+CHANGES WITH 231:
+
+ * In service units the various ExecXYZ= settings have been extended
+ with an additional special character as first argument of the
+ assigned value: if the character '+' is used the specified command
+ line it will be run with full privileges, regardless of User=,
+ Group=, CapabilityBoundingSet= and similar options. The effect is
+ similar to the existing PermissionsStartOnly= option, but allows
+ configuration of this concept for each executed command line
+ independently.
+
+ * Services may now alter the service watchdog timeout at runtime by
+ sending a WATCHDOG_USEC= message via sd_notify().
+
+ * MemoryLimit= and related unit settings now optionally take percentage
+ specifications. The percentage is taken relative to the amount of
+ physical memory in the system (or in case of containers, the assigned
+ amount of memory). This allows scaling service resources neatly with
+ the amount of RAM available on the system. Similarly, systemd-logind's
+ RuntimeDirectorySize= option now also optionally takes percentage
+ values.
+
+ * In similar fashion TasksMax= takes percentage values now, too. The
+ value is taken relative to the configured maximum number of processes
+ on the system. The per-service task maximum has been changed to 15%
+ using this functionality. (Effectively this is an increase of 512 →
+ 4915 for service units, given the kernel's default pid_max setting.)
+
+ * Calendar time specifications in .timer units now understand a ".."
+ syntax for time ranges. Example: "4..7:10" may now be used for
+ defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
+ 7:10am every day.
+
+ * The InaccessableDirectories=, ReadOnlyDirectories= and
+ ReadWriteDirectories= unit file settings have been renamed to
+ InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
+ applied to all kinds of file nodes, and not just directories, with
+ the exception of symlinks. Specifically these settings may now be
+ used on block and character device nodes, UNIX sockets and FIFOS as
+ well as regular files. The old names of these settings remain
+ available for compatibility.
+
+ * systemd will now log about all service processes it kills forcibly
+ (using SIGKILL) because they remained after the clean shutdown phase
+ of the service completed. This should help identifying services that
+ shut down uncleanly. Moreover if KillUserProcesses= is enabled in
+ systemd-logind's configuration a similar log message is generated for
+ processes killed at the end of each session due to this setting.
+
+ * systemd will now set the $JOURNAL_STREAM environment variable for all
+ services whose stdout/stderr are connected to the Journal (which
+ effectively means by default: all services). The variable contains
+ the device and inode number of the file descriptor used for
+ stdout/stderr. This may be used by invoked programs to detect whether
+ their stdout/stderr is connected to the Journal, in which case they
+ can switch over to direct Journal communication, thus being able to
+ pass extended, structured metadata along with their log messages. As
+ one example, this is now used by glib's logging primitives.
+
+ * When using systemd's default tmp.mount unit for /tmp, the mount point
+ will now be established with the "nosuid" and "nodev" options. This
+ avoids privilege escalation attacks that put traps and exploits into
+ /tmp. However, this might cause problems if you e. g. put container
+ images or overlays into /tmp; if you need this, override tmp.mount's
+ "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
+ desired options.
+
+ * systemd now supports the "memory" cgroup controller also on
+ cgroupsv2.
+
+ * The systemd-cgtop tool now optionally takes a control group path as
+ command line argument. If specified, the control group list shown is
+ limited to subgroups of that group.
+
+ * The SystemCallFilter= unit file setting gained support for
+ pre-defined, named system call filter sets. For example
+ SystemCallFilter=@clock is now an effective way to make all clock
+ changing-related system calls unavailable to a service. A number of
+ similar pre-defined groups are defined. Writing system call filters
+ for system services is simplified substantially with this new
+ concept. Accordingly, all of systemd's own, long-running services now
+ enable system call filtering based on this, by default.
+
+ * A new service setting MemoryDenyWriteExecute= has been added, taking
+ a boolean value. If turned on, a service may no longer create memory
+ mappings that are writable and executable at the same time. This
+ enhances security for services where this is enabled as it becomes
+ harder to dynamically write and then execute memory in exploited
+ service processes. This option has been enabled for all of systemd's
+ own long-running services.
+
+ * A new RestrictRealtime= service setting has been added, taking a
+ boolean argument. If set the service's processes may no longer
+ acquire realtime scheduling. This improves security as realtime
+ scheduling may otherwise be used to easily freeze the system.
+
+ * systemd-nspawn gained a new switch --notify-ready= taking a boolean
+ value. This may be used for requesting that the system manager inside
+ of the container reports start-up completion to nspawn which then
+ propagates this notification further to the service manager
+ supervising nspawn itself. A related option NotifyReady= in .nspawn
+ files has been added too. This functionality allows ordering of the
+ start-up of multiple containers using the usual systemd ordering
+ primitives.
+
+ * machinectl gained a new command "stop" that is an alias for
+ "terminate".
+
+ * systemd-resolved gained support for contacting DNS servers on
+ link-local IPv6 addresses.
+
+ * If systemd-resolved receives the SIGUSR2 signal it will now flush all
+ its caches. A method call for requesting the same operation has been
+ added to the bus API too, and is made available via "systemd-resolve
+ --flush-caches".
+
+ * systemd-resolve gained a new --status switch. If passed a brief
+ summary of the used DNS configuration with per-interface information
+ is shown.
+
+ * resolved.conf gained a new Cache= boolean option, defaulting to
+ on. If turned off local DNS caching is disabled. This comes with a
+ performance penalty in particular when DNSSEC is enabled. Note that
+ resolved disables its internal caching implicitly anyway, when the
+ configured DNS server is on a host-local IP address such as ::1 or
+ 127.0.0.1, thus automatically avoiding double local caching.
+
+ * systemd-resolved now listens on the local IP address 127.0.0.53:53
+ for DNS requests. This improves compatibility with local programs
+ that do not use the libc NSS or systemd-resolved's bus APIs for name
+ resolution. This minimal DNS service is only available to local
+ programs and does not implement the full DNS protocol, but enough to
+ cover local DNS clients. A new, static resolv.conf file, listing just
+ this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
+ now recommended to make /etc/resolv.conf a symlink to this file in
+ order to route all DNS lookups to systemd-resolved, regardless if
+ done via NSS, the bus API or raw DNS packets. Note that this local
+ DNS service is not as fully featured as the libc NSS or
+ systemd-resolved's bus APIs. For example, as unicast DNS cannot be
+ used to deliver link-local address information (as this implies
+ sending a local interface index along), LLMNR/mDNS support via this
+ interface is severely restricted. It is thus strongly recommended for
+ all applications to use the libc NSS API or native systemd-resolved
+ bus API instead.
+
+ * systemd-networkd's bridge support learned a new setting
+ VLANFiltering= for controlling VLAN filtering. Moreover a new section
+ in .network files has been added for configuring VLAN bridging in
+ more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
+
+ * systemd-networkd's IPv6 Router Advertisement code now makes use of
+ the DNSSL and RDNSS options. This means IPv6 DNS configuration may
+ now be acquired without relying on DHCPv6. Two new options
+ UseDomains= and UseDNS= have been added to configure this behaviour.
+
+ * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
+ renamed IPv6AcceptRA=, without altering its behaviour. The old
+ setting name remains available for compatibility reasons.
+
+ * The systemd-networkd VTI/VTI6 tunneling support gained new options
+ Key=, InputKey= and OutputKey=.
+
+ * systemd-networkd gained support for VRF ("Virtual Routing Function")
+ interface configuration.
+
+ * "systemctl edit" may now be used to create new unit files by
+ specifying the --force switch.
+
+ * sd-event gained a new function sd_event_get_iteration() for
+ requesting the current iteration counter of the event loop. It starts
+ at zero and is increased by one with each event loop iteration.
+
+ * A new rpm macro %systemd_ordering is provided by the macros.systemd
+ file. It can be used in lieu of %systemd_requires in packages which
+ don't use any systemd functionality and are intended to be installed
+ in minimal containers without systemd present. This macro provides
+ ordering dependecies to ensure that if the package is installed in
+ the same rpm transaction as systemd, systemd will be installed before
+ the scriptlets for the package are executed, allowing unit presets
+ to be handled.
+
+ New macros %_systemdgeneratordir and %_systemdusergeneratordir have
+ been added to simplify packaging of generators.
+
+ * The os-release file gained VERSION_CODENAME field for the
+ distribution nickname (e.g. VERSION_CODENAME=woody).
+
+ * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
+ can be set to disable parsing of metadata and the creation
+ of persistent symlinks for that device.
+
+ * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
+ to make them available to logged-in users has been reverted.
+
+ * Much of the common code of the various systemd components is now
+ built into an internal shared library libsystemd-shared-231.so
+ (incorporating the systemd version number in the name, to be updated
+ with future releases) that the components link to. This should
+ decrease systemd footprint both in memory during runtime and on
+ disk. Note that the shared library is not for public use, and is
+ neither API not ABI stable, but is likely to change with every new
+ released update. Packagers need to make sure that binaries
+ linking to libsystemd-shared.so are updated in step with the
+ library.
+
+ * Configuration for "mkosi" is now part of the systemd
+ repository. mkosi is a tool to easily build legacy-free OS images,
+ and is available on github: https://github.com/systemd/mkosi. If
+ "mkosi" is invoked in the build tree a new raw OS image is generated
+ incorporating the systemd sources currently being worked on and a
+ clean, fresh distribution installation. The generated OS image may be
+ booted up with "systemd-nspawn -b -i", qemu-kvm or on any physcial
+ UEFI PC. This functionality is particularly useful to easily test
+ local changes made to systemd in a pristine, defined environment. See
+ HACKING for details.
+
+ Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
+ Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
+ Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
+ Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
+ Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
+ Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
+ Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
+ Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
+ Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
+ Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
+ Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
+ Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
+ Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
+ Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
+ Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
+ Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
+ Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
+ Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
+ WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
+
+ — Berlin, 2016-07-25
+
+CHANGES WITH 230:
+
+ * DNSSEC is now turned on by default in systemd-resolved (in
+ "allow-downgrade" mode), but may be turned off during compile time by
+ passing "--with-default-dnssec=no" to "configure" (and of course,
+ during runtime with DNSSEC= in resolved.conf). We recommend
+ downstreams to leave this on at least during development cycles and
+ report any issues with the DNSSEC logic upstream. We are very
+ interested in collecting feedback about the DNSSEC validator and its
+ limitations in the wild. Note however, that DNSSEC support is
+ probably nothing downstreams should turn on in stable distros just
+ yet, as it might create incompatibilities with a few DNS servers and
+ networks. We tried hard to make sure we downgrade to non-DNSSEC mode
+ automatically whenever we detect such incompatible setups, but there
+ might be systems we do not cover yet. Hence: please help us testing
+ the DNSSEC code, leave this on where you can, report back, but then
+ again don't consider turning this on in your stable, LTS or
+ production release just yet. (Note that you have to enable
+ nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
+ and its DNSSEC mode for host name resolution from local
+ applications.)
+
+ * systemd-resolve conveniently resolves DANE records with the --tlsa
+ option and OPENPGPKEY records with the --openpgp option. It also
+ supports dumping raw DNS record data via the new --raw= switch.
+
+ * systemd-logind will now by default terminate user processes that are
+ part of the user session scope unit (session-XX.scope) when the user
+ logs out. This behavior is controlled by the KillUserProcesses=
+ setting in logind.conf, and the previous default of "no" is now
+ changed to "yes". This means that user sessions will be properly
+ cleaned up after, but additional steps are necessary to allow
+ intentionally long-running processes to survive logout.
+
+ While the user is logged in at least once, user@.service is running,
+ and any service that should survive the end of any individual login
+ session can be started at a user service or scope using systemd-run.
+ systemd-run(1) man page has been extended with an example which shows
+ how to run screen in a scope unit underneath user@.service. The same
+ command works for tmux.
+
+ After the user logs out of all sessions, user@.service will be
+ terminated too, by default, unless the user has "lingering" enabled.
+ To effectively allow users to run long-term tasks even if they are
+ logged out, lingering must be enabled for them. See loginctl(1) for
+ details. The default polkit policy was modified to allow users to
+ set lingering for themselves without authentication.
+
+ Previous defaults can be restored at compile time by the
+ --without-kill-user-processes option to "configure".
+
+ * systemd-logind gained new configuration settings SessionsMax= and
+ InhibitorsMax=, both with a default of 8192. It will not register new
+ user sessions or inhibitors above this limit.
+
+ * systemd-logind will now reload configuration on SIGHUP.
+
+ * The unified cgroup hierarchy added in Linux 4.5 is now supported.
+ Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
+ enable. Also, support for the "io" cgroup controller in the unified
+ hierarchy has been added, so that the "memory", "pids" and "io" are
+ now the controllers that are supported on the unified hierarchy.
+
+ WARNING: it is not possible to use previous systemd versions with
+ systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
+ is necessary to also update systemd in the initramfs if using the
+ unified hierarchy. An updated SELinux policy is also required.
+
+ * LLDP support has been extended, and both passive (receive-only) and
+ active (sender) modes are supported. Passive mode ("routers-only") is
+ enabled by default in systemd-networkd. Active LLDP mode is enabled
+ by default for containers on the internal network. The "networkctl
+ lldp" command may be used to list information gathered. "networkctl
+ status" will also show basic LLDP information on connected peers now.
+
+ * The IAID and DUID unique identifier sent in DHCP requests may now be
+ configured for the system and each .network file managed by
+ systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
+
+ * systemd-networkd gained support for configuring proxy ARP support for
+ each interface, via the ProxyArp= setting in .network files. It also
+ gained support for configuring the multicast querier feature of
+ bridge devices, via the new MulticastQuerier= setting in .netdev
+ files. Similarly, snooping on the IGMP traffic can be controlled
+ via the new setting MulticastSnooping=.
+
+ A new setting PreferredLifetime= has been added for addresses
+ configured in .network file to configure the lifetime intended for an
+ address.
+
+ The systemd-networkd DHCP server gained the option EmitRouter=, which
+ defaults to yes, to configure whether the DHCP Option 3 (Router)
+ should be emitted.
+
+ * The testing tool /usr/lib/systemd/systemd-activate is renamed to
+ systemd-socket-activate and installed into /usr/bin. It is now fully
+ supported.
+
+ * systemd-journald now uses separate threads to flush changes to disk
+ when closing journal files, thus reducing impact of slow disk I/O on
+ logging performance.
+
+ * The sd-journal API gained two new calls
+ sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
+ can be used to open journal files using file descriptors instead of
+ file or directory paths. sd_journal_open_container() has been
+ deprecated, sd_journal_open_directory_fd() should be used instead
+ with the flag SD_JOURNAL_OS_ROOT.
+
+ * journalctl learned a new output mode "-o short-unix" that outputs log
+ lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
+ UTC). It also gained support for a new --no-hostname setting to
+ suppress the hostname column in the family of "short" output modes.
+
+ * systemd-ask-password now optionally skips printing of the password to
+ stdout with --no-output which can be useful in scripts.
+
+ * Framebuffer devices (/dev/fb*) and 3D printers and scanners
+ (devices tagged with ID_MAKER_TOOL) are now tagged with
+ "uaccess" and are available to logged in users.
+
+ * The DeviceAllow= unit setting now supports specifiers (with "%").
+
+ * "systemctl show" gained a new --value switch, which allows print a
+ only the contents of a specific unit property, without also printing
+ the property's name. Similar support was added to "show*" verbs
+ of loginctl and machinectl that output "key=value" lists.
+
+ * A new unit type "generated" was added for files dynamically generated
+ by generator tools. Similarly, a new unit type "transient" is used
+ for unit files created using the runtime API. "systemctl enable" will
+ refuse to operate on such files.
+
+ * A new command "systemctl revert" has been added that may be used to
+ revert to the vendor version of a unit file, in case local changes
+ have been made by adding drop-ins or overriding the unit file.
+
+ * "machinectl clean" gained a new verb to automatically remove all or
+ just hidden container images.
+
+ * systemd-tmpfiles gained support for a new line type "e" for emptying
+ directories, if they exist, without creating them if they don't.
+
+ * systemd-nspawn gained support for automatically patching the UID/GIDs
+ of the owners and the ACLs of all files and directories in a
+ container tree to match the UID/GID user namespacing range selected
+ for the container invocation. This mode is enabled via the new
+ --private-user-chown switch. It also gained support for automatically
+ choosing a free, previously unused UID/GID range when starting a
+ container, via the new --private-users=pick setting (which implies
+ --private-user-chown). Together, these options for the first time
+ make user namespacing for nspawn containers fully automatic and thus
+ deployable. The systemd-nspawn@.service template unit file has been
+ changed to use this functionality by default.
+
+ * systemd-nspawn gained a new --network-zone= switch, that allows
+ creating ad-hoc virtual Ethernet links between multiple containers,
+ that only exist as long as at least one container referencing them is
+ running. This allows easy connecting of multiple containers with a
+ common link that implements an Ethernet broadcast domain. Each of
+ these network "zones" may be named relatively freely by the user, and
+ may be referenced by any number of containers, but each container may
+ only reference one of these "zones". On the lower level, this is
+ implemented by an automatically managed bridge network interface for
+ each zone, that is created when the first container referencing its
+ zone is created and removed when the last one referencing its zone
+ terminates.
+
+ * The default start timeout may now be configured on the kernel command
+ line via systemd.default_timeout_start_sec=. It was already
+ configurable via the DefaultTimeoutStartSec= option in
+ /etc/systemd/system.conf.
+
+ * Socket units gained a new TriggerLimitIntervalSec= and
+ TriggerLimitBurst= setting to configure a limit on the activation
+ rate of the socket unit.
+
+ * The LimitNICE= setting now optionally takes normal UNIX nice values
+ in addition to the raw integer limit value. If the specified
+ parameter is prefixed with "+" or "-" and is in the range -20..19 the
+ value is understood as UNIX nice value. If not prefixed like this it
+ is understood as raw RLIMIT_NICE limit.
+
+ * Note that the effect of the PrivateDevices= unit file setting changed
+ slightly with this release: the per-device /dev file system will be
+ mounted read-only from this version on, and will have "noexec"
+ set. This (minor) change of behavior might cause some (exceptional)
+ legacy software to break, when PrivateDevices=yes is set for its
+ service. Please leave PrivateDevices= off if you run into problems
+ with this.
+
+ * systemd-bootchart has been split out to a separate repository:
+ https://github.com/systemd/systemd-bootchart
+
+ * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
+ merged into the kernel in its current form.
+
+ * The compatibility libraries libsystemd-daemon.so,
+ libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
+ which have been deprecated since systemd-209 have been removed along
+ with the corresponding pkg-config files. All symbols provided by
+ those libraries are provided by libsystemd.so.
+
+ * The Capabilities= unit file setting has been removed (it is ignored
+ for backwards compatibility). AmbientCapabilities= and
+ CapabilityBoundingSet= should be used instead.
+
+ * A new special target has been added, initrd-root-device.target,
+ which creates a synchronization point for dependencies of the root
+ device in early userspace. Initramfs builders must ensure that this
+ target is now included in early userspace.
+
+ Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
+ Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
+ Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
+ Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
+ Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
+ R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
+ Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
+ Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
+ Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
+ Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
+ John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
+ Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
+ Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
+ Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
+ Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
+ mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
+ Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
+ Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
+ Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
+ Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
+ Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
+ Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
+ Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
+ Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
+ Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek
+
+ — Fairfax, 2016-05-21
+