
+ which calculates an app-specific boot ID similar to how
+ sd_id128_get_machine_app_specific() generates an app-specific machine
+ ID.
+
+ * A new tool systemd-id128 has been added that can be used to determine
+ and generate various 128bit IDs.
+
+ * /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
+ and LOGO=.
+
+ * systemd-hibernate-resume-generator will now honor the "noresume"
+ kernel command line option, in which case it will bypass resuming
+ from any hibernated image.
+
+ * The systemd-sleep.conf configuration file gained new options
+ AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
+ AllowHybridSleep= for prohibiting specific sleep modes even if the
+ kernel exports them.
+
+ * portablectl is now officially supported and has thus moved to
+ /usr/bin/.
+
+ * bootctl learnt the two new commands "set-default" and "set-oneshot"
+ for setting the default boot loader item to boot to (either
+ persistently or only for the next boot). This is currently only
+ compatible with sd-boot, but may be implemented on other boot loaders
+ too, that follow the boot loader interface. The updated interface is
+ now documented here:
+
+ https://systemd.io/BOOT_LOADER_INTERFACE
+
+ * A new kernel command line option systemd.early_core_pattern= is now
+ understood which may be used to influence the core_pattern PID 1
+ installs during early boot.
+
+ * busctl learnt two new options -j and --json= for outputting method
+ call replies, properties and monitoring output in JSON.
+
+ * journalctl's JSON output now supports simple ANSI coloring as well as
+ a new "json-seq" mode for generating RFC7464 output.
+
+ * Unit files now support the %g/%G specifiers that resolve to the UNIX
+ group/GID of the service manager runs as, similar to the existing
+ %u/%U specifiers that resolve to the UNIX user/UID.
+
+ * systemd-logind learnt a new global configuration option
+ UserStopDelaySec= that may be set in logind.conf. It specifies how
+ long the systemd --user instance shall remain started after a user
+ logs out. This is useful to speed up repetitive re-connections of the
+ same user, as it means the user's service manager doesn't have to be
+ stopped/restarted on each iteration, but can be reused between
+ subsequent options. This setting defaults to 10s. systemd-logind also
+ exports two new properties on its Manager D-Bus objects indicating
+ whether the system's lid is currently closed, and whether the system
+ is on AC power.
+
+ * systemd gained support for a generic boot counting logic, which
+ generically permits automatic reverting to older boot loader entries
+ if newer updated ones don't work. The boot loader side is implemented
+ in sd-boot, but is kept open for other boot loaders too. For details
+ see:
+
+ https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
+
+ * The SuccessAction=/FailureAction= unit file settings now learnt two
+ new parameters: "exit" and "exit-force", which result in immediate
+ exiting of the service manager, and are only useful in systemd --user
+ and container environments.
+
+ * Unit files gained support for a pair of options
+ FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
+ exit status to use as service manager exit status when
+ SuccessAction=/FailureAction= is set to exit or exit-force.
+
+ * A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
+ options may now be used to configure the log rate limiting applied by
+ journald per-service.
+
+ * systemd-analyze gained a new verb "timespan" for parsing and
+ normalizing time span values (i.e. strings like "5min 7s 8us").
+
+ * systemd-analyze also gained a new verb "security" for analyzing the
+ security and sand-boxing settings of services in order to determine an
+ "exposure level" for them, indicating whether a service would benefit
+ from more sand-boxing options turned on for them.
+
+ * "systemd-analyze syscall-filter" will now also show system calls
+ supported by the local kernel but not included in any of the defined
+ groups.
+
+ * .nspawn files now understand the Ephemeral= setting, matching the
+ --ephemeral command line switch.
+
+ * sd-event gained the new APIs sd_event_source_get_floating() and
+ sd_event_source_set_floating() for controlling whether a specific
+ event source is "floating", i.e. destroyed along with the even loop
+ object itself.
+
+ * Unit objects on D-Bus gained a new "Refs" property that lists all
+ clients that currently have a reference on the unit (to ensure it is
+ not unloaded).
+
+ * The JoinControllers= option in system.conf is no longer supported, as
+ it didn't work correctly, is hard to support properly, is legacy (as
+ the concept only exists on cgroupsv1) and apparently wasn't used.
+
+ * Journal messages that are generated whenever a unit enters the failed
+ state are now tagged with a unique MESSAGE_ID. Similarly, messages
+ generated whenever a service process exits are now made recognizable,
+ too. A taged message is also emitted whenever a unit enters the
+ "dead" state on success.
+
+ * systemd-run gained a new switch --working-directory= for configuring
+ the working directory of the service to start. A shortcut -d is
+ equivalent, setting the working directory of the service to the
+ current working directory of the invoking program. The new --shell
+ (or just -S) option has been added for invoking the $SHELL of the
+ caller as a service, and implies --pty --same-dir --wait --collect
+ --service-type=exec. Or in other words, "systemd-run -S" is now the
+ quickest way to quickly get an interactive in a fully clean and
+ well-defined system service context.
+
+ * machinectl gained a new verb "import-fs" for importing an OS tree
+ from a directory. Moreover, when a directory or tarball is imported
+ and single top-level directory found with the OS itself below the OS
+ tree is automatically mangled and moved one level up.
+
+ * systemd-importd will no longer set up an implicit btrfs loop-back
+ file system on /var/lib/machines. If one is already set up, it will
+ continue to be used.
+
+ * A new generator "systemd-run-generator" has been added. It will
+ synthesize a unit from one or more program command lines included in
+ the kernel command line. This is very useful in container managers
+ for example:
+
+ # systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
+
+ This will run "systemd-nspawn" on an image, invoke the specified
+ command line and immediately shut down the container again, returning
+ the command line's exit code.
+
+ * The block device locking logic is now documented:
+
+ https://systemd.io/BLOCK_DEVICE_LOCKING
+
+ * loginctl and machinectl now optionally output the various tables in
+ JSON using the --output= switch. It is our intention to add similar
+ support to systemctl and all other commands.
+
+ * udevadm's query and trigger verb now optionally take a .device unit
+ name as argument.
+
+ * systemd-udevd's network naming logic now understands a new
+ net.naming-scheme= kernel command line switch, which may be used to
+ pick a specific version of the naming scheme. This helps stabilizing
+ interface names even as systemd/udev are updated and the naming logic
+ is improved.
+
+ * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
+ SD_ID128_ALLF to test if a 128bit ID is set to all 0xFF bytes, and to
+ initialize one to all 0xFF.
+
+ * After loading the SELinux policy systemd will now recursively relabel
+ all files and directories listed in
+ /run/systemd/relabel-extra.d/*.relabel (which should be simple
+ newline separated lists of paths) in addition to the ones it already
+ implicitly relabels in /run, /dev and /sys. After the relabelling is
+ completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
+ removed. This is useful to permit initrds (i.e. code running before
+ the SELinux policy is in effect) to generate files in the host
+ filesystem safely and ensure that the correct label is applied during
+ the transition to the host OS.
+
+ * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
+ mknod() handling in user namespaces. Previously mknod() would always
+ fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
+ but device nodes generated that way cannot be opened, and attempts to
+ open them result in EPERM. This breaks the "graceful fallback" logic
+ in systemd's PrivateDevices= sand-boxing option. This option is
+ implemented defensively, so that when systemd detects it runs in a
+ restricted environment (such as a user namespace, or an environment
+ where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
+ where device nodes cannot be created the effect of PrivateDevices= is
+ bypassed (following the logic that 2nd-level sand-boxing is not
+ essential if the system systemd runs in is itself already sand-boxed
+ as a whole). This logic breaks with 4.18 in container managers where
+ user namespacing is used: suddenly PrivateDevices= succeeds setting
+ up a private /dev/ file system containing devices nodes — but when
+ these are opened they don't work.
+
+ At this point is is recommended that container managers utilizing
+ user namespaces that intend to run systemd in the payload explicitly
+ block mknod() with seccomp or similar, so that the graceful fallback
+ logic works again.
+
+ We are very sorry for the breakage and the requirement to change
+ container configurations for newer kernels. It's purely caused by an
+ incompatible kernel change. The relevant kernel developers have been
+ notified about this userspace breakage quickly, but they chose to
+ ignore it.
+
+ Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
+ Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
+ Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
+ asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
+ Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
+ Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
+ Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
+ Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
+ David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
+ Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
+ Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
+ Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
+ Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
+ Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
+ Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
+ Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
+ Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
+ javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
+ Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
+ Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
+ Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
+ Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
+ Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
+ Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
+ Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
+ Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
+ Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
+ Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
+ Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
+ Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
+ Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
+ Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
+ Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
+ Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
+ Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
+ Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
+ (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
+ Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
+ Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
+ Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
+ Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
+ Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
+ Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
+ Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
+ Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
+
+ — Warsaw, 2018-12-21
+
CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
@@ -82,7 +583,28 @@ CHANGES WITH 239:
* systemd-resolved.service and systemd-networkd.service now set
DynamicUser=yes. The users systemd-resolve and systemd-network are
- not created by systemd-sysusers.
+ not created by systemd-sysusers anymore.
+
+ NOTE: This has a chance of breaking nss-ldap and similar NSS modules
+ that embedd a network facing module into any process using getpwuid()
+ or related call: the dynamic allocation of the user ID for
+ systemd-resolved.service means the service manager has to check NSS
+ if the user name is already taken when forking off the service. Since
+ the user in the common case won't be defined in /etc/passwd the
+ lookup is likely to trigger nss-ldap which in turn might use NSS to
+ ask systemd-resolved for hostname lookups. This will hence result in
+ a deadlock: a user name lookup in order to start
+ systemd-resolved.service will result in a host name lookup for which
+ systemd-resolved.service needs to be started already. There are
+ multiple ways to work around this problem: pre-allocate the
+ "systemd-resolve" user on such systems, so that nss-ldap won't be
+ triggered; or use a different NSS package that doesn't do networking
+ in-process but provides a local asynchronous name cache; or configure
+ the NSS package to avoid lookups for UIDs in the range `pkg-config
+ systemd --variable=dynamicuidmin` … `pkg-config systemd
+ --variable=dynamicuidmax`, so that it does not consider itself
+ authoritative for the same UID range systemd allocates dynamic users
+ from.
* The systemd-resolve tool has been renamed to resolvectl (it also
remains available under the old name, for compatibility), and its
@@ -95,7 +617,7 @@ CHANGES WITH 239:
Debian and FreeBSD resolvconf tool.
* Support for suspend-then-hibernate has been added, i.e. a sleep mode
- where the system initially suspends, and after a time-out resumes and
+ where the system initially suspends, and after a timeout resumes and
hibernates again.
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
@@ -300,13 +822,13 @@ CHANGES WITH 239:
* New documentation has been added to document cgroups delegation,
portable services and the various code quality tools we have set up:
- https://github.com/systemd/systemd/blob/master/doc/CGROUP_DELEGATION.md
- https://github.com/systemd/systemd/blob/master/doc/PORTABLE_SERVICES.md
- https://github.com/systemd/systemd/blob/master/doc/CODE_QUALITY.md
+ https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
+ https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
+ https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
* The Boot Loader Specification has been added to the source tree.
- https://github.com/systemd/systemd/blob/master/doc/BOOT_LOADER_SPECIFICATION.md
+ https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
While moving it into our source tree we have updated it and further
changes are now accepted through the usual github PR workflow.
@@ -546,10 +1068,9 @@ CHANGES WITH 237:
different from what the documentation said, and not particularly
useful, as repeated systemd-tmpfiles invocations would not be
idempotent and grow such files without bounds. With this release
- behaviour has been altered slightly, to match what the documentation
- says: lines of this type only have an effect if the indicated files
- don't exist yet, and only then the argument string is written to the
- file.
+ behaviour has been altered to match what the documentation says:
+ lines of this type only have an effect if the indicated files don't
+ exist yet, and only then the argument string is written to the file.
* FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
systemd-tmpfiles behaviour: previously, read-only files owned by root
@@ -1622,7 +2143,7 @@ CHANGES WITH 233:
* Documentation has been added that lists all of systemd's low-level
environment variables:
- https://github.com/systemd/systemd/blob/master/doc/ENVIRONMENT.md
+ https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
* sd-daemon gained a new API sd_is_socket_sockaddr() for determining
whether a specific socket file descriptor matches a specified socket
@@ -3327,11 +3848,10 @@ CHANGES WITH 226:
correct dequeuing of real-time signals, without losing
signal events.
- * When systemd requests a PolicyKit decision when managing
- units it will now add additional fields to the request,
- including unit name and desired operation. This enables more
- powerful PolicyKit policies, that make decisions depending
- on these parameters.
+ * When systemd requests a polkit decision when managing units it
+ will now add additional fields to the request, including unit
+ name and desired operation. This enables more powerful polkit
+ policies, that make decisions depending on these parameters.
* nspawn learnt support for .nspawn settings files, that may
accompany the image files or directories of containers, and
@@ -3366,13 +3886,12 @@ CHANGES WITH 225:
options and allows other programs to query the values.
* SELinux access control when enabling/disabling units is no
- longer enforced with this release. The previous
- implementation was incorrect, and a new corrected
- implementation is not yet available. As unit file operations
- are still protected via PolicyKit and D-Bus policy this is
- not a security problem. Yet, distributions which care about
- optimal SELinux support should probably not stabilize on
- this release.
+ longer enforced with this release. The previous implementation
+ was incorrect, and a new corrected implementation is not yet
+ available. As unit file operations are still protected via
+ polkit and D-Bus policy this is not a security problem. Yet,
+ distributions which care about optimal SELinux support should
+ probably not stabilize on this release.
* sd-bus gained support for matches of type "arg0has=", that
test for membership of strings in string arrays sent in bus
@@ -3744,11 +4263,10 @@ CHANGES WITH 220:
* systemd-importd gained support for verifying downloaded
images with gpg2 (previously only gpg1 was supported).
- * systemd-machined, systemd-logind, systemd: most bus calls
- are now accessible to unprivileged processes via
- PolicyKit. Also, systemd-logind will now allow users to kill
- their own sessions without further privileges or
- authorization.
+ * systemd-machined, systemd-logind, systemd: most bus calls are
+ now accessible to unprivileged processes via polkit. Also,
+ systemd-logind will now allow users to kill their own sessions
+ without further privileges or authorization.
* systemd-shutdownd has been removed. This service was
previously responsible for implementing scheduled shutdowns
@@ -4403,7 +4921,7 @@ CHANGES WITH 217:
/run/systemd/user directory that was already previously
supported, but is under the control of the user.
- * Job timeouts (i.e. time-outs on the time a job that is
+ * Job timeouts (i.e. timeouts on the time a job that is
queued stays in the run queue) can now optionally result in
immediate reboot or power-off actions (JobTimeoutAction= and
JobTimeoutRebootArgument=). This is useful on ".target"
@@ -4530,11 +5048,11 @@ CHANGES WITH 217:
directly from now on, again.
* Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
- message flag has been added for all of systemd's PolicyKit
- authenticated method calls has been added. In particular
- this now allows optional interactive authorization via
- PolicyKit for many of PID1's privileged operations such as
- unit file enabling and disabling.
+ message flag has been added for all of systemd's polkit
+ authenticated method calls has been added. In particular this
+ now allows optional interactive authorization via polkit for
+ many of PID1's privileged operations such as unit file
+ enabling and disabling.
* "udevadm hwdb --update" learnt a new switch "--usr" for
placing the rebuilt hardware database in /usr instead of
@@ -4613,11 +5131,11 @@ CHANGES WITH 216:
well as the user/group databases, which should enhance
compatibility with certain tools like grpck.
- * A number of bus APIs of PID 1 now optionally consult
- PolicyKit to permit access for otherwise unprivileged
- clients under certain conditions. Note that this currently
- doesn't support interactive authentication yet, but this is
- expected to be added eventually, too.
+ * A number of bus APIs of PID 1 now optionally consult polkit to
+ permit access for otherwise unprivileged clients under certain
+ conditions. Note that this currently doesn't support
+ interactive authentication yet, but this is expected to be
+ added eventually, too.
* /etc/machine-info now has new fields for configuring the
deployment environment of the machine, as well as the
@@ -7090,8 +7608,8 @@ CHANGES WITH 198:
the rest of the package. It also has been updated to work
correctly in initrds.
- * Policykit previously has been runtime optional, and is now
- also compile time optional via a configure switch.
+ * polkit previously has been runtime optional, and is now also
+ compile time optional via a configure switch.
* systemd-analyze has been reimplemented in C. Also "systemctl
dot" has moved into systemd-analyze.
@@ -7259,9 +7777,9 @@ CHANGES WITH 197:
user/vendor or is automatically determined from ACPI and DMI
information if possible.
- * A number of PolicyKit actions are now bound together with
- "imply" rules. This should simplify creating UIs because
- many actions will now authenticate similar ones as well.
+ * A number of polkit actions are now bound together with "imply"
+ rules. This should simplify creating UIs because many actions
+ will now authenticate similar ones as well.
* Unit files learnt a new condition ConditionACPower= which
may be used to conditionalize a unit depending on whether an
@@ -7400,14 +7918,13 @@ CHANGES WITH 196:
to maintain the necessary patches downstream, or find a
different solution. (Talk to us if you have questions!)
- * Various systemd components will now bypass PolicyKit checks
- for root and otherwise handle properly if PolicyKit is not
- found to be around. This should fix most issues for
- PolicyKit-less systems. Quite frankly this should have been
- this way since day one. It is absolutely our intention to
- make systemd work fine on PolicyKit-less systems, and we
- consider it a bug if something does not work as it should if
- PolicyKit is not around.
+ * Various systemd components will now bypass polkit checks for
+ root and otherwise handle properly if polkit is not found to
+ be around. This should fix most issues for polkit-less
+ systems. Quite frankly this should have been this way since
+ day one. It is absolutely our intention to make systemd work
+ fine on polkit-less systems, and we consider it a bug if
+ something does not work as it should if polkit is not around.
* For embedded systems it is now possible to build udev and
systemd without blkid and/or kmod support.
View Lorry Controller Status