-udev 173+
-========
-Bugfixes.
-
-The udev daemon moved to /lib/udev/udevd. Non-systemd init systems
-and non-dracut initramfs image generators need to change the init
-scripts. Alternatively the udev build needs to move udevd back to
-/sbin or create a symlink in /sbin, which is not done by default.
-
-The path_id, usb_id, input_id tools are built-in commands now and
-the stand-alone tools do not exist anymore. Static lists of file in
-initramfs generators need to be updated. For testing, the commands
-can still be executed standalone with 'udevadm test-builtin <cmd>'.
-
-The fusectl filesystem is no longer mounted directly from udev.
-Systemd systems will take care of mounting fusectl and configfs
-now. Non-systemd systems need to ship their own rule if they
-need these filesystems auto-mounted.
-
-The long deprecated keys: SYSFS=, ID=, BUS= have been removed.
-
-The support for 'udevadm trigger --type=failed, and the
-RUN{fail_event_on_error} attribute was removed.
-
-The udev control socket is now created in /run/udev/control
-and no longer as an abstract namespace one.
-
-udev 173
-========
-Bugfixes.
-
-The udev-acl extra is no longer enabled by default now. To enable it,
---enable-udev_acl needs to be given at ./configure time. On systemd
-systems, the udev-acl rules prevent it from running as the functionality
-has moved to systemd.
-
-udev 172
-========
-Bugfixes.
-
-Udev now enables kernel media-presence polling if available. Part
-of udisks optical drive tray-handling moved to cdrom_id: The tray
-is locked as soon as a media is detected to enable the receiving
-of media-eject-request events. Media-eject-request events will
-eject the media.
-
-Libudev enumerate is now able to enumerate a subtree of a given
-device.
-
-The mobile-action-modeswitch modeswitch tool was deleted. The
-functionality is provided by usb_modeswitch now.
-
-udev 171
-========
-Bugfixes.
-
-The systemd service files require systemd version 28. The systemd
-socket activation make it possible now to start 'udevd' and 'udevadm
-trigger' in parallel.
-
-udev 170
-========
-Fix bug in control message handling, which can lead to a failing
-udevadm control --exit. Thanks to Jürg Billeter for help tracking
-it down.
-
-udev 169
-========
-Bugfixes.
-
-We require at least Linux kernel 2.6.32 now. Some platforms might
-require a later kernel that supports accept4() and similar, or
-need to backport the trivial syscall wiring to the older kernels.
-
-The hid2hci tool moved to the bluez package and was removed.
-
-Many of the extras can be --enable/--disabled at ./configure
-time. The --disable-extras option was removed. Some extras have
-been disabled by default. The current options and their defaults
-can be checked with './configure --help'.
-
-udev 168
-========
-Bugfixes.
-
-Udev logs a warning now if /run is not writable at udevd
-startup. It will still fall back to /dev/.udev, but this is
-now considered a bug.
-
-The running udev daemon can now cleanly shut down with:
- udevadm control --exit
-
-Udev in initramfs should clean the state of the udev database
-with: udevadm info --cleanup-db which will remove all state left
-behind from events/rules in initramfs. If initramfs uses
---cleanup-db and device-mapper/LVM, the rules in initramfs need
-to add OPTIONS+="db_persist" for all dm devices. This will
-prevent removal of the udev database for these devices.
-
-Spawned programs by PROGRAM/IMPORT/RUN now have a hard timeout of
-120 seconds per process. If that timeout is reached the spawned
-process will be killed. The event timeout can be overwritten with
-udev rules.
-
-If systemd is used, udev gets now activated by netlink data.
-Systemd will bind the netlink socket which will buffer all data.
-If needed, such setup allows a seemless update of the udev daemon,
-where no event can be lost during a udevd update/restart.
-Packages need to make sure to: systemctl stop udev.socket udev.service
-or 'mask' udev.service during the upgrade to prevent any unwanted
-auto-spawning of udevd.
-This version of udev conflicts with systemd version below 25. The
-unchanged service files will not wirk correctly.
-
-udev 167
-========
-Bugfixes.
-
-The udev runtime data moved from /dev/.udev/ to /run/udev/. The
-/run mountpoint is supposed to be a tmpfs mounted during early boot,
-available and writable to for all tools at any time during bootup,
-it replaces /var/run/, which should become a symlink some day.
-
-If /run does not exist, or is not writable, udev will fall back using
-/dev/.udev/.
-
-On systemd systems with initramfs and LVM used, packagers must
-make sure, that the systemd and initramfs versions match. The initramfs
-needs to create the /run mountpoint for udev to store the data, and
-mount this tmpfs to /run in the rootfs, so the that the udev database
-is preserved for the udev version started in the rootfs.
-
-The command 'udevadm info --convert-db' is gone. The udev daemon
-itself, at startup, converts any old database version if necessary.
-
-The systemd services files have been reorganized. The udev control
-socket is bound by systemd and passed to the started udev daemon.
-The udev-settle.service is no longer active by default. Services which
-can not handle hotplug setups properly need to actively pull it in, to
-act like a barrier. Alternatively the settle service can be unconditionally
-'systemctl'enabled, and act like a barrier for basic.target.
-
-The fstab_import callout is no longer built or installed. Udev
-should not be used to mount, does not watch changes to fstab, and
-should not mirror fstab values in the udev database.
-
-udev 166
-========
-Bugfixes.
-
-New and updated keymaps.
-
-udev 165
-========
-Bugfixes.
-
-The udev database has changed, After installation of a new udev
-version, 'udevadm info --convert-db' should be called, to let the new
-udev/libudev version read the already stored data.
-
-udevadm now supports quoting of property values, and prefixing of
-key names:
- $ udevadm info --export --export-prefix=MY_ --query=property -n sda
- MY_MAJOR='259'
- MY_MINOR='0'
- MY_DEVNAME='/dev/sda'
- MY_DEVTYPE='disk'
- ...
-
-libudev now supports:
- udev_device_get_is_initialized()
- udev_enumerate_add_match_is_initialized()
-to be able to skip devices the kernel has created , but udev has
-not already handled.
-
-libudev now supports:
- udev_device_get_usec_since_initialized()
-to retrieve the "age" of a udev device record.
-
-GUdev supports a more generic GUdevEnumerator class, udev TAG
-handling, device initialization and timestamp now.
-
-The counterpart of /sys/dev/{char,block}/$major:$minor,
-/dev/{char,block}/$major:$minor symlinks are now unconditionally
-created, even when no rule files exist.
-
-New and updated keymaps.
-
-udev 164
-========
-Bugfixes.
-
-GUdev moved from /usr to /.
-
-udev 163
-========
-Bugfixes.
-
-udev 162
-========
-Bugfixes.
-
-Persistent network naming rules are disabled inside of Qemu/KVM now.
-
-New and updated keymaps.
-
-Udev gets unconditionally enabled on systemd installations now. There
-is no longer the need to to run 'systemctl enable udev.service'.
-
-udev 161
-========
-Bugfixes.
-
-udev 160
-========
-Bugfixes.
-
-udev 159
-========
-Bugfixes.
-
-New and fixed keymaps.
-
-Install systemd service files if applicable.
-
-udev 158
-========
-Bugfixes.
-
-All distribution specific rules are removed from the udev source tree,
-most of them are no longer needed. The Gentoo rules which allow to support
-older kernel versions, which are not covered by the default rules anymore
-has moved to rules/misc/30-kernel-compat.rules.
-
-udev 157
-========
-Bugfixes.
-
-The option --debug-trace and the environemnt variable UDEVD_MAX_CHILDS=
-was removed from udevd.
-
-Udevd now checks the kernel commandline for the following variables:
- udev.log-priority=<syslog priority>
- udev.children-max=<maximum number of workers>
- udev.exec-delay=<seconds to delay the execution of RUN=>
-to help debuging coldplug setups where the loading of a kernel
-module crashes the system.
-
-The subdirectory in the source tree rules/packages has been renamed to
-rules/arch, anc contains only architecture specific rules now.
-
-udev 156
-========
-Bugfixes.
-
-udev 155
-========
-Bugfixes.
-
-Now the udev daemon itself, does on startup:
- - copy the content of /lib/udev/devices to /dev
- - create the standard symlinks like /dev/std{in,out,err},
- /dev/core, /dev/fd, ...
- - use static node information provided by kernel modules
- and creates these nodes to allow module on-demand loading
- - possibly apply permissions to all ststic nodes from udev
- rules which are annotated to match a static node
-
-The default mode for a device node is 0600 now to match the kernel
-created devtmpfs defaults. If GROUP= is specified and no MODE= is
-given the default will be 0660.
-
-udev 154
-========
-Bugfixes.
-
-Udev now gradually starts to pass control over the primary device nodes
-and their names to the kernel, and will in the end only manage the
-permissions of the node, and possibly create additional symlinks.
-As a first step NAME="" will be ignored, and NAME= setings with names
-other than the kernel provided name will result in a logged warning.
-Kernels that don't provide device names, or devtmpfs is not used, will
-still work as they did before, but it is strongly recommended to use
-only the same names for the primary device node as the recent kernel
-provides for all devices.
-
-udev 153
-========
-Fix broken firmware loader search path.
-
-udev 152
-========
-Bugfixes.
-
-"udevadm trigger" defaults to "change" events now instead of "add"
-events. The "udev boot script" might need to add "--action=add" to
-the trigger command if not already there, in case the initial coldplug
-events are expected as "add" events.
-
-The option "all_partitons" was removed from udev. This should not be
-needed for usual hardware. Udev can not safely make assumptions
-about non-existing partition major/minor numbers, and therefore no
-longer provide this unreliable and unsafe option.
-
-The option "ignore_remove" was removed from udev. With devtmpfs
-udev passed control over device nodes to the kernel. This option
-should not be needed, or can not work as advertised. Neither
-udev nor the kernel will remove device nodes which are copied from
-the /lib/udev/devices/ directory.
-
-All "add|change" matches are replaced by "!remove" in the rules and
-in the udev logic. All types of events will update possible symlinks
-and permissions, only "remove" is handled special now.
-
-The modem modeswitch extra was removed and the external usb_modeswitch
-program should be used instead.
-
-New and fixed keymaps.
-
-udev 151
-========
-Bugfixes.
-
-udev 150
-========
-Bugfixes.
-
-Kernels with SYSFS_DEPRECATED=y are not supported since a while. Many users
-depend on the current sysfs layout and the information not available in the
-deprecated layout. All remaining support for the deprecated sysfs layout is
-removed now.
-
-udev 149
-========
-Fix for a possible endless loop in the new input_id program.
-
-udev 148
-========
-Bugfixes.
-
-The option "ignore_device" does no longer exist. There is no way to
-ignore an event, as libudev events can not be suppressed by rules.
-It only prevented RUN keys from being executed, which results in an
-inconsistent behavior in current setups.
-
-BUS=, SYSFS{}=, ID= are long deprecated and should be SUBSYSTEM(S)=,
-ATTR(S){}=, KERNEL(S)=. It will cause a warning once for every rule
-file from now on.
-
-The support for the deprecated IDE devices has been removed from the
-default set of rules. Distros who still care about non-libata drivers
-need to add the rules to the compat rules file.
-
-The ID_CLASS property on input devices has been replaced by the more accurate
-set of flags ID_INPUT_{KEYBOARD,KEY,MOUSE,TOUCHPAD,TABLET,JOYSTICK}. These are
-determined by the new "input_id" prober now. Some devices, such as touchpads,
-can have several classes. So if you previously had custom udev rules which e. g.
-checked for ENV{ID_CLASS}=="kbd", you need to replace this with
-ENV{ID_INPUT_KEYBOARD}=="?*".
-
-udev 147
-========
-Bugfixes.
-
-To support DEVPATH strings larger than the maximum file name length, the
-private udev database format has changed. If some software still reads the
-private files in /dev/.udev/, which it shouldn't, now it's time to fix it.
-Please do not port anything to the new format again, everything in /dev/.udev
-is and always was private to udev, and may and will change any time without
-prior notice.
-
-Multiple devices claiming the same names in /dev are limited to symlinks
-only now. Mixing identical symlink names and node names is not supported.
-This reduces the amount of data in the database significantly.
-
-NAME="%k" causes a warning now. It's is and always was completely superfluous.
-It will break kernel supplied DEVNAMEs and therefore it needs to be removed
-from all rules.
-
-Most NAME= instructions got removed. Kernel 2.6.31 supplies the needed names
-if they are not the default. To support older kernels, the NAME= rules need to
-be added to the compat rules file.
-
-Symlinks to udevadm with the old command names are no longer resolved to
-the udevadm commands.
-
-The udev-acl tool got adopted to changes in ConsoleKit. Version 0.4.1 is
-required now.
-
-The option "last_rule" does no longer exist. Its use breaks too many
-things which expect to be run from independent later rules, and is an idication
-that something needs to be fixed properly instead.
-
-The gudev API is no longer marked as experimental,
-G_UDEV_API_IS_SUBJECT_TO_CHANGE is no longer needed. The gudev introspection
-is enabled by default now. Various projects already depend on introspection
-information to bind dynamic languages to the gudev interfaces.
-
-udev 146
-========
-Bugfixes.
-
-The udevadm trigger "--retry-failed" option, which is replaced since quite
-a while by "--type=failed" is removed.
-
-The failed tracking was not working at all for a few releases. The RUN
-option "ignore_error" is replaced by a "fail_event_on_error" option, and the
-default is not to track any failing RUN executions.
-
-New keymaps, new modem, hid2hci updated.
-
-udev 145
-========
-Fix possible crash in udevd when worker processes are busy, rules are
-changed at the same time, and workers get killed to reload the rules.
-
-udev 144
-========
-Bugfixes.
-
-Properties set with ENV{.FOO}="bar" are marked private by starting the
-name with a '.'. They will not be stored in the database, and not be
-exported with the event.
-
-Firmware files are looked up in:
- /lib/firmware/updates/$(uname -r)
- /lib/firmware/updates
- /lib/firmware/$(uname -r)
- /lib/firmware"
-now.
-
-ATA devices switched the property from ID_BUS=scsi to ID_BUS=ata.
-ata_id, instead of scsi_id, is the default tool now for ATA devices.
-
-udev 143
-========
-Bugfixes.
-
-The configure options have changed because another library needs to be
-installed in a different location. Instead of exec_prefix and udev_prefix,
-libdir, rootlibdir and libexecdir are used. The Details are explained in
-the README file.
-
-Event processes now get re-used after they handled an event. This reduces
-the number of forks and the pressure on the CPU significantly, because
-cloned event processes no longer cause page faults in the main daemon.
-After the events have settled, a few worker processes stay around for
-future events, all others get cleaned up.
-
-To be able to use signalfd(), udev depends on kernel version 2.6.25 now.
-Also inotify support is mandatory now to run udev.
-
-The format of the queue exported by the udev damon has changed. There is
-no longer a /dev/.udev/queue/ directory. The current event queue can be
-accessed with udevadm settle and libudedv.
-
-Libudev does not have the unstable API header anymore. From now on,
-incompatible changes will be handled by bumping the library major version.
-
-To build udev from the git tree gtk-doc is needed now. The tarballs will
-build without it and contain the pre-built documentation. An online copy
-is available here:
- http://www.kernel.org/pub/linux/utils/kernel/hotplug/libudev/
-
-The tools from the udev-extras repository have been merged into the main
-udev repository. Some of the extras have larger external dependencies, and
-they can be disabled with the configure switch --disable-extras.
-
-udev 142
-========
-Bugfixes.
-
-The program vol_id and the library libvolume_id are removed from the
-repository. Libvolume_id is merged with libblkid from the util-linux-ng
-package. Persistent disk links for label and uuid depend on the
-util-linux-ng version (2.15) of blkid now. Older versions of blkid
-can not be used with udev.
-
-Libudev allows to subscribe to udev events. To prevent unwanted messages
-to be delivered, and waking up the subscribing process, a filter can be
-installed, to drop messages inside a kernel socket filter. The filters
-match on the <subsytem>:<devtype> properties of the device.
- This is part of the ongoing effort to replace HAL, and switch current
-users over to directly use libudev.
- Libudev is still marked as experimental, and its interface might
-eventually change if needed, but no major changes of the currently exported
-interface are expected anymore, and a first stable release should happen
-soon.
-
-A too old kernel (2.6.21) or a kernel with CONFIG_SYSFS_DEPRECATED
-is not supported since while and udevd will log an error message at
-startup. It should still be able to boot-up, but advanced rules and system
-services which depend on the information not available in the old sysfs
-format will fail to work correctly.
-
-DVB device naming is supplied by the kernel now. In case older kernels
-need to be supported, the old shell script should be added to a compat
-rules file.
-
-udev 141
-========
-Bugfixes.
-
-The processed udev events get send back to the netlink socket. Libudev
-provides access to these events. This is work-in-progress, to replace
-the DeviceKit daemon functionality directly with libudev. There are
-upcoming kernel changes to allow non-root users to subcribe to these
-events.
-
-udev 140
-========
-Bugfixes.
-
-"udevadm settle" now optionally accepts a range of events to wait for,
-instead of waiting for "all" events.
-
-udev 139
-========
-Bugfixes.
-
-The installed watch for block device metadata changes is now removed
-during event hadling, because some (broken) tools may be called from udev
-rules and (wrongly) open the device with write access. After the finished
-event handling the watch is restored.
-
-udev 138
-========
-Bugfixes.
-
-Device nodes can be watched for changes with inotify with OPTIONS="watch".
-If closed after being opened for writing, a "change" uevent will occur.
-/dev/disk/by-{label,uuid}/* symlinks will be automatically updated.
-
-udev 137
-========
-Bugfixes.
-
-The udevadm test command has no longer a --force option, nodes and symlinks
-are always updated with a test run now.
-
-The udevd daemon can be started with --resolve-names=never to avoid all user
-and group lookups (e.g. in cut-down systems) or --resolve-names=late to
-lookup user and groups every time events are handled.
-
-udev 136
-========
-Bugfixes.
-
-We are currently merging the Ubuntu rules in the udev default rules,
-and get one step closer to provide a common Linux /dev setup, regarding
-device names, symlinks, and default device permissions. On udev startup,
-we now expect the following groups to be resolvable to their ids with
-glibc's getgrnam():
- disk, cdrom, floppy, tape, audio, video, lp, tty, dialout, kmem.
-LDAP setups need to make sure, that these groups are always resolvable at
-bootup, with only the rootfs mounted, and without network access available.
-
-Some systems may need to add some new, currently not used groups, or need
-to add some users to new groups, but the cost of this change is minimal,
-compared to the pain the current, rather random, differences between the
-various distributions cause for upstream projects and third-party vendors.
-
-In general, "normal" users who log into a machine should never be a member
-of any such group, but the device-access should be managed by dynamic ACLs,
-which get added and removed for the specific users on login/logout and
-session activity/inactivity. These groups are only provided for custom setups,
-and mainly system services, to allow proper privilege separation.
-A video-streaming daemon uid would be a member of "audio" and "video", to get
-access to the sound and video devices, but no "normal" user should ever belong
-to the "audio" group, because he could listen to the built-in microphone with
-any ssh-session established from the other side of the world.
-
-/dev/serial/by-{id,path}/ now contains links for ttyUSB devices,
-which do not depend on the kernel device name. As usual, unique
-devices - only a single one per product connected, or a real
-USB serial number in the device - are always found with the same
-name in the by-id/ directory.
-Completely identical devices may overwrite their names in by-id/
-and can only be found reliably in the by-path/ directory. Devices
-specified by by-path/ must not change their connection, like the
-USB port number they are plugged in, to keep their name.
-
-To support some advanced features, Linux 2.6.22 is the oldest supported
-version now. The kernel config with enabled SYSFS_DEPRECATED is no longer
-supported. Older kernels should still work, and devices nodes should be
-reliably created, but some rules and libudev will not work correctly because
-the old kernels do not provide the expected information or interfaces.
-
-udev 135
-========
-Bugfixes.
-
-Fix for a possible segfault while swapping network interface names in udev
-versions 131-134.
-
-udev 134
-========
-Bugfixes.
-
-The group "video" is part of the default rules now.
-
-udev 133
-========
-Bugfix for kernels using SYSFS_DEPRECATED* option and finding parent
-block devices in some cases. No common distro uses this option anymore,
-and we do not get enough testing for this and recent udev versions. If
-this option is not needed to run some old distro with a new kernel,
-it should be disabled in the kernel config.
-
-Bugfix for the $links substitution variable, which may crash if no links
-are created. This should not happen in usual setups because we always
-create /dev/{block,char}/ links.
-
-The strings of the parsed rules, which are kept in memory, no longer
-contain duplicate entries, or duplicate tails of strings. This, and the
-new rules parsing/matching code reduces the total in-memory size of
-a huge distro rule sets to 0.08 MB, compared to the 1.2MB of udev
-version 130.
-
-The export of DEVTYPE=disk/partition got removed from the default
-rules. This value is available from the kernel. The pnp shell script
-modprobe hack is removed from the default rules. ACPI devices have _proper_
-modalias support and take care of the same functionality.
-Installations which support old kernels, but install current default
-udev rules may want to add that to the compat rules file.
-
-Libvolume_id now always probes for all known filesystems, and does not
-stop at the first match. Some filesystems are marked as "exclusive probe",
-and if any other filesytem type matches at the same time, libvolume_id
-will, by default, not return any probing result. This is intended to prevent
-mis-detection with conflicting left-over signatures found from earlier
-file system formats. That way, we no longer depend on the probe-order
-in case of multiple competing signatures. In some setups the kernel allows
-to mount a volume with just the old filesystem signature still in place.
-This may damage the new filesystem and cause data-loss, just by mounting
-it. Because volume_id can not decide which one the correct signature is,
-the wrong signatures need to be removed manually from the volume, or the
-volume needs to be reformatted, to enable filesystem detection and possible
-auto-mounting.
-
-udev 132
-========
-Fix segfault if compiled without optimization and dbg() does not get
-compiled out and uses variables which are not available.
-
-udev 131
-========
-Bugfixes. (And maybe new bugs. :))
-
-The rule matching engine got converted from a rule list to a token
-array which reduced the in-memory rules representation of a full
-featured distros with thousends of udev rules from 1.2MB to 0.12 MB.
-Limits like 5 ENV and ATTR matches, and one single instance for most
-other keys per rule are gone.
-
-The NAME assignment is no longer special cased. If later rules assign
-a NAME value again, the former value will be overwritten. As usual
-for most other keys, the NAME value can be protected by doing a final
-assignment with NAME:="<value>".
-
-All udev code now uses libudev, which is also exported. The library
-is still under development, marked as experimental, and its interface
-may change as long as the DeviceKit integration is not finished.
-
-Many thanks to Alan Jenkins for his continuous help, and finding and
-optimizing some of the computing expensive parts.
-
-udev 130
-========
-Bugfixes.
-
-Kernel devices and device nodes are connected now by reverse indizes in
-/sys and /dev. A device number retrieved by a stat() or similar, the
-kernel device directory can be found by looking up:
- /sys/dev/{block,char}/<maj>:<min>
-and the device node of the same device by looking up:
- /dev/{block,char}/<maj>:<min>
-
-udev 129
-========
-Fix recently introduced bug, which caused a compilation without large
-file support, where vol_id does not recognize raid signatures at the end
-of a volume.
-
-Firewire disks now create both, by-id/scsi-* and by-id/ieee-* links.
-Seems some kernel versions prevent the creation of the ieee-* links,
-so people used the scsi-* link which disappeared now.
-
-More libudev work. Almost all udevadm functionality comes from libudev
-now.
-
-udevadm trigger has a new option --type, which allows to trigger events
-for "devices", for "subsystems", or "failed" devices. The old option
---retry-failed" still works, but is no longer mentioned in the man page.
-
-udev 128
-========
-Bugfixes.
-
-The udevadm info --device-id-of-file= output has changed to use
-the obvious format. Possible current users should use the --export
-option which is not affected.
-
-The old udev commands symlinks to udevadm are not installed, if
-these symlinks are used, a warning is printed.
-
-udev 127
-========
-Bugfixes.
-
-Optical drive's media is no longer probed for raid signatures,
-reading the end of the device causes some devices to malfunction.
-Also the offset of the last session found is used now to probe
-for the filesystem.
-
-The volume_id library got a major version number update to 1,
-some deprecated functions are removed.
-
-A shared library "libudev" gets installed now to provide access
-to udev device information. DeviceKit, the successor of HAL, will
-need this library to access the udev database and search sysfs for
-devices.
-The library is currently in an experimental state, also the API is
-expected to change, as long as the DeviceKit integration is not
-finished.
-
-udev 126
-========
-We use ./configure now. See INSTALL for details. Current
-options are:
- --prefix=
- "/usr" - prefix for man pages, include files
- --exec-prefix=
- "" - the root filesystem, prefix for libs and binaries
- --sysconfdir=
- "/etc"
- --with-libdir-name=
- "lib" - directory name for libraries, not a path name
- multilib 64bit systems may use "lib64" instead of "lib"
- --enable-debug
- compile-in verbose debug messages
- --disable-logging
- disable all logging and compile-out all log strings
- --with-selinux
- link against SELInux libraries, to set the expected context
- for created files
-
-In the default rules, the group "disk" gets permissions 0660 instead
-of 0640. One small step closer to unify distro rules. Some day, all
-distros hopefully end up with the same set of rules.
-
-No symlinks to udevadm are installed anymore, if they are still needed,
-they should be provided by the package.
-
-udev 125
-========
-Bugfixes.
-
-Default udev rules, which are not supposed to be edited by the user, should
-be placed in /lib/udev/rules.d/ now, to make it clear that they are private to
-the udev package and will be replaced with an update. Udev will pick up rule
-files from:
- /lib/udev/rules.d/ - default installed rules
- /etc/udev/rules.d/ - user rules + on-the-fly generated rules
- /dev/.udev/rules.d/ - temporary non-persistent rules created after bootup
-It does not matter in which directory a rule file lives, all files are sorted
-in lexical order.
-
-To help creating /dev/root, we have now:
- $ udevadm info --export --export-prefix="ROOT_" --device-id-of-file=/
- ROOT_MAJOR=8
- ROOT_MINOR=5
-In case the current --device-id-of-file is already used, please switch to
-the --export format version, it saves the output parsing and the old
-format will be changed to use ':' as a separator, like the format in the
-sysfs 'dev' file.
-
-udev 124
-========
-Fix cdrom_id to properly recognize blank media.
-
-udev 123
-========
-Bugfixes.
-
-Tape drive id-data is queried from /dev/bsg/* instead of the tape
-nodes. This avoids rewinding tapes on open().
-
-udev 122
-========
-Bugfixes.
-
-The symlinks udevcontrol and udevtrigger are no longer installed by
-the Makefile.
-
-The scsi_id program does not depend on sysfs anymore. It can speak
-SGv4 now, so /dev/bsg/* device nodes can be used, to query SCSI device
-data, which should solve some old problems with tape devices, where
-we better do not open all tape device nodes to identify the device.
-
-udev 121
-========
-Many bugfixes.
-
-The cdrom_id program is replaced by an advanced version, which can
-detect most common device types, and also properties of the inserted
-media. This is part of moving some basic functionality from HAL into
-udev (and the kernel).
-
-udev 120
-========
-Bugfixes.
-
-The last WAIT_FOR_SYSFS rule is removed from the default rules.
-
-The symlinks to udevadm for the debugging tools: udevmonitor and
-udevtest are no longer created.
-
-The symlinks to the udevadm man page for the old tool names are
-no longer created.
-
-Abstract namespace sockets paths in RUN+="socket:@<path>" rules,
-should be prefixed with '@' to indicate that the path is not a
-real file.
-
-udev 119
-========
-Bugfixes.
-
-udev 118
-========
-Bugfixes.
-
-Udevstart is removed from the tree, it did not get installed for
-a long time now, and is long replaced by trigger and settle.
-
-udev 117
-========
-Bugfixes.
-
-All udev tools are merged into a single binary called udevadm.
-The old names of the tools are built-in commands in udevadm now.
-Symlinks to udevadm, with the names of the old tools, provide
-the same functionality as the standalone tools. There is also
-only a single udevadm.8 man page left for all tools.
-
-Tools like mkinitramfs should be checked, if they need to include
-udevadm in the list of files.
-
-udev 116
-========
-Bugfixes.
-
-udev 115
-========
-Bugfixes.
-
-The etc/udev/rules.d/ directory now contains a default set of basic
-udev rules. This initial version is the result of a rules file merge
-of Fedora and openSUSE. For these both distros only a few specific
-rules are left in their own file, named after the distro. Rules which
-are optionally installed, because they are only valid for a specific
-architecture, or rules for subsystems which are not always used are
-in etc/udev/packages/.
-
-udev 114
-========
-Bugfixes.
-
-Dynamic rules can be created in /dev/.udev/rules.d/ to trigger
-actions by dynamically created rules.
-
-SYMLINK=="<value>" matches agains the entries in the list of
-currently defined symlinks. The links are not created in the
-filesystem at that point in time, but the values can be matched.
+systemd System and Service Manager
+
+CHANGES WITH 212:
+
+ * When restoring the screen brightness at boot, stay away from
+ the darkest setting or from the lowest 5% of the available
+ range, depending on which is the larger value of both. This
+ should effectively protect the user from rebooting into a
+ black screen, should the brightness have been set to minimum
+ by accident.
+
+ * sd-login gained a new sd_machine_get_class() call to
+ determine the class ("vm" or "container") of a machine
+ registered with machined.
+
+ * sd-login gained new calls
+ sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
+ to query the identity of the peer of a local AF_UNIX
+ connection. They operate similar to their sd_pid_get_xyz()
+ counterparts.
+
+ * PID 1 will now maintain a system-wide system state engine
+ with the states "starting", "running", "degraded",
+ "maintenance", "stopping". These states are bound to system
+ startup, normal runtime, runtime with at least one failed
+ service, rescue/emergency mode and system shutdown. This
+ state is shown in the "systemctl status" output when no unit
+ name is passed. It is useful to determine system state, in
+ particularly when doing so for many systems or containers at
+ once.
+
+ * A new command "list-machines" has been added to "systemctl"
+ that lists all local OS containers and shows their system
+ state (see above), if systemd runs inside of them.
+
+ * systemctl gained a new "-r" switch to recursively enumerate
+ units on all local containers, when used with the
+ "list-unit" command (which is the default one that is
+ executed when no parameters are specified).
+
+ * The GPT automatic partition discovery logic will now honour
+ two GPT partition flags: one may be set on a partition to
+ cause it to be mounted read-only, and the other may be set
+ on a partition to ignore it during automatic discovery.
+
+ * Two new GPT type UUIDs have been added for automatic root
+ partition discovery, for 32bit and 64bit ARM. This is not
+ particularly useful for discovering the root directory on
+ these architectures during bare-metal boots (since UEFI is
+ not common there), but still very useful to allow booting of
+ ARM disk images in nspawn with the -i option.
+
+ * MAC addresses of interfaces created with nspawn's
+ --network-interface= switch will now be generated from the
+ machine name, and thus be stable between multiple invocations
+ of the container.
+
+ * logind will now automatically remove all IPC objects owned
+ by a user if she or he fully logs out. This makes sure that
+ users who are logged out cannot continue to consume IPC
+ resources. This covers SysV memory, semaphores and message
+ queues as well as POSIX shared memory and message
+ queues. Traditionally SysV and POSIX IPC had no life-cycle
+ limits, with this functionality this is corrected. This may
+ be turned off using the RemoveIPC= switch of logind.conf.
+
+ * The systemd-machine-id-setup and tmpfiles tools gained a
+ --root= switch to operate on a specific root directory,
+ instead of /.
+
+ * journald can now forward logged messages to the TTYs of all
+ logged in users ("wall"). This is the default for all
+ emergency messages now.
+
+ * A new tool systemd-journal-remote has been added to stream
+ journal log messages across the network.
+
+ * /sys/fs/cgroup/ is now mounted read-only after all cgroup
+ controller trees are mounted into it. Note that the
+ directories mounted beneath it are not read-only. This is a
+ security measure and is particularly useful because glibc
+ actually includes a search logic to pick any tmpfs it can
+ find to implement shm_open() if /dev/shm is not available
+ (which it might very well be in namespaced setups).
+
+ * machinectl gained a new "poweroff" command to cleanly power
+ down a local OS container.
+
+ * The PrivateDevices= unit file setting will now also drop the
+ CAP_MKNOD capability from the capability bound set, and
+ imply DevicePolicy=closed.
+
+ * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
+ comprehensively on all long-running systemd services where
+ this is appropriate.
+
+ * systemd-udevd will now run in a disassociated mount
+ namespace. To mount directories from udev rules make sure to
+ pull in mount units via SYSTEMD_WANTS properties.
+
+ * The kdbus support gained support for uploading policy into
+ the kernel. sd-bus gained support for creating "monitoring"
+ connections that can eavesdrop into all bus communication
+ for debugging purposes.
+
+ * Timestamps may now be specified in seconds since the UNIX
+ epoch Jan 1st, 1970 by specifying "@" followed by the value
+ in seconds.
+
+ * Native tcpwrap support in systemd has been removed. tcpwrap
+ is old code, not really maintained anymore and has serious
+ shortcomings, and better options such as firewalls
+ exist. For setups that require tcpwrap usage, please
+ consider invoking your socket-activated service via tcpd,
+ like on traditional inetd.
+
+ * A new system.conf configuration option
+ DefaultTimerAccuracySec= has been added that controls the
+ default AccuracySec= setting of .timer units.
+
+ * Timer units gained a new WakeSystem= switch. If enabled
+ timers configured this way will cause the system to resume
+ from system suspend (if the system supports that, which most
+ do these days).
+
+ * Timer units gained a new Persistent= switch. If enabled
+ timers configured this way will save to disk when they have
+ been last triggered. This information is then used on next
+ reboot to possible execute overdue timer events, that
+ couldn't take place because the system was powered off. This
+ enables simple anacron-like behaviour for timer units.
+
+ * systemctl's "list-timers" will now also list the time a
+ timer unit was last triggered in addition to the next time
+ it will be triggered.
+
+ * systemd-networkd will now assign predictable IPv4LL
+ addresses to its local interfaces.
+
+ Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
+ Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
+ Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
+ Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
+ Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
+ Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
+ Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
+ Jędrzejewski-Szmek
+
+ -- Berlin, 2014-03-25
+
+CHANGES WITH 211:
+
+ * A new unit file setting RestrictAddressFamilies= has been
+ added to restrict which socket address families unit
+ processes gain access to. This takes address family names
+ like "AF_INET" or "AF_UNIX", and is useful to minimize the
+ attack surface of services via exotic protocol stacks. This
+ is built on seccomp system call filters.
+
+ * Two new unit file settings RuntimeDirectory= and
+ RuntimeDirectoryMode= have been added that may be used to
+ manage a per-daemon runtime directories below /run. This is
+ an alternative for setting up directory permissions with
+ tmpfiles snippets, and has the advantage that the runtime
+ directory's lifetime is bound to the daemon runtime and that
+ the daemon starts up with an empty directory each time. This
+ is particularly useful when writing services that drop
+ priviliges using the User= or Group= setting.
+
+ * The DeviceAllow= unit setting now supports globbing for
+ matching against device group names.
+
+ * The systemd configuration file system.conf gained new
+ settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
+ DefaultMemoryAccounting= to globally turn on/off accounting
+ for specific resources (cgroups) for all units. These
+ settings may still be overridden individually in each unit
+ though.
+
+ * systemd-gpt-auto-generator is now able to discover /srv and
+ root partitions in addition to /home and swap partitions. It
+ also supports LUKS-encrypted partitions now. With this in
+ place automatic discovery of partitions to mount following
+ the Discoverable Partitions Specification
+ (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
+ is now a lot more complete. This allows booting without
+ /etc/fstab and without root= on the kernel command line on
+ appropriately prepared systems.
+
+ * systemd-nspawn gained a new --image= switch which allows
+ booting up disk images and Linux installations on any block
+ device that follow the Discoverable Partitions Specification
+ (see above). This means that installations made with
+ appropriately updated installers may now be started and
+ deployed using container managers, completely
+ unmodified. (We hope that libvirt-lxc will add support for
+ this feature soon, too.)
+
+ * systemd-nspawn gained a new --network-macvlan= setting to
+ set up a private macvlan interface for the
+ container. Similar, systemd-networkd gained a new
+ Kind=macvlan setting in .netdev files.
+
+ * systemd-networkd now supports configuring local addresses
+ using IPv4LL.
+
+ * A new tool systemd-network-wait-online has been added to
+ synchronously wait for network connectivity using
+ systemd-networkd.
+
+ * The sd-bus.h bus API gained a new sd_bus_track object for
+ tracking the life-cycle of bus peers. Note that sd-bus.h is
+ still not a public API though (unless you specify
+ --enable-kdbus on the configure command line, which however
+ voids your warranty and you get no API stability guarantee).
+
+ * The $XDG_RUNTIME_DIR runtime directories for each user are
+ now individual tmpfs instances, which has the benefit of
+ introducing separate pools for each user, with individual
+ size limits, and thus making sure that unprivileged clients
+ can no longer negatively impact the system or other users by
+ filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
+ RuntimeDirectorySize= has been introduced that allows
+ controlling the default size limit for all users. It
+ defaults to 10% of the available physical memory. This is no
+ replacement for quotas on tmpfs though (which the kernel
+ still does not support), as /dev/shm and /tmp are still
+ shared resources used by both the system and unprivileged
+ users.
+
+ * logind will now automatically turn off automatic suspending
+ on laptop lid close when more than one display is
+ connected. This was previously expected to be implemented
+ individually in desktop environments (such as GNOME),
+ however has been added to logind now, in order to fix a
+ boot-time race where a desktop environment might not have
+ been started yet and thus not been able to take an inhibitor
+ lock at the time where logind already suspends the system
+ due to a closed lid.
+
+ * logind will now wait at least 30s after each system
+ suspend/resume cycle, and 3min after system boot before
+ suspending the system due to a closed laptop lid. This
+ should give USB docking stations and similar enough time to
+ be probed and configured after system resume and boot in
+ order to then act as suspend blocker.
+
+ * systemd-run gained a new --property= setting which allows
+ initialization of resource control properties (and others)
+ for the created scope or service unit. Example: "systemd-run
+ --property=BlockIOWeight=10 updatedb" may be used to run
+ updatedb at a low block IO scheduling weight.
+
+ * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
+ now also work in --scope mode.
+
+ * When systemd is compiled with kdbus support, basic support
+ for enforced policies is now in place. (Note that enabling
+ kdbus still voids your warranty and no API compatibility
+ promises are made.)
+
+ Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
+ K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
+ Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
+ Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
+ Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
+ Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
+ Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
+ Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
+ Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
+ Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2014-03-12
+
+CHANGES WITH 210:
+
+ * systemd will now relabel /dev after loading the SMACK policy
+ according to SMACK rules.
+
+ * A new unit file option AppArmorProfile= has been added to
+ set the AppArmor profile for the processes of a unit.
+
+ * A new condition check ConditionArchitecture= has been added
+ to conditionalize units based on the system architecture, as
+ reported by uname()'s "machine" field.
+
+ * systemd-networkd now supports matching on the system
+ virtualization, architecture, kernel command line, host name
+ and machine ID.
+
+ * logind is now a lot more aggressive when suspending the
+ machine due to a closed laptop lid. Instead of acting only
+ on the lid close action it will continuously watch the lid
+ status and act on it. This is useful for laptops where the
+ power button is on the outside of the chassis so that it can
+ be reached without opening the lid (such as the Lenovo
+ Yoga). On those machines logind will now immediately
+ re-suspend the machine if the power button has been
+ accidentally pressed while the laptop was suspended and in a
+ backpack or similar.
+
+ * logind will now watch SW_DOCK switches and inhibit reaction
+ to the lid switch if it is pressed. This means that logind
+ will not suspend the machine anymore if the lid is closed
+ and the system is docked, if the laptop supports SW_DOCK
+ notifications via the input layer. Note that ACPI docking
+ stations do not generate this currently. Also note that this
+ logic is usually not fully sufficient and Desktop
+ Environments should take a lid switch inhibitor lock when an
+ external display is connected, as systemd will not watch
+ this on its own.
+
+ * nspawn will now make use of the devices cgroup controller by
+ default, and only permit creation of and access to the usual
+ API device nodes like /dev/null or /dev/random, as well as
+ access to (but not creation of) the pty devices.
+
+ * We will now ship a default .network file for
+ systemd-networkd that automatically configures DHCP for
+ network interfaces created by nspawn's --network-veth or
+ --network-bridge= switches.
+
+ * systemd will now understand the usual M, K, G, T suffixes
+ according to SI conventions (i.e. to the base 1000) when
+ referring to throughput and hardware metrics. It will stay
+ with IEC conventions (i.e. to the base 1024) for software
+ metrics, according to what is customary according to
+ Wikipedia. We explicitly document which base applies for
+ each configuration option.
+
+ * The DeviceAllow= setting in unit files now supports a syntax
+ to whitelist an entire group of devices node majors at once,
+ based on the /proc/devices listing. For example, with the
+ string "char-pts" it is now possible to whitelist all
+ current and future pseudo-TTYs at once.
+
+ * sd-event learned a new "post" event source. Event sources of
+ this type are triggered by the dispatching of any event
+ source of a type that is not "post". This is useful for
+ implementing clean-up and check event sources that are
+ triggered by other work being done in the program.
+
+ * systemd-networkd is no longer statically enabled, but uses
+ the usual [Install] sections so that it can be
+ enabled/disabled using systemctl. It still is enabled by
+ default however.
+
+ * When creating a veth interface pair with systemd-nspawn the
+ host side will now be prefixed with "vb-" if
+ --network-bridge= is used, and with "ve-" if --network-veth
+ is used. This way it is easy to distinguish these cases on
+ the host, for example to apply different configuration to
+ them with systemd-networkd.
+
+ * The compatibility libraries for libsystemd-journal.so,
+ libsystem-id128.so, libsystemd-login.so and
+ libsystemd-daemon.so do not make use of IFUNC
+ anymore. Instead we now build libsystemd.so multiple times
+ under these alternative names. This means that the footprint
+ is drastically increased, but given that these are
+ transitional compatibility libraries this shouldn't matter
+ much. This change has been made necessary to support the ARM
+ platform for these compatibility libraries, as the ARM
+ toolchain isn't really at the same level as the toolchain
+ for other architectures like x86 and does not support
+ IFUNC. Please make sure to use --enable-compat-libs only
+ during a transitional period!
+
+ Contributions from: Andreas Fuchs, Armin K., Colin Walters,
+ Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
+ Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
+ St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
+ Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
+ Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
+ Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
+ Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2014-02-24
+
+CHANGES WITH 209:
+
+ * A new component "systemd-networkd" has been added that can
+ be used to configure local network interfaces statically or
+ via DHCP. It is capable of bringing up bridges, VLANs, and
+ bonding. Currently, no hook-ups for interactive network
+ configuration are provided. Use this for your initrd,
+ container, embedded, or server setup if you need a simple,
+ yet powerful, network configuration solution. This
+ configuration subsystem is quite nifty, as it allows wildcard
+ hotplug matching in interfaces. For example, with a single
+ configuration snippet, you can configure that all Ethernet
+ interfaces showing up are automatically added to a bridge,
+ or similar. It supports link-sensing and more.
+
+ * A new tool "systemd-socket-proxyd" has been added which can
+ act as a bidirectional proxy for TCP sockets. This is
+ useful for adding socket activation support to services that
+ do not actually support socket activation, including virtual
+ machines and the like.
+
+ * Add a new tool to save/restore rfkill state on
+ shutdown/boot.
+
+ * Save/restore state of keyboard backlights in addition to
+ display backlights on shutdown/boot.
+
+ * udev learned a new SECLABEL{} construct to label device
+ nodes with a specific security label when they appear. For
+ now, only SECLABEL{selinux} is supported, but the syntax is
+ prepared for additional security frameworks.
+
+ * udev gained a new scheme to configure link-level attributes
+ from files in /etc/systemd/network/*.link. These files can
+ match against MAC address, device path, driver name and type,
+ and will apply attributes like the naming policy, link speed,
+ MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
+ address assignment policy (randomized, ...).
+
+ * The configuration of network interface naming rules for
+ "permanent interface names" has changed: a new NamePolicy=
+ setting in the [Link] section of .link files determines the
+ priority of possible naming schemes (onboard, slot, mac,
+ path). The default value of this setting is determined by
+ /usr/lib/net/links/99-default.link. Old
+ 80-net-name-slot.rules udev configuration file has been
+ removed, so local configuration overriding this file should
+ be adapated to override 99-default.link instead.
+
+ * When the User= switch is used in a unit file, also
+ initialize $SHELL= based on the user database entry.
+
+ * systemd no longer depends on libdbus. All communication is
+ now done with sd-bus, systemd's low-level bus library
+ implementation.
+
+ * kdbus support has been added to PID 1 itself. When kdbus is
+ enabled, this causes PID 1 to set up the system bus and
+ enable support for a new ".busname" unit type that
+ encapsulates bus name activation on kdbus. It works a little
+ bit like ".socket" units, except for bus names. A new
+ generator has been added that converts classic dbus1 service
+ activation files automatically into native systemd .busname
+ and .service units.
+
+ * sd-bus: add a light-weight vtable implementation that allows
+ defining objects on the bus with a simple static const
+ vtable array of its methods, signals and properties.
+
+ * systemd will not generate or install static dbus
+ introspection data anymore to /usr/share/dbus-1/interfaces,
+ as the precise format of these files is unclear, and
+ nothing makes use of it.
+
+ * A proxy daemon is now provided to proxy clients connecting
+ via classic D-Bus AF_UNIX sockets to kdbus, to provide full
+ compatibility with classic D-Bus.
+
+ * A bus driver implementation has been added that supports the
+ classic D-Bus bus driver calls on kdbus, also for
+ compatibility purposes.
+
+ * A new API "sd-event.h" has been added that implements a
+ minimal event loop API built around epoll. It provides a
+ couple of features that direct epoll usage is lacking:
+ prioritization of events, scales to large numbers of timer
+ events, per-event timer slack (accuracy), system-wide
+ coalescing of timer events, exit handlers, watchdog
+ supervision support using systemd's sd_notify() API, child
+ process handling.
+
+ * A new API "sd-rntl.h" has been added that provides an API
+ around the route netlink interface of the kernel, similar in
+ style to "sd-bus.h".
+
+ * A new API "sd-dhcp-client.h" has been added that provides a
+ small DHCPv4 client-side implementation. This is used by
+ "systemd-networkd".
+
+ * There is a new kernel command line option
+ "systemd.restore_state=0|1". When set to "0", none of the
+ systemd tools will restore saved runtime state to hardware
+ devices. More specifically, the rfkill and backlight states
+ are not restored.
+
+ * The FsckPassNo= compatibility option in mount/service units
+ has been removed. The fstab generator will now add the
+ necessary dependencies automatically, and does not require
+ PID1's support for that anymore.
+
+ * journalctl gained a new switch, --list-boots, that lists
+ recent boots with their times and boot IDs.
+
+ * The various tools like systemctl, loginctl, timedatectl,
+ busctl, systemd-run, ... have gained a new switch "-M" to
+ connect to a specific, local OS container (as direct
+ connection, without requiring SSH). This works on any
+ container that is registered with machined, such as those
+ created by libvirt-lxc or nspawn.
+
+ * systemd-run and systemd-analyze also gained support for "-H"
+ to connect to remote hosts via SSH. This is particularly
+ useful for systemd-run because it enables queuing of jobs
+ onto remote systems.
+
+ * machinectl gained a new command "login" to open a getty
+ login in any local container. This works with any container
+ that is registered with machined (such as those created by
+ libvirt-lxc or nspawn), and which runs systemd inside.
+
+ * machinectl gained a new "reboot" command that may be used to
+ trigger a reboot on a specific container that is registered
+ with machined. This works on any container that runs an init
+ system of some kind.
+
+ * systemctl gained a new "list-timers" command to print a nice
+ listing of installed timer units with the times they elapse
+ next.
+
+ * Alternative reboot() parameters may now be specified on the
+ "systemctl reboot" command line and are passed to the
+ reboot() system call.
+
+ * systemctl gained a new --job-mode= switch to configure the
+ mode to queue a job with. This is a more generic version of
+ --fail, --irreversible, and --ignore-dependencies, which are
+ still available but not advertised anymore.
+
+ * /etc/systemd/system.conf gained new settings to configure
+ various default timeouts of units, as well as the default
+ start limit interval and burst. These may still be overridden
+ within each Unit.
+
+ * PID1 will now export on the bus profile data of the security
+ policy upload process (such as the SELinux policy upload to
+ the kernel).
+
+ * journald: when forwarding logs to the console, include
+ timestamps (following the setting in
+ /sys/module/printk/parameters/time).
+
+ * OnCalendar= in timer units now understands the special
+ strings "yearly" and "annually". (Both are equivalent)
+
+ * The accuracy of timer units is now configurable with the new
+ AccuracySec= setting. It defaults to 1min.
+
+ * A new dependency type JoinsNamespaceOf= has been added that
+ allows running two services within the same /tmp and network
+ namespace, if PrivateNetwork= or PrivateTmp= are used.
+
+ * A new command "cat" has been added to systemctl. It outputs
+ the original unit file of a unit, and concatenates the
+ contents of additional "drop-in" unit file snippets, so that
+ the full configuration is shown.
+
+ * systemctl now supports globbing on the various "list-xyz"
+ commands, like "list-units" or "list-sockets", as well as on
+ those commands which take multiple unit names.
+
+ * journalctl's --unit= switch gained support for globbing.
+
+ * All systemd daemons now make use of the watchdog logic so
+ that systemd automatically notices when they hang.
+
+ * If the $container_ttys environment variable is set,
+ getty-generator will automatically spawn a getty for each
+ listed tty. This is useful for container managers to request
+ login gettys to be spawned on as many ttys as needed.
+
+ * %h, %s, %U specifier support is not available anymore when
+ used in unit files for PID 1. This is because NSS calls are
+ not safe from PID 1. They stay available for --user
+ instances of systemd, and as special case for the root user.
+
+ * loginctl gained a new "--no-legend" switch to turn off output
+ of the legend text.
+
+ * The "sd-login.h" API gained three new calls:
+ sd_session_is_remote(), sd_session_get_remote_user(),
+ sd_session_get_remote_host() to query information about
+ remote sessions.
+
+ * The udev hardware database now also carries vendor/product
+ information of SDIO devices.
+
+ * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
+ determine whether watchdog notifications are requested by
+ the system manager.
+
+ * Socket-activated per-connection services now include a
+ short description of the connection parameters in the
+ description.
+
+ * tmpfiles gained a new "--boot" option. When this is not used,
+ only lines where the command character is not suffixed with
+ "!" are executed. When this option is specified, those
+ options are executed too. This partitions tmpfiles
+ directives into those that can be safely executed at any
+ time, and those which should be run only at boot (for
+ example, a line that creates /run/nologin).
+
+ * A new API "sd-resolve.h" has been added which provides a simple
+ asynchronous wrapper around glibc NSS host name resolution
+ calls, such as getaddrinfo(). In contrast to glibc's
+ getaddrinfo_a(), it does not use signals. In contrast to most
+ other asynchronous name resolution libraries, this one does
+ not reimplement DNS, but reuses NSS, so that alternate
+ host name resolution systems continue to work, such as mDNS,
+ LDAP, etc. This API is based on libasyncns, but it has been
+ cleaned up for inclusion in systemd.
+
+ * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
+ "sd-daemon.h" are no longer found in individual libraries
+ libsystemd-journal.so, libsystemd-login.so,
+ libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
+ merged them into a single library, libsystemd.so, which
+ provides all symbols. The reason for this is cyclic
+ dependencies, as these libraries tend to use each other's
+ symbols. So far, we've managed to workaround that by linking
+ a copy of a good part of our code into each of these
+ libraries again and again, which, however, makes certain
+ things hard to do, like sharing static variables. Also, it
+ substantially increases footprint. With this change, there
+ is only one library for the basic APIs systemd
+ provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
+ "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
+ library as well, however are subject to the --enable-kdbus
+ switch (see below). Note that "sd-dhcp-client.h" is not part
+ of this library (this is because it only consumes, never
+ provides, services of/to other APIs). To make the transition
+ easy from the separate libraries to the unified one, we
+ provide the --enable-compat-libs compile-time switch which
+ will generate stub libraries that are compatible with the
+ old ones but redirect all calls to the new one.
+
+ * All of the kdbus logic and the new APIs "sd-bus.h",
+ "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
+ and "sd-utf8.h" are compile-time optional via the
+ "--enable-kdbus" switch, and they are not compiled in by
+ default. To make use of kdbus, you have to explicitly enable
+ the switch. Note however, that neither the kernel nor the
+ userspace API for all of this is considered stable yet. We
+ want to maintain the freedom to still change the APIs for
+ now. By specifying this build-time switch, you acknowledge
+ that you are aware of the instability of the current
+ APIs.
+
+ * Also, note that while kdbus is pretty much complete,
+ it lacks one thing: proper policy support. This means you
+ can build a fully working system with all features; however,
+ it will be highly insecure. Policy support will be added in
+ one of the next releases, at the same time that we will
+ declare the APIs stable.
+
+ * When the kernel command-line argument "kdbus" is specified,
+ systemd will automatically load the kdbus.ko kernel module. At
+ this stage of development, it is only useful for testing kdbus
+ and should not be used in production. Note: if "--enable-kdbus"
+ is specified, and the kdbus.ko kernel module is available, and
+ "kdbus" is added to the kernel command line, the entire system
+ runs with kdbus instead of dbus-daemon, with the above mentioned
+ problem of missing the system policy enforcement. Also a future
+ version of kdbus.ko or a newer systemd will not be compatible with
+ each other, and will unlikely be able to boot the machine if only
+ one of them is updated.
+
+ * systemctl gained a new "import-environment" command which
+ uploads the caller's environment (or parts thereof) into the
+ service manager so that it is inherited by services started
+ by the manager. This is useful to upload variables like
+ $DISPLAY into the user service manager.
+
+ * A new PrivateDevices= switch has been added to service units
+ which allows running a service with a namespaced /dev
+ directory that does not contain any device nodes for
+ physical devices. More specifically, it only includes devices
+ such as /dev/null, /dev/urandom, and /dev/zero which are API
+ entry points.
+
+ * logind has been extended to support behaviour like VT
+ switching on seats that do not support a VT. This makes
+ multi-session available on seats that are not the first seat
+ (seat0), and on systems where kernel support for VTs has
+ been disabled at compile-time.
+
+ * If a process holds a delay lock for system sleep or shutdown
+ and fails to release it in time, we will now log its
+ identity. This makes it easier to identify processes that
+ cause slow suspends or power-offs.
+
+ * When parsing /etc/crypttab, support for a new key-slot=
+ option as supported by Debian is added. It allows indicating
+ which LUKS slot to use on disk, speeding up key loading.
+
+ * The sd_journald_sendv() API call has been checked and
+ officially declared to be async-signal-safe so that it may
+ be invoked from signal handlers for logging purposes.
+
+ * Boot-time status output is now enabled automatically after a
+ short timeout if boot does not progress, in order to give
+ the user an indication what she or he is waiting for.
+
+ * The boot-time output has been improved to show how much time
+ remains until jobs expire.
+
+ * The KillMode= switch in service units gained a new possible
+ value "mixed". If set, and the unit is shut down, then the
+ initial SIGTERM signal is sent only to the main daemon
+ process, while the following SIGKILL signal is sent to
+ all remaining processes of the service.
+
+ * When a scope unit is registered, a new property "Controller"
+ may be set. If set to a valid bus name, systemd will send a
+ RequestStop() signal to this name when it would like to shut
+ down the scope. This may be used to hook manager logic into
+ the shutdown logic of scope units. Also, scope units may now
+ be put in a special "abandoned" state, in which case the
+ manager process which created them takes no further
+ responsibilities for it.
+
+ * When reading unit files, systemd will now verify
+ the access mode of these files, and warn about certain
+ suspicious combinations. This has been added to make it
+ easier to track down packaging bugs where unit files are
+ marked executable or world-writable.
+
+ * systemd-nspawn gained a new "--setenv=" switch to set
+ container-wide environment variables. The similar option in
+ systemd-activate was renamed from "--environment=" to
+ "--setenv=" for consistency.
+
+ * systemd-nspawn has been updated to create a new kdbus domain
+ for each container that is invoked, thus allowing each
+ container to have its own set of system and user buses,
+ independent of the host.
+
+ * systemd-nspawn gained a new --drop-capability= switch to run
+ the container with less capabilities than the default. Both
+ --drop-capability= and --capability= now take the special
+ string "all" for dropping or keeping all capabilities.
+
+ * systemd-nspawn gained new switches for executing containers
+ with specific SELinux labels set.
+
+ * systemd-nspawn gained a new --quiet switch to not generate
+ any additional output but the container's own console
+ output.
+
+ * systemd-nspawn gained a new --share-system switch to run a
+ container without PID namespacing enabled.
+
+ * systemd-nspawn gained a new --register= switch to control
+ whether the container is registered with systemd-machined or
+ not. This is useful for containers that do not run full
+ OS images, but only specific apps.
+
+ * systemd-nspawn gained a new --keep-unit which may be used
+ when invoked as the only program from a service unit, and
+ results in registration of the unit service itself in
+ systemd-machined, instead of a newly opened scope unit.
+
+ * systemd-nspawn gained a new --network-interface= switch for
+ moving arbitrary interfaces to the container. The new
+ --network-veth switch creates a virtual Ethernet connection
+ between host and container. The new --network-bridge=
+ switch then allows assigning the host side of this virtual
+ Ethernet connection to a bridge device.
+
+ * systemd-nspawn gained a new --personality= switch for
+ setting the kernel personality for the container. This is
+ useful when running a 32bit container on a 64bit host. A
+ similar option Personality= is now also available in service
+ units.
+
+ * logind will now also track a "Desktop" identifier for each
+ session which encodes the desktop environment of it. This is
+ useful for desktop environments that want to identify
+ multiple running sessions of itself easily.
+
+ * A new SELinuxContext= setting for service units has been
+ added that allows setting a specific SELinux execution
+ context for a service.
+
+ * Most systemd client tools will now honour $SYSTEMD_LESS for
+ settings of the "less" pager. By default, these tools will
+ override $LESS to allow certain operations to work, such as
+ jump-to-the-end. With $SYSTEMD_LESS, it is possible to
+ influence this logic.
+
+ * systemd's "seccomp" hook-up has been changed to make use of
+ the libseccomp library instead of using its own
+ implementation. This has benefits for portability among
+ other things.
+
+ * For usage together with SystemCallFilter=, a new
+ SystemCallErrorNumber= setting has been introduced that
+ allows configuration of a system error number to return on
+ filtered system calls, instead of immediately killing the
+ process. Also, SystemCallArchitectures= has been added to
+ limit access to system calls of a particular architecture
+ (in order to turn off support for unused secondary
+ architectures). There is also a global
+ SystemCallArchitectures= setting in system.conf now to turn
+ off support for non-native system calls system-wide.
+
+ * systemd requires a kernel with a working name_to_handle_at(),
+ please see the kernel config requirements in the README file.
+
+ Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
+ Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
+ Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
+ Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
+ David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
+ Elia Pinto, Florian Weimer, George McCollister, Goffredo
+ Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
+ Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
+ Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
+ Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
+ Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
+ Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
+ Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
+ Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
+ Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
+ Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
+ Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
+ Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
+ Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
+ Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
+ Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
+ Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
+ Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2014-02-20
+
+CHANGES WITH 208:
+
+ * logind has gained support for facilitating privileged input
+ and drm device access for unprivileged clients. This work is
+ useful to allow Wayland display servers (and similar
+ programs, such as kmscon) to run under the user's ID and
+ access input and drm devices which are normally
+ protected. When this is used (and the kernel is new enough)
+ logind will "mute" IO on the file descriptors passed to
+ Wayland as long as it is in the background and "unmute" it
+ if it returns into the foreground. This allows secure
+ session switching without allowing background sessions to
+ eavesdrop on input and display data. This also introduces
+ session switching support if VT support is turned off in the
+ kernel, and on seats that are not seat0.
+
+ * A new kernel command line option luks.options= is understood
+ now which allows specifiying LUKS options for usage for LUKS
+ encrypted partitions specified with luks.uuid=.
+
+ * tmpfiles.d(5) snippets may now use specifier expansion in
+ path names. More specifically %m, %b, %H, %v, are now
+ replaced by the local machine id, boot id, hostname, and
+ kernel version number.
+
+ * A new tmpfiles.d(5) command "m" has been introduced which
+ may be used to change the owner/group/access mode of a file
+ or directory if it exists, but do nothing if it doesn't.
+
+ * This release removes high-level support for the
+ MemorySoftLimit= cgroup setting. The underlying kernel
+ cgroup attribute memory.soft_limit= is currently badly
+ designed and likely to be removed from the kernel API in its
+ current form, hence we shouldn't expose it for now.
+
+ * The memory.use_hierarchy cgroup attribute is now enabled for
+ all cgroups systemd creates in the memory cgroup
+ hierarchy. This option is likely to be come the built-in
+ default in the kernel anyway, and the non-hierarchial mode
+ never made much sense in the intrinsically hierarchial
+ cgroup system.
+
+ * A new field _SYSTEMD_SLICE= is logged along with all journal
+ messages containing the slice a message was generated
+ from. This is useful to allow easy per-customer filtering of
+ logs among other things.
+
+ * systemd-journald will no longer adjust the group of journal
+ files it creates to the "systemd-journal" group. Instead we
+ rely on the journal directory to be owned by the
+ "systemd-journal" group, and its setgid bit set, so that the
+ kernel file system layer will automatically enforce that
+ journal files inherit this group assignment. The reason for
+ this change is that we cannot allow NSS look-ups from
+ journald which would be necessary to resolve
+ "systemd-journal" to a numeric GID, because this might
+ create deadlocks if NSS involves synchronous queries to
+ other daemons (such as nscd, or sssd) which in turn are
+ logging clients of journald and might block on it, which
+ would then dead lock. A tmpfiles.d(5) snippet included in
+ systemd will make sure the setgid bit and group are
+ properly set on the journal directory if it exists on every
+ boot. However, we recommend adjusting it manually after
+ upgrades too (or from RPM scriptlets), so that the change is
+ not delayed until next reboot.
+
+ * Backlight and random seed files in /var/lib/ have moved into
+ the /var/lib/systemd/ directory, in order to centralize all
+ systemd generated files in one directory.
+
+ * Boot time performance measurements (as displayed by
+ "systemd-analyze" for example) will now read ACPI 5.0 FPDT
+ performance information if that's available to determine how
+ much time BIOS and boot loader initialization required. With
+ a sufficiently new BIOS you hence no longer need to boot
+ with Gummiboot to get access to such information.
+
+ Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
+ Cristian Rodríguez, Dave Reisner, David Herrmann, David
+ Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
+ feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
+ Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
+ Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-10-02
+
+CHANGES WITH 207:
+
+ * The Restart= option for services now understands a new
+ on-watchdog setting, which will restart the service
+ automatically if the service stops sending out watchdog keep
+ alive messages (as configured with WatchdogSec=).
+
+ * The getty generator (which is responsible for bringing up a
+ getty on configured serial consoles) will no longer only
+ start a getty on the primary kernel console but on all
+ others, too. This makes the order in which console= is
+ specified on the kernel command line less important.
+
+ * libsystemd-logind gained a new sd_session_get_vt() call to
+ retrieve the VT number of a session.
+
+ * If the option "tries=0" is set for an entry of /etc/crypttab
+ its passphrase is queried indefinitely instead of any
+ maximum number of tries.
+
+ * If a service with a configure PID file terminates its PID
+ file will now be removed automatically if it still exists
+ afterwards. This should put an end to stale PID files.
+
+ * systemd-run will now also take relative binary path names
+ for execution and no longer insists on absolute paths.
+
+ * InaccessibleDirectories= and ReadOnlyDirectories= now take
+ paths that are optionally prefixed with "-" to indicate that
+ it should not be considered a failure if they don't exist.
+
+ * journalctl -o (and similar commands) now understands a new
+ output mode "short-precise", it is similar to "short" but
+ shows timestamps with usec accuracy.
+
+ * The option "discard" (as known from Debian) is now
+ synonymous to "allow-discards" in /etc/crypttab. In fact,
+ "discard" is preferred now (since it is easier to remember
+ and type).
+
+ * Some licensing clean-ups were made, so that more code is now
+ LGPL-2.1 licensed than before.
+
+ * A minimal tool to save/restore the display backlight
+ brightness across reboots has been added. It will store the
+ backlight setting as late as possible at shutdown, and
+ restore it as early as possible during reboot.
+
+ * A logic to automatically discover and enable home and swap
+ partitions on GPT disks has been added. With this in place
+ /etc/fstab becomes optional for many setups as systemd can
+ discover certain partitions located on the root disk
+ automatically. Home partitions are recognized under their
+ GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
+ partitions are recognized under their GPT type ID
+ 0657fd6da4ab43c484e50933c84b4f4f.
+
+ * systemd will no longer pass any environment from the kernel
+ or initrd to system services. If you want to set an
+ environment for all services, do so via the kernel command
+ line systemd.setenv= assignment.
+
+ * The systemd-sysctl tool no longer natively reads the file
+ /etc/sysctl.conf. If desired, the file should be symlinked
+ from /etc/sysctl.d/99-sysctl.conf. Apart from providing
+ legacy support by a symlink rather than built-in code, it
+ also makes the otherwise hidden order of application of the
+ different files visible. (Note that this partly reverts to a
+ pre-198 application order of sysctl knobs!)
+
+ * The "systemctl set-log-level" and "systemctl dump" commands
+ have been moved to systemd-analyze.
+
+ * systemd-run learned the new --remain-after-exit switch,
+ which causes the scope unit not to be cleaned up
+ automatically after the process terminated.
+
+ * tmpfiles learned a new --exclude-prefix= switch to exclude
+ certain paths from operation.
+
+ * journald will now automatically flush all messages to disk
+ as soon as a message of the log priorities CRIT, ALERT or
+ EMERG is received.
+
+ Contributions from: Andrew Cook, Brandon Philips, Christian
+ Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
+ Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
+ McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
+ Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
+ Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
+ Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
+ Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
+ Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
+ Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
+ Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
+ Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
+ William Giokas, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-09-13
+
+CHANGES WITH 206:
+
+ * The documentation has been updated to cover the various new
+ concepts introduced with 205.
+
+ * Unit files now understand the new %v specifier which
+ resolves to the kernel version string as returned by "uname
+ -r".
+
+ * systemctl now supports filtering the unit list output by
+ load state, active state and sub state, using the new
+ --state= parameter.
+
+ * "systemctl status" will now show the results of the
+ condition checks (like ConditionPathExists= and similar) of
+ the last start attempts of the unit. They are also logged to
+ the journal.
+
+ * "journalctl -b" may now be used to look for boot output of a
+ specific boot. Try "journalctl -b -1" for the previous boot,
+ but the syntax is substantially more powerful.
+
+ * "journalctl --show-cursor" has been added which prints the
+ cursor string the last shown log line. This may then be used
+ with the new "journalctl --after-cursor=" switch to continue
+ browsing logs from that point on.
+
+ * "journalctl --force" may now be used to force regeneration
+ of an FSS key.
+
+ * Creation of "dead" device nodes has been moved from udev
+ into kmod and tmpfiles. Previously, udev would read the kmod
+ databases to pre-generate dead device nodes based on meta
+ information contained in kernel modules, so that these would
+ be auto-loaded on access rather then at boot. As this
+ doesn't really have much to do with the exposing actual
+ kernel devices to userspace this has always been slightly
+ alien in the udev codebase. Following the new scheme kmod
+ will now generate a runtime snippet for tmpfiles from the
+ module meta information and it now is tmpfiles' job to the
+ create the nodes. This also allows overriding access and
+ other parameters for the nodes using the usual tmpfiles
+ facilities. As side effect this allows us to remove the
+ CAP_SYS_MKNOD capability bit from udevd entirely.
+
+ * logind's device ACLs may now be applied to these "dead"
+ devices nodes too, thus finally allowing managed access to
+ devices such as /dev/snd/sequencer whithout loading the
+ backing module right-away.
+
+ * A new RPM macro has been added that may be used to apply
+ tmpfiles configuration during package installation.
+
+ * systemd-detect-virt and ConditionVirtualization= now can
+ detect User-Mode-Linux machines (UML).
+
+ * journald will now implicitly log the effective capabilities
+ set of processes in the message metadata.
+
+ * systemd-cryptsetup has gained support for TrueCrypt volumes.
+
+ * The initrd interface has been simplified (more specifically,
+ support for passing performance data via environment
+ variables and fsck results via files in /run has been
+ removed). These features were non-essential, and are
+ nowadays available in a much nicer way by having systemd in
+ the initrd serialize its state and have the hosts systemd
+ deserialize it again.
+
+ * The udev "keymap" data files and tools to apply keyboard
+ specific mappings of scan to key codes, and force-release
+ scan code lists have been entirely replaced by a udev
+ "keyboard" builtin and a hwdb data file.
+
+ * systemd will now honour the kernel's "quiet" command line
+ argument also during late shutdown, resulting in a
+ completely silent shutdown when used.
+
+ * There's now an option to control the SO_REUSEPORT socket
+ option in .socket units.
+
+ * Instance units will now automatically get a per-template
+ subslice of system.slice unless something else is explicitly
+ configured. For example, instances of sshd@.service will now
+ implicitly be placed in system-sshd.slice rather than
+ system.slice as before.
+
+ * Test coverage support may now be enabled at build time.
+
+ Contributions from: Dave Reisner, Frederic Crozat, Harald
+ Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
+ Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
+ Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
+ Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
+ Giokas, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-07-23
+
+CHANGES WITH 205:
+
+ * Two new unit types have been introduced:
+
+ Scope units are very similar to service units, however, are
+ created out of pre-existing processes -- instead of PID 1
+ forking off the processes. By using scope units it is
+ possible for system services and applications to group their
+ own child processes (worker processes) in a powerful way
+ which then maybe used to organize them, or kill them
+ together, or apply resource limits on them.
+
+ Slice units may be used to partition system resources in an
+ hierarchial fashion and then assign other units to them. By
+ default there are now three slices: system.slice (for all
+ system services), user.slice (for all user sessions),
+ machine.slice (for VMs and containers).
+
+ Slices and scopes have been introduced primarily in
+ context of the work to move cgroup handling to a
+ single-writer scheme, where only PID 1
+ creates/removes/manages cgroups.
+
+ * There's a new concept of "transient" units. In contrast to
+ normal units these units are created via an API at runtime,
+ not from configuration from disk. More specifically this
+ means it is now possible to run arbitrary programs as
+ independent services, with all execution parameters passed
+ in via bus APIs rather than read from disk. Transient units
+ make systemd substantially more dynamic then it ever was,
+ and useful as a general batch manager.
+
+ * logind has been updated to make use of scope and slice units
+ for managing user sessions. As a user logs in he will get
+ his own private slice unit, to which all sessions are added
+ as scope units. We also added support for automatically
+ adding an instance of user@.service for the user into the
+ slice. Effectively logind will no longer create cgroup
+ hierarchies on its own now, it will defer entirely to PID 1
+ for this by means of scope, service and slice units. Since
+ user sessions this way become entities managed by PID 1
+ the output of "systemctl" is now a lot more comprehensive.
+
+ * A new mini-daemon "systemd-machined" has been added which
+ may be used by virtualization managers to register local
+ VMs/containers. nspawn has been updated accordingly, and
+ libvirt will be updated shortly. machined will collect a bit
+ of meta information about the VMs/containers, and assign
+ them their own scope unit (see above). The collected
+ meta-data is then made available via the "machinectl" tool,
+ and exposed in "ps" and similar tools. machined/machinectl
+ is compile-time optional.
+
+ * As discussed earlier, the low-level cgroup configuration
+ options ControlGroup=, ControlGroupModify=,
+ ControlGroupPersistent=, ControlGroupAttribute= have been
+ removed. Please use high-level attribute settings instead as
+ well as slice units.
+
+ * A new bus call SetUnitProperties() has been added to alter
+ various runtime parameters of a unit. This is primarily
+ useful to alter cgroup parameters dynamically in a nice way,
+ but will be extended later on to make more properties
+ modifiable at runtime. systemctl gained a new set-properties
+ command that wraps this call.
+
+ * A new tool "systemd-run" has been added which can be used to
+ run arbitrary command lines as transient services or scopes,
+ while configuring a number of settings via the command
+ line. This tool is currently very basic, however already
+ very useful. We plan to extend this tool to even allow
+ queuing of execution jobs with time triggers from the
+ command line, similar in fashion to "at".
+
+ * nspawn will now inform the user explicitly that kernels with
+ audit enabled break containers, and suggest the user to turn
+ off audit.
+
+ * Support for detecting the IMA and AppArmor security
+ frameworks with ConditionSecurity= has been added.
+
+ * journalctl gained a new "-k" switch for showing only kernel
+ messages, mimicking dmesg output; in addition to "--user"
+ and "--system" switches for showing only user's own logs
+ and system logs.
+
+ * systemd-delta can now show information about drop-in
+ snippets extending unit files.
+
+ * libsystemd-bus has been substantially updated but is still
+ not available as public API.
+
+ * systemd will now look for the "debug" argument on the kernel
+ command line and enable debug logging, similar to
+ "systemd.log_level=debug" already did before.
+
+ * "systemctl set-default", "systemctl get-default" has been
+ added to configure the default.target symlink, which
+ controls what to boot into by default.
+
+ * "systemctl set-log-level" has been added as a convenient
+ way to raise and lower systemd logging threshold.
+
+ * "systemd-analyze plot" will now show the time the various
+ generators needed for execution, as well as information
+ about the unit file loading.
+
+ * libsystemd-journal gained a new sd_journal_open_files() call
+ for opening specific journal files. journactl also gained a
+ new switch to expose this new functionality. Previously we
+ only supported opening all files from a directory, or all
+ files from the system, as opening individual files only is
+ racy due to journal file rotation.
+
+ * systemd gained the new DefaultEnvironment= setting in
+ /etc/systemd/system.conf to set environment variables for
+ all services.
+
+ * If a privileged process logs a journal message with the
+ OBJECT_PID= field set, then journald will automatically
+ augment this with additional OBJECT_UID=, OBJECT_GID=,
+ OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+ system services want to log events about specific client
+ processes. journactl/systemctl has been updated to make use
+ of this information if all log messages regarding a specific
+ unit is requested.
+
+ Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
+ Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
+ Reisner, David Coppa, David King, David Strauss, Eelco
+ Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
+ Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
+ Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
+ Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
+ Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
+ Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
+ Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
+ Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
+ Łukasz Stelmach, 장동준
+
+CHANGES WITH 204:
+
+ * The Python bindings gained some minimal support for the APIs
+ exposed by libsystemd-logind.
+
+ * ConditionSecurity= gained support for detecting SMACK. Since
+ this condition already supports SELinux and AppArmor we only
+ miss IMA for this. Patches welcome!
+
+ Contributions from: Karol Lewandowski, Lennart Poettering,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 203:
+
+ * systemd-nspawn will now create /etc/resolv.conf if
+ necessary, before bind-mounting the host's file onto it.
+
+ * systemd-nspawn will now store meta information about a
+ container on the container's cgroup as extended attribute
+ fields, including the root directory.
+
+ * The cgroup hierarchy has been reworked in many ways. All
+ objects any of the components systemd creates in the cgroup
+ tree are now suffixed. More specifically, user sessions are
+ now placed in cgroups suffixed with ".session", users in
+ cgroups suffixed with ".user", and nspawn containers in
+ cgroups suffixed with ".nspawn". Furthermore, all cgroup
+ names are now escaped in a simple scheme to avoid collision
+ of userspace object names with kernel filenames. This work
+ is preparation for making these objects relocatable in the
+ cgroup tree, in order to allow easy resource partitioning of
+ these objects without causing naming conflicts.
+
+ * systemctl list-dependencies gained the new switches
+ --plain, --reverse, --after and --before.
+
+ * systemd-inhibit now shows the process name of processes that
+ have taken an inhibitor lock.
+
+ * nss-myhostname will now also resolve "localhost"
+ implicitly. This makes /etc/hosts an optional file and
+ nicely handles that on IPv6 ::1 maps to both "localhost" and
+ the local hostname.
+
+ * libsystemd-logind.so gained a new call
+ sd_get_machine_names() to enumerate running containers and
+ VMs (currently only supported by very new libvirt and
+ nspawn). sd_login_monitor can now be used to watch
+ VMs/containers coming and going.
+
+ * .include is not allowed recursively anymore, and only in
+ unit files. Usually it is better to use drop-in snippets in
+ .d/*.conf anyway, as introduced with systemd 198.
+
+ * systemd-analyze gained a new "critical-chain" command that
+ determines the slowest chain of units run during system
+ boot-up. It is very useful for tracking down where
+ optimizing boot time is the most beneficial.
+
+ * systemd will no longer allow manipulating service paths in
+ the name=systemd:/system cgroup tree using ControlGroup= in
+ units. (But is still fine with it in all other dirs.)
+
+ * There's a new systemd-nspawn@.service service file that may
+ be used to easily run nspawn containers as system
+ services. With the container's root directory in
+ /var/lib/container/foobar it is now sufficient to run
+ "systemctl start systemd-nspawn@foobar.service" to boot it.
+
+ * systemd-cgls gained a new parameter "--machine" to list only
+ the processes within a certain container.
+
+ * ConditionSecurity= now can check for "apparmor". We still
+ are lacking checks for SMACK and IMA for this condition
+ check though. Patches welcome!
+
+ * A new configuration file /etc/systemd/sleep.conf has been
+ added that may be used to configure which kernel operation
+ systemd is supposed to execute when "suspend", "hibernate"
+ or "hybrid-sleep" is requested. This makes the new kernel
+ "freeze" state accessible to the user.
+
+ * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
+ the passed argument if applicable.
+
+ Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
+ Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
+ MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
+ Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
+ Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
+ Jędrzejewski-Szmek
+
+CHANGES WITH 202:
+
+ * The output of 'systemctl list-jobs' got some polishing. The
+ '--type=' argument may now be passed more than once. A new
+ command 'systemctl list-sockets' has been added which shows
+ a list of kernel sockets systemd is listening on with the
+ socket units they belong to, plus the units these socket
+ units activate.
+
+ * The experimental libsystemd-bus library got substantial
+ updates to work in conjunction with the (also experimental)
+ kdbus kernel project. It works well enough to exchange
+ messages with some sophistication. Note that kdbus is not
+ ready yet, and the library is mostly an elaborate test case
+ for now, and not installable.
+
+ * systemd gained a new unit 'systemd-static-nodes.service'
+ that generates static device nodes earlier during boot, and
+ can run in conjunction with udev.
+
+ * libsystemd-login gained a new call sd_pid_get_user_unit()
+ to retrieve the user systemd unit a process is running
+ in. This is useful for systems where systemd is used as
+ session manager.
+
+ * systemd-nspawn now places all containers in the new /machine
+ top-level cgroup directory in the name=systemd
+ hierarchy. libvirt will soon do the same, so that we get a
+ uniform separation of /system, /user and /machine for system
+ services, user processes and containers/virtual
+ machines. This new cgroup hierarchy is also useful to stick
+ stable names to specific container instances, which can be
+ recognized later this way (this name may be controlled
+ via systemd-nspawn's new -M switch). libsystemd-login also
+ gained a new call sd_pid_get_machine_name() to retrieve the
+ name of the container/VM a specific process belongs to.
+
+ * bootchart can now store its data in the journal.
+
+ * libsystemd-journal gained a new call
+ sd_journal_add_conjunction() for AND expressions to the
+ matching logic. This can be used to express more complex
+ logical expressions.
+
+ * journactl can now take multiple --unit= and --user-unit=
+ switches.
+
+ * The cryptsetup logic now understands the "luks.key=" kernel
+ command line switch for specifying a file to read the
+ decryption key from. Also, if a configured key file is not
+ found the tool will now automatically fall back to prompting
+ the user.
+
+ * Python systemd.journal module was updated to wrap recently
+ added functions from libsystemd-journal. The interface was
+ changed to bring the low level interface in s.j._Reader
+ closer to the C API, and the high level interface in
+ s.j.Reader was updated to wrap and convert all data about
+ an entry.
+
+ Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
+ Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
+ Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
+ Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
+ Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 201:
+
+ * journalctl --update-catalog now understands a new --root=
+ option to operate on catalogs found in a different root
+ directory.
+
+ * During shutdown after systemd has terminated all running
+ services a final killing loop kills all remaining left-over
+ processes. We will now print the name of these processes
+ when we send SIGKILL to them, since this usually indicates a
+ problem.
+
+ * If /etc/crypttab refers to password files stored on
+ configured mount points automatic dependencies will now be
+ generated to ensure the specific mount is established first
+ before the key file is attempted to be read.
+
+ * 'systemctl status' will now show information about the
+ network sockets a socket unit is listening on.
+
+ * 'systemctl status' will also shown information about any
+ drop-in configuration file for units. (Drop-In configuration
+ files in this context are files such as
+ /etc/systemd/systemd/foobar.service.d/*.conf)
+
+ * systemd-cgtop now optionally shows summed up CPU times of
+ cgroups. Press '%' while running cgtop to switch between
+ percentage and absolute mode. This is useful to determine
+ which cgroups use up the most CPU time over the entire
+ runtime of the system. systemd-cgtop has also been updated
+ to be 'pipeable' for processing with further shell tools.
+
+ * 'hostnamectl set-hostname' will now allow setting of FQDN
+ hostnames.
+
+ * The formatting and parsing of time span values has been
+ changed. The parser now understands fractional expressions
+ such as "5.5h". The formatter will now output fractional
+ expressions for all time spans under 1min, i.e. "5.123456s"
+ rather than "5s 123ms 456us". For time spans under 1s
+ millisecond values are shown, for those under 1ms
+ microsecond values are shown. This should greatly improve
+ all time-related output of systemd.
+
+ * libsystemd-login and libsystemd-journal gained new
+ functions for querying the poll() events mask and poll()
+ timeout value for integration into arbitrary event
+ loops.
+
+ * localectl gained the ability to list available X11 keymaps
+ (models, layouts, variants, options).
+
+ * 'systemd-analyze dot' gained the ability to filter for
+ specific units via shell-style globs, to create smaller,
+ more useful graphs. I.e. it's now possible to create simple
+ graphs of all the dependencies between only target units, or
+ of all units that Avahi has dependencies with.
+
+ Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
+ Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
+ Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
+ Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
+ Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
+ Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
+ Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
+
+CHANGES WITH 200:
+
+ * The boot-time readahead implementation for rotating media
+ will now read the read-ahead data in multiple passes which
+ consist of all read requests made in equidistant time
+ intervals. This means instead of strictly reading read-ahead
+ data in its physical order on disk we now try to find a
+ middle ground between physical and access time order.
+
+ * /etc/os-release files gained a new BUILD_ID= field for usage
+ on operating systems that provide continuous builds of OS
+ images.
+
+ Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
+ Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
+ William Douglas, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 199:
+
+ * systemd-python gained an API exposing libsystemd-daemon.
+
+ * The SMACK setup logic gained support for uploading CIPSO
+ security policy.
+
+ * Behaviour of PrivateTmp=, ReadWriteDirectories=,
+ ReadOnlyDirectories= and InaccessibleDirectories= has
+ changed. The private /tmp and /var/tmp directories are now
+ shared by all processes of a service (which means
+ ExecStartPre= may now leave data in /tmp that ExecStart= of
+ the same service can still access). When a service is
+ stopped its temporary directories are immediately deleted
+ (normal clean-up with tmpfiles is still done in addition to
+ this though).
+
+ * By default, systemd will now set a couple of sysctl
+ variables in the kernel: the safe sysrq options are turned
+ on, IP route verification is turned on, and source routing
+ disabled. The recently added hardlink and softlink
+ protection of the kernel is turned on. These settings should
+ be reasonably safe, and good defaults for all new systems.
+
+ * The predictable network naming logic may now be turned off
+ with a new kernel command line switch: net.ifnames=0.
+
+ * A new libsystemd-bus module has been added that implements a
+ pretty complete D-Bus client library. For details see:
+
+ http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
+
+ * journald will now explicitly flush the journal files to disk
+ at the latest 5min after each write. The file will then also
+ be marked offline until the next write. This should increase
+ reliability in case of a crash. The synchronization delay
+ can be configured via SyncIntervalSec= in journald.conf.
+
+ * There's a new remote-fs-setup.target unit that can be used
+ to pull in specific services when at least one remote file
+ system is to be mounted.
+
+ * There are new targets timers.target and paths.target as
+ canonical targets to pull user timer and path units in
+ from. This complements sockets.target with a similar
+ purpose for socket units.
+
+ * libudev gained a new call udev_device_set_attribute_value()
+ to set sysfs attributes of a device.
+
+ * The udev daemon now sets the default number of worker
+ processes executed in parallel based on the number of available
+ CPUs instead of the amount of available RAM. This is supposed
+ to provide a more reliable default and limit a too aggressive
+ paralellism for setups with 1000s of devices connected.
+
+ Contributions from: Auke Kok, Colin Walters, Cristian
+ Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
+ Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
+ Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
+ Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
+ Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
+ Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
+ Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 198:
+
+ * Configuration of unit files may now be extended via drop-in
+ files without having to edit/override the unit files
+ themselves. More specifically, if the administrator wants to
+ change one value for a service file foobar.service he can
+ now do so by dropping in a configuration snippet into
+ /etc/systemd/system/foobar.service.d/*.conf. The unit logic
+ will load all these snippets and apply them on top of the
+ main unit configuration file, possibly extending or
+ overriding its settings. Using these drop-in snippets is
+ generally nicer than the two earlier options for changing
+ unit files locally: copying the files from
+ /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
+ them there; or creating a new file in /etc/systemd/system/
+ that incorporates the original one via ".include". Drop-in
+ snippets into these .d/ directories can be placed in any
+ directory systemd looks for units in, and the usual
+ overriding semantics between /usr/lib, /etc and /run apply
+ for them too.
+
+ * Most unit file settings which take lists of items can now be
+ reset by assigning the empty string to them. For example,
+ normally, settings such as Environment=FOO=BAR append a new
+ environment variable assignment to the environment block,
+ each time they are used. By assigning Environment= the empty
+ string the environment block can be reset to empty. This is
+ particularly useful with the .d/*.conf drop-in snippets
+ mentioned above, since this adds the ability to reset list
+ settings from vendor unit files via these drop-ins.
+
+ * systemctl gained a new "list-dependencies" command for
+ listing the dependencies of a unit recursively.
+
+ * Inhibitors are now honored and listed by "systemctl
+ suspend", "systemctl poweroff" (and similar) too, not only
+ GNOME. These commands will also list active sessions by
+ other users.
+
+ * Resource limits (as exposed by the various control group
+ controllers) can now be controlled dynamically at runtime
+ for all units. More specifically, you can now use a command
+ like "systemctl set-cgroup-attr foobar.service cpu.shares
+ 2000" to alter the CPU shares a specific service gets. These
+ settings are stored persistently on disk, and thus allow the
+ administrator to easily adjust the resource usage of
+ services with a few simple commands. This dynamic resource
+ management logic is also available to other programs via the
+ bus. Almost any kernel cgroup attribute and controller is
+ supported.
+
+ * systemd-vconsole-setup will now copy all font settings to
+ all allocated VTs, where it previously applied them only to
+ the foreground VT.
+
+ * libsystemd-login gained the new sd_session_get_tty() API
+ call.
+
+ * This release drops support for a few legacy or
+ distribution-specific LSB facility names when parsing init
+ scripts: $x-display-manager, $mail-transfer-agent,
+ $mail-transport-agent, $mail-transfer-agent, $smtp,
+ $null. Also, the mail-transfer-agent.target unit backing
+ this has been removed. Distributions which want to retain
+ compatibility with this should carry the burden for
+ supporting this themselves and patch support for these back
+ in, if they really need to. Also, the facilities $syslog and
+ $local_fs are now ignored, since systemd does not support
+ early-boot LSB init scripts anymore, and these facilities
+ are implied anyway for normal services. syslog.target has
+ also been removed.
+
+ * There are new bus calls on PID1's Manager object for
+ cancelling jobs, and removing snapshot units. Previously,
+ both calls were only available on the Job and Snapshot
+ objects themselves.
+
+ * systemd-journal-gatewayd gained SSL support.
+
+ * The various "environment" files, such as /etc/locale.conf
+ now support continuation lines with a backslash ("\") as
+ last character in the line, similar in style (but different)
+ to how this is supported in shells.
+
+ * For normal user processes the _SYSTEMD_USER_UNIT= field is
+ now implicitly appended to every log entry logged. systemctl
+ has been updated to filter by this field when operating on a
+ user systemd instance.
+
+ * nspawn will now implicitly add the CAP_AUDIT_WRITE and
+ CAP_AUDIT_CONTROL capabilities to the capabilities set for
+ the container. This makes it easier to boot unmodified
+ Fedora systems in a container, which however still requires
+ audit=0 to be passed on the kernel command line. Auditing in
+ kernel and userspace is unfortunately still too broken in
+ context of containers, hence we recommend compiling it out
+ of the kernel or using audit=0. Hopefully this will be fixed
+ one day for good in the kernel.
+
+ * nspawn gained the new --bind= and --bind-ro= parameters to
+ bind mount specific directories from the host into the
+ container.
+
+ * nspawn will now mount its own devpts file system instance
+ into the container, in order not to leak pty devices from
+ the host into the container.
+
+ * systemd will now read the firmware boot time performance
+ information from the EFI variables, if the used boot loader
+ supports this, and takes it into account for boot performance
+ analysis via "systemd-analyze". This is currently supported
+ only in conjunction with Gummiboot, but could be supported
+ by other boot loaders too. For details see:
+
+ http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
+
+ * A new generator has been added that automatically mounts the
+ EFI System Partition (ESP) to /boot, if that directory
+ exists, is empty, and no other file system has been
+ configured to be mounted there.
+
+ * logind will now send out PrepareForSleep(false) out
+ unconditionally, after coming back from suspend. This may be
+ used by applications as asynchronous notification for
+ system resume events.
+
+ * "systemctl unlock-sessions" has been added, that allows
+ unlocking the screens of all user sessions at once, similar
+ how "systemctl lock-sessions" already locked all users
+ sessions. This is backed by a new D-Bus call UnlockSessions().
+
+ * "loginctl seat-status" will now show the master device of a
+ seat. (i.e. the device of a seat that needs to be around for
+ the seat to be considered available, usually the graphics
+ card).
+
+ * tmpfiles gained a new "X" line type, that allows
+ configuration of files and directories (with wildcards) that
+ shall be excluded from automatic cleanup ("aging").
+
+ * udev default rules set the device node permissions now only
+ at "add" events, and do not change them any longer with a
+ later "change" event.
+
+ * The log messages for lid events and power/sleep keypresses
+ now carry a message ID.
+
+ * We now have a substantially larger unit test suite, but this
+ continues to be work in progress.
+
+ * udevadm hwdb gained a new --root= parameter to change the
+ root directory to operate relative to.
+
+ * logind will now issue a background sync() request to the kernel
+ early at shutdown, so that dirty buffers are flushed to disk early
+ instead of at the last moment, in order to optimize shutdown
+ times a little.
+
+ * A new bootctl tool has been added that is an interface for
+ certain boot loader operations. This is currently a preview
+ and is likely to be extended into a small mechanism daemon
+ like timedated, localed, hostnamed, and can be used by
+ graphical UIs to enumerate available boot options, and
+ request boot into firmware operations.
+
+ * systemd-bootchart has been relicensed to LGPLv2.1+ to match
+ the rest of the package. It also has been updated to work
+ correctly in initrds.
+
+ * Policykit previously has been runtime optional, and is now
+ also compile time optional via a configure switch.
+
+ * systemd-analyze has been reimplemented in C. Also "systemctl
+ dot" has moved into systemd-analyze.
+
+ * "systemctl status" with no further parameters will now print
+ the status of all active or failed units.
+
+ * Operations such as "systemctl start" can now be executed
+ with a new mode "--irreversible" which may be used to queue
+ operations that cannot accidentally be reversed by a later
+ job queuing. This is by default used to make shutdown
+ requests more robust.
+
+ * The Python API of systemd now gained a new module for
+ reading journal files.
+
+ * A new tool kernel-install has been added that can install
+ kernel images according to the Boot Loader Specification:
+
+ http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
+
+ * Boot time console output has been improved to provide
+ animated boot time output for hanging jobs.
+
+ * A new tool systemd-activate has been added which can be used
+ to test socket activation with, directly from the command
+ line. This should make it much easier to test and debug
+ socket activation in daemons.
+
+ * journalctl gained a new "--reverse" (or -r) option to show
+ journal output in reverse order (i.e. newest line first).
+
+ * journalctl gained a new "--pager-end" (or -e) option to jump
+ to immediately jump to the end of the journal in the
+ pager. This is only supported in conjunction with "less".
+
+ * journalctl gained a new "--user-unit=" option, that works
+ similar to "--unit=" but filters for user units rather than
+ system units.
+
+ * A number of unit files to ease adoption of systemd in
+ initrds has been added. This moves some minimal logic from
+ the various initrd implementations into systemd proper.
+
+ * The journal files are now owned by a new group
+ "systemd-journal", which exists specifically to allow access
+ to the journal, and nothing else. Previously, we used the
+ "adm" group for that, which however possibly covers more
+ than just journal/log file access. This new group is now
+ already used by systemd-journal-gatewayd to ensure this
+ daemon gets access to the journal files and as little else
+ as possible. Note that "make install" will also set FS ACLs
+ up for /var/log/journal to give "adm" and "wheel" read
+ access to it, in addition to "systemd-journal" which owns
+ the journal files. We recommend that packaging scripts also
+ add read access to "adm" + "wheel" to /var/log/journal, and
+ all existing/future journal files. To normal users and
+ administrators little changes, however packagers need to
+ ensure to create the "systemd-journal" system group at
+ package installation time.
+
+ * The systemd-journal-gatewayd now runs as unprivileged user
+ systemd-journal-gateway:systemd-journal-gateway. Packaging
+ scripts need to create these system user/group at
+ installation time.
+
+ * timedated now exposes a new boolean property CanNTP that
+ indicates whether a local NTP service is available or not.
+
+ * systemd-detect-virt will now also detect xen PVs
+
+ * The pstore file system is now mounted by default, if it is
+ available.
+
+ * In addition to the SELinux and IMA policies we will now also
+ load SMACK policies at early boot.
+
+ Contributions from: Adel Gadllah, Aleksander Morgado, Auke
+ Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
+ Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
+ Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
+ Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
+ Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
+ Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
+ Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
+ Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
+ Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
+ Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
+ Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
+ Gundersen, Umut Tezduyar, William Giokas, Zbigniew
+ Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
+
+CHANGES WITH 197:
+
+ * Timer units now support calendar time events in addition to
+ monotonic time events. That means you can now trigger a unit
+ based on a calendar time specification such as "Thu,Fri
+ 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
+ or fifth day of any month of the year 2013, given that it is
+ a thursday or friday. This brings timer event support
+ considerably closer to cron's capabilities. For details on
+ the supported calendar time specification language see
+ systemd.time(7).
+
+ * udev now supports a number of different naming policies for
+ network interfaces for predictable names, and a combination
+ of these policies is now the default. Please see this wiki
+ document for details:
+
+ http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
+
+ * Auke Kok's bootchart implementation has been added to the
+ systemd tree. It's an optional component that can graph the
+ boot in quite some detail. It's one of the best bootchart
+ implementations around and minimal in its code and
+ dependencies.
+
+ * nss-myhostname has been integrated into the systemd source
+ tree. nss-myhostname guarantees that the local hostname
+ always stays resolvable via NSS. It has been a weak
+ requirement of systemd-hostnamed since a long time, and
+ since its code is actually trivial we decided to just
+ include it in systemd's source tree. It can be turned off
+ with a configure switch.
+
+ * The read-ahead logic is now capable of properly detecting
+ whether a btrfs file system is on SSD or rotating media, in
+ order to optimize the read-ahead scheme. Previously, it was
+ only capable of detecting this on traditional file systems
+ such as ext4.
+
+ * In udev, additional device properties are now read from the
+ IAB in addition to the OUI database. Also, Bluetooth company
+ identities are attached to the devices as well.
+
+ * In service files %U may be used as specifier that is
+ replaced by the configured user name of the service.
+
+ * nspawn may now be invoked without a controlling TTY. This
+ makes it suitable for invocation as its own service. This
+ may be used to set up a simple containerized server system
+ using only core OS tools.
+
+ * systemd and nspawn can now accept socket file descriptors
+ when they are started for socket activation. This enables
+ implementation of socket activated nspawn
+ containers. i.e. think about autospawning an entire OS image
+ when the first SSH or HTTP connection is received. We expect
+ that similar functionality will also be added to libvirt-lxc
+ eventually.
+
+ * journalctl will now suppress ANSI color codes when
+ presenting log data.
+
+ * systemctl will no longer show control group information for
+ a unit if a the control group is empty anyway.
+
+ * logind can now automatically suspend/hibernate/shutdown the
+ system on idle.
+
+ * /etc/machine-info and hostnamed now also expose the chassis
+ type of the system. This can be used to determine whether
+ the local system is a laptop, desktop, handset or
+ tablet. This information may either be configured by the
+ user/vendor or is automatically determined from ACPI and DMI
+ information if possible.
+
+ * A number of PolicyKit actions are now bound together with
+ "imply" rules. This should simplify creating UIs because
+ many actions will now authenticate similar ones as well.
+
+ * Unit files learnt a new condition ConditionACPower= which
+ may be used to conditionalize a unit depending on whether an
+ AC power source is connected or not, of whether the system
+ is running on battery power.
+
+ * systemctl gained a new "is-failed" verb that may be used in
+ shell scripts and suchlike to check whether a specific unit
+ is in the "failed" state.
+
+ * The EnvironmentFile= setting in unit files now supports file
+ globbing, and can hence be used to easily read a number of
+ environment files at once.
+
+ * systemd will no longer detect and recognize specific
+ distributions. All distribution-specific #ifdeffery has been
+ removed, systemd is now fully generic and
+ distribution-agnostic. Effectively, not too much is lost as
+ a lot of the code is still accessible via explicit configure
+ switches. However, support for some distribution specific
+ legacy configuration file formats has been dropped. We
+ recommend distributions to simply adopt the configuration
+ files everybody else uses now and convert the old
+ configuration from packaging scripts. Most distributions
+ already did that. If that's not possible or desirable,
+ distributions are welcome to forward port the specific
+ pieces of code locally from the git history.
+
+ * When logging a message about a unit systemd will now always
+ log the unit name in the message meta data.
+
+ * localectl will now also discover system locale data that is
+ not stored in locale archives, but directly unpacked.
+
+ * logind will no longer unconditionally use framebuffer
+ devices as seat masters, i.e. as devices that are required
+ to be existing before a seat is considered preset. Instead,
+ it will now look for all devices that are tagged as
+ "seat-master" in udev. By default framebuffer devices will
+ be marked as such, but depending on local systems other
+ devices might be marked as well. This may be used to
+ integrate graphics cards using closed source drivers (such
+ as NVidia ones) more nicely into logind. Note however, that
+ we recommend using the open source NVidia drivers instead,
+ and no udev rules for the closed-source drivers will be
+ shipped from us upstream.
+
+ Contributions from: Adam Williamson, Alessandro Crismani, Auke
+ Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
+ Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
+ Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
+ Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
+ Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
+ Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
+ Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
+ Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
+ Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
+ Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
+ Jędrzejewski-Szmek
+
+CHANGES WITH 196:
+
+ * udev gained support for loading additional device properties
+ from an indexed database that is keyed by vendor/product IDs
+ and similar device identifiers. For the beginning this
+ "hwdb" is populated with data from the well-known PCI and
+ USB database, but also includes PNP, ACPI and OID data. In
+ the longer run this indexed database shall grow into
+ becoming the one central database for non-essential
+ userspace device metadata. Previously, data from the PCI/USB
+ database was only attached to select devices, since the
+ lookup was a relatively expensive operation due to O(n) time
+ complexity (with n being the number of entries in the
+ database). Since this is now O(1), we decided to add in this
+ data for all devices where this is available, by
+ default. Note that the indexed database needs to be rebuilt
+ when new data files are installed. To achieve this you need
+ to update your packaging scripts to invoke "udevadm hwdb
+ --update" after installation of hwdb data files. For
+ RPM-based distributions we introduced the new
+ %udev_hwdb_update macro for this purpose.
+
+ * The Journal gained support for the "Message Catalog", an
+ indexed database to link up additional information with
+ journal entries. For further details please check:
+
+ http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+ The indexed message catalog database also needs to be
+ rebuilt after installation of message catalog files. Use
+ "journalctl --update-catalog" for this. For RPM-based
+ distributions we introduced the %journal_catalog_update
+ macro for this purpose.
+
+ * The Python Journal bindings gained support for the standard
+ Python logging framework.
+
+ * The Journal API gained new functions for checking whether
+ the underlying file system of a journal file is capable of
+ properly reporting file change notifications, or whether
+ applications that want to reflect journal changes "live"
+ need to recheck journal files continuously in appropriate
+ time intervals.
+
+ * It is now possible to set the "age" field for tmpfiles
+ entries to 0, indicating that files matching this entry
+ shall always be removed when the directories are cleaned up.
+
+ * coredumpctl gained a new "gdb" verb which invokes gdb
+ right-away on the selected coredump.
+
+ * There's now support for "hybrid sleep" on kernels that
+ support this, in addition to "suspend" and "hibernate". Use
+ "systemctl hybrid-sleep" to make use of this.
+
+ * logind's HandleSuspendKey= setting (and related settings)
+ now gained support for a new "lock" setting to simply
+ request the screen lock on all local sessions, instead of
+ actually executing a suspend or hibernation.
+
+ * systemd will now mount the EFI variables file system by
+ default.
+
+ * Socket units now gained support for configuration of the
+ SMACK security label.
+
+ * timedatectl will now output the time of the last and next
+ daylight saving change.
+
+ * We dropped support for various legacy and distro-specific
+ concepts, such as insserv, early-boot SysV services
+ (i.e. those for non-standard runlevels such as 'b' or 'S')
+ or ArchLinux /etc/rc.conf support. We recommend the
+ distributions who still need support this to either continue
+ to maintain the necessary patches downstream, or find a
+ different solution. (Talk to us if you have questions!)
+
+ * Various systemd components will now bypass PolicyKit checks
+ for root and otherwise handle properly if PolicyKit is not
+ found to be around. This should fix most issues for
+ PolicyKit-less systems. Quite frankly this should have been
+ this way since day one. It is absolutely our intention to
+ make systemd work fine on PolicyKit-less systems, and we
+ consider it a bug if something doesn't work as it should if
+ PolicyKit is not around.
+
+ * For embedded systems it is now possible to build udev and
+ systemd without blkid and/or kmod support.
+
+ * "systemctl switch-root" is now capable of switching root
+ more than once. I.e. in addition to transitions from the
+ initrd to the host OS it is now possible to transition to
+ further OS images from the host. This is useful to implement
+ offline updating tools.
+
+ * Various other additions have been made to the RPM macros
+ shipped with systemd. Use %udev_rules_update() after
+ installing new udev rules files. %_udevhwdbdir,
+ %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
+ %_sysctldir are now available which resolve to the right
+ directories for packages to place various data files in.
+
+ * journalctl gained the new --full switch (in addition to
+ --all, to disable ellipsation for long messages.
+
+ Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
+ Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
+ Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
+ Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
+ Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
+ Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
+ Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
+ Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
+ Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 195:
+
+ * journalctl gained new --since= and --until= switches to
+ filter by time. It also now supports nice filtering for
+ units via --unit=/-u.
+
+ * Type=oneshot services may use ExecReload= and do the
+ right thing.
+
+ * The journal daemon now supports time-based rotation and
+ vacuuming, in addition to the usual disk-space based
+ rotation.
+
+ * The journal will now index the available field values for
+ each field name. This enables clients to show pretty drop
+ downs of available match values when filtering. The bash
+ completion of journalctl has been updated
+ accordingly. journalctl gained a new switch -F to list all
+ values a certain field takes in the journal database.
+
+ * More service events are now written as structured messages
+ to the journal, and made recognizable via message IDs.
+
+ * The timedated, localed and hostnamed mini-services which
+ previously only provided support for changing time, locale
+ and hostname settings from graphical DEs such as GNOME now
+ also have a minimal (but very useful) text-based client
+ utility each. This is probably the nicest way to changing
+ these settings from the command line now, especially since
+ it lists available options and is fully integrated with bash
+ completion.
+
+ * There's now a new tool "systemd-coredumpctl" to list and
+ extract coredumps from the journal.
+
+ * We now install a README each in /var/log/ and
+ /etc/rc.d/init.d explaining where the system logs and init
+ scripts went. This hopefully should help folks who go to
+ that dirs and look into the otherwise now empty void and
+ scratch their heads.
+
+ * When user-services are invoked (by systemd --user) the
+ $MANAGERPID env var is set to the PID of systemd.
+
+ * SIGRTMIN+24 when sent to a --user instance will now result
+ in immediate termination of systemd.
+
+ * gatewayd received numerous feature additions such as a
+ "follow" mode, for live syncing and filtering.
+
+ * browse.html now allows filtering and showing detailed
+ information on specific entries. Keyboard navigation and
+ mouse screen support has been added.
+
+ * gatewayd/journalctl now supports HTML5/JSON
+ Server-Sent-Events as output.
+
+ * The SysV init script compatibility logic will now
+ heuristically determine whether a script supports the
+ "reload" verb, and only then make this available as
+ "systemctl reload".
+
+ * "systemctl status --follow" has been removed, use "journalctl
+ -u" instead.
+
+ * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
+ have been removed since they are hardly useful to be
+ configured.
+
+ * And I'd like to take the opportunity to specifically mention
+ Zbigniew for his great contributions. Zbigniew, you rock!
+
+ Contributions from: Andrew Eikum, Christian Hesse, Colin
+ Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
+ Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
+ Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
+ Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
+ Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
+ Jędrzejewski-Szmek, Сковорода Никита Андреевич
+
+CHANGES WITH 194:
+
+ * If /etc/vconsole.conf is non-existent or empty we will no
+ longer load any console font or key map at boot by
+ default. Instead the kernel defaults will be left
+ intact. This is definitely the right thing to do, as no
+ configuration should mean no configuration, and hard-coding
+ font names that are different on all archs is probably a bad
+ idea. Also, the kernel default key map and font should be
+ good enough for most cases anyway, and mostly identical to
+ the userspace fonts/key maps we previously overloaded them
+ with. If distributions want to continue to default to a
+ non-kernel font or key map they should ship a default
+ /etc/vconsole.conf with the appropriate contents.
+
+ Contributions from: Colin Walters, Daniel J Walsh, Dave
+ Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
+ Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 193:
+
+ * journalctl gained a new --cursor= switch to show entries
+ starting from the specified location in the journal.
+
+ * We now enforce a size limit on journal entry fields exported
+ with "-o json" in journalctl. Fields larger than 4K will be
+ assigned null. This can be turned off with --all.
+
+ * An (optional) journal gateway daemon is now available as
+ "systemd-journal-gatewayd.service". This service provides
+ access to the journal via HTTP and JSON. This functionality
+ will be used to implement live log synchronization in both
+ pull and push modes, but has various other users too, such
+ as easy log access for debugging of embedded devices. Right
+ now it is already useful to retrieve the journal via HTTP:
+
+ # systemctl start systemd-journal-gatewayd.service
+ # wget http://localhost:19531/entries
+
+ This will download the journal contents in a
+ /var/log/messages compatible format. The same as JSON:
+
+ # curl -H"Accept: application/json" http://localhost:19531/entries
+
+ This service is also accessible via a web browser where a
+ single static HTML5 app is served that uses the JSON logic
+ to enable the user to do some basic browsing of the
+ journal. This will be extended later on. Here's an example
+ screenshot of this app in its current state:
+
+ http://0pointer.de/public/journal-gatewayd
+
+ Contributions from: Kay Sievers, Lennart Poettering, Robert
+ Milasan, Tom Gundersen
+
+CHANGES WITH 192:
+
+ * The bash completion logic is now available for journalctl
+ too.
+
+ * We don't mount the "cpuset" controller anymore together with
+ "cpu" and "cpuacct", as "cpuset" groups generally cannot be
+ started if no parameters are assigned to it. "cpuset" hence
+ broke code that assumed it it could create "cpu" groups and
+ just start them.
+
+ * journalctl -f will now subscribe to terminal size changes,
+ and line break accordingly.
+
+ Contributions from: Dave Reisner, Kay Sievers, Lennart
+ Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
+
+CHANGES WITH 191:
+
+ * nspawn will now create a symlink /etc/localtime in the
+ container environment, copying the host's timezone
+ setting. Previously this has been done via a bind mount, but
+ since symlinks cannot be bind mounted this has now been
+ changed to create/update the appropriate symlink.
+
+ * journalctl -n's line number argument is now optional, and
+ will default to 10 if omitted.
+
+ * journald will now log the maximum size the journal files may
+ take up on disk. This is particularly useful if the default
+ built-in logic of determining this parameter from the file
+ system size is used. Use "systemctl status
+ systemd-journald.service" to see this information.
+
+ * The multi-seat X wrapper tool has been stripped down. As X
+ is now capable of enumerating graphics devices via udev in a
+ seat-aware way the wrapper is not strictly necessary
+ anymore. A stripped down temporary stop-gap is still shipped
+ until the upstream display managers have been updated to
+ fully support the new X logic. Expect this wrapper to be
+ removed entirely in one of the next releases.
+
+ * HandleSleepKey= in logind.conf has been split up into
+ HandleSuspendKey= and HandleHibernateKey=. The old setting
+ is not available anymore. X11 and the kernel are
+ distuingishing between these keys and we should too. This
+ also means the inhibition lock for these keys has been split
+ into two.
+
+ Contributions from: Dave Airlie, Eelco Dolstra, Lennart
+ Poettering, Lukas Nykryn, Václav Pavlín
+
+CHANGES WITH 190:
+
+ * Whenever a unit changes state we'll now log this to the
+ journal and show along the unit's own log output in
+ "systemctl status".
+
+ * ConditionPathIsMountPoint= can now properly detect bind
+ mount points too. (Previously, a bind mount of one file
+ system to another place in the same file system could not be
+ detected as mount, since they shared struct stat's st_dev
+ field.)
+
+ * We will now mount the cgroup controllers cpu, cpuacct,
+ cpuset and the controllers net_cls, net_prio together by
+ default.
+
+ * nspawn containers will now have a virtualized boot
+ ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
+ over with a randomized ID at container initialization). This
+ has the effect of making "journalctl -b" do the right thing
+ in a container.
+
+ * The JSON output journal serialization has been updated not
+ to generate "endless" list objects anymore, but rather one
+ JSON object per line. This is more in line how most JSON
+ parsers expect JSON objects. The new output mode
+ "json-pretty" has been added to provide similar output, but
+ neatly aligned for readability by humans.
+
+ * We dropped all explicit sync() invocations in the shutdown
+ code. The kernel does this implicitly anyway in the kernel
+ reboot() syscall. halt(8)'s -n option is now a compatibility
+ no-op.
+
+ * We now support virtualized reboot() in containers, as
+ supported by newer kernels. We will fall back to exit() if
+ CAP_SYS_REBOOT is not available to the container. Also,
+ nspawn makes use of this now and will actually reboot the
+ container if the containerized OS asks for that.
+
+ * journalctl will only show local log output by default
+ now. Use --merge (-m) to show remote log output, too.
+
+ * libsystemd-journal gained the new sd_journal_get_usage()
+ call to determine the current disk usage of all journal
+ files. This is exposed in the new "journalctl --disk-usage"
+ command.
+
+ * journald gained a new configuration setting SplitMode= in
+ journald.conf which may be used to control how user journals
+ are split off. See journald.conf(5) for details.
+
+ * A new condition type ConditionFileNotEmpty= has been added.
+
+ * tmpfiles' "w" lines now support file globbing, to write
+ multiple files at once.
+
+ * We added Python bindings for the journal submission
+ APIs. More Python APIs for a number of selected APIs will
+ likely follow. Note that we intend to add native bindings
+ only for the Python language, as we consider it common
+ enough to deserve bindings shipped within systemd. There are
+ various projects outside of systemd that provide bindings
+ for languages such as PHP or Lua.
+
+ * Many conditions will now resolve specifiers such as %i. In
+ addition, PathChanged= and related directives of .path units
+ now support specifiers as well.
+
+ * There's now a new RPM macro definition for the system preset
+ dir: %_presetdir.
+
+ * journald will now warn if it can't forward a message to the
+ syslog daemon because it's socket is full.
+
+ * timedated will no longer write or process /etc/timezone,
+ except on Debian. As we do not support late mounted /usr
+ anymore /etc/localtime always being a symlink is now safe,
+ and hence the information in /etc/timezone is not necessary
+ anymore.
+
+ * logind will now always reserve one VT for a text getty (VT6
+ by default). Previously if more than 6 X sessions where
+ started they took up all the VTs with auto-spawned gettys,
+ so that no text gettys were available anymore.
+
+ * udev will now automatically inform the btrfs kernel logic
+ about btrfs RAID components showing up. This should make
+ simple hotplug based btrfs RAID assembly work.
+
+ * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
+ (but not for its children which will stay at the kernel
+ default). This should allow setups with a lot more listening
+ sockets.
+
+ * systemd will now always pass the configured timezone to the
+ kernel at boot. timedated will do the same when the timezone
+ is changed.
+
+ * logind's inhibition logic has been updated. By default,
+ logind will now handle the lid switch, the power and sleep
+ keys all the time, even in graphical sessions. If DEs want
+ to handle these events on their own they should take the new
+ handle-power-key, handle-sleep-key and handle-lid-switch
+ inhibitors during their runtime. A simple way to achiveve
+ that is to invoke the DE wrapped in an invocation of:
+
+ systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ...
+
+ * Access to unit operations is now checked via SELinux taking
+ the unit file label and client process label into account.
+
+ * systemd will now notify the administrator in the journal
+ when he over-mounts a non-empty directory.
+
+ * There are new specifiers that are resolved in unit files,
+ for the host name (%H), the machine ID (%m) and the boot ID
+ (%b).
+
+ Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
+ Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
+ Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
+ Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
+ Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
+ Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
+ Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 189:
+
+ * Support for reading structured kernel messages from
+ /dev/kmsg has now been added and is enabled by default.
+
+ * Support for reading kernel messages from /proc/kmsg has now
+ been removed. If you want kernel messages in the journal
+ make sure to run a recent kernel (>= 3.5) that supports
+ reading structured messages from /dev/kmsg (see
+ above). /proc/kmsg is now exclusive property of classic
+ syslog daemons again.
+
+ * The libudev API gained the new
+ udev_device_new_from_device_id() call.
+
+ * The logic for file system namespace (ReadOnlyDirectory=,
+ ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
+ require pivot_root() anymore. This means fewer temporary
+ directories are created below /tmp for this feature.
+
+ * nspawn containers will now see and receive all submounts
+ made on the host OS below the root file system of the
+ container.
+
+ * Forward Secure Sealing is now supported for Journal files,
+ which provide cryptographical sealing of journal files so
+ that attackers cannot alter log history anymore without this
+ being detectable. Lennart will soon post a blog story about
+ this explaining it in more detail.
+
+ * There are two new service settings RestartPreventExitStatus=
+ and SuccessExitStatus= which allow configuration of exit
+ status (exit code or signal) which will be excepted from the
+ restart logic, resp. consider successful.
+
+ * journalctl gained the new --verify switch that can be used
+ to check the integrity of the structure of journal files and
+ (if Forward Secure Sealing is enabled) the contents of
+ journal files.
+
+ * nspawn containers will now be run with /dev/stdin, /dev/fd/
+ and similar symlinks pre-created. This makes running shells
+ as container init process a lot more fun.