+CHANGES WITH 233:
+
+ * The "hybrid" control group mode has been modified to improve
+ compatibility with "legacy" cgroups-v1 setups. Specifically, the
+ "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
+ "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
+ cgroups-v1 hierarchy), the only externally visible change being that
+ the cgroups-v2 hierarchy is also mounted, to
+ /sys/fs/cgroup/unified. This should provide a large degree of
+ compatibility with "legacy" cgroups-v1, while taking benefit of the
+ better management capabilities of cgroups-v2.
+
+ * The default control group setup mode may be selected both a boot-time
+ via a set of kernel command line parameters (specifically:
+ systemd.unified_cgroup_hierarchy= and
+ systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
+ default selected on the configure command line
+ (--with-default-hierarchy=). The upstream default is "hybrid"
+ (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
+ this will change in a future systemd version to be "unified" (pure
+ cgroups-v2 mode). The third option for the compile time option is
+ "legacy", to enter pure cgroups-v1 mode. We recommend downstream
+ distributions to default to "hybrid" mode for release distributions,
+ starting with v233. We recommend "unified" for development
+ distributions (specifically: distributions such as Fedora's rawhide)
+ as that's where things are headed in the long run. Use "legacy" for
+ greatest stability and compatibility only.
+
+ * Note one current limitation of "unified" and "hybrid" control group
+ setup modes: the kernel currently does not permit the systemd --user
+ instance (i.e. unprivileged code) to migrate processes between two
+ disconnected cgroup subtrees, even if both are managed and owned by
+ the user. This effectively means "systemd-run --user --scope" doesn't
+ work when invoked from outside of any "systemd --user" service or
+ scope. Specifically, it is not supported from session scopes. We are
+ working on fixing this in a future systemd version. (See #3388 for
+ further details about this.)
+
+ * DBus policy files are now installed into /usr rather than /etc. Make
+ sure your system has dbus >= 1.9.18 running before upgrading to this
+ version, or override the install path with --with-dbuspolicydir= .
+
+ * All python scripts shipped with systemd (specifically: the various
+ tests written in Python) now require Python 3.
+
+ * systemd unit tests can now run standalone (without the source or
+ build directories), and can be installed into /usr/lib/systemd/tests/
+ with 'make install-tests'.
+
+ * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
+ CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
+ kernel.
+
+ * Support for the %c, %r, %R specifiers in unit files has been
+ removed. Specifiers are not supposed to be dependent on configuration
+ in the unit file itself (so that they resolve the same regardless
+ where used in the unit files), but these specifiers were influenced
+ by the Slice= option.
+
+ * The shell invoked by debug-shell.service now defaults to /bin/sh in
+ all cases. If distributions want to use a different shell for this
+ purpose (for example Fedora's /sbin/sushell) they need to specify
+ this explicitly at configure time using --with-debug-shell=.
+
+ * The confirmation spawn prompt has been reworked to offer the
+ following choices:
+
+ (c)ontinue, proceed without asking anymore
+ (D)ump, show the state of the unit
+ (f)ail, don't execute the command and pretend it failed
+ (h)elp
+ (i)nfo, show a short summary of the unit
+ (j)obs, show jobs that are in progress
+ (s)kip, don't execute the command and pretend it succeeded
+ (y)es, execute the command
+
+ The 'n' choice for the confirmation spawn prompt has been removed,
+ because its meaning was confusing.
+
+ The prompt may now also be redirected to an alternative console by
+ specifying the console as parameter to systemd.confirm_spawn=.
+
+ * Services of Type=notify require a READY=1 notification to be sent
+ during startup. If no such message is sent, the service now fails,
+ even if the main process exited with a successful exit code.
+
+ * Services that fail to start up correctly now always have their
+ ExecStopPost= commands executed. Previously, they'd enter "failed"
+ state directly, without executing these commands.
+
+ * The option MulticastDNS= of network configuration files has acquired
+ an actual implementation. With MulticastDNS=yes a host can resolve
+ names of remote hosts and reply to mDNS A and AAAA requests.
+
+ * When units are about to be started an additional check is now done to
+ ensure that all dependencies of type BindsTo= (when used in
+ combination with After=) have been started.
+
+ * systemd-analyze gained a new verb "syscall-filter" which shows which
+ system call groups are defined for the SystemCallFilter= unit file
+ setting, and which system calls they contain.
+
+ * A new system call filter group "@filesystem" has been added,
+ consisting of various file system related system calls. Group
+ "@reboot" has been added, covering reboot, kexec and shutdown related
+ calls. Finally, group "@swap" has been added covering swap
+ configuration related calls.
+
+ * A new unit file option RestrictNamespaces= has been added that may be
+ used to restrict access to the various process namespace types the
+ Linux kernel provides. Specifically, it may be used to take away the
+ right for a service unit to create additional file system, network,
+ user, and other namespaces. This sandboxing option is particularly
+ relevant due to the high amount of recently discovered namespacing
+ related vulnerabilities in the kernel.
+
+ * systemd-udev's .link files gained support for a new AutoNegotiation=
+ setting for configuring Ethernet auto-negotiation.
+
+ * systemd-networkd's .network files gained support for a new
+ ListenPort= setting in the [DHCP] section to explicitly configure the
+ UDP client port the DHCP client shall listen on.
+
+ * .network files gained a new Unmanaged= boolean setting for explicitly
+ excluding one or more interfaces from management by systemd-networkd.
+
+ * The systemd-networkd ProxyARP= option has been renamed to
+ IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
+ renamed to ReduceARPProxy=. The old names continue to be available
+ for compatibility.
+
+ * systemd-networkd gained support for configuring IPv6 Proxy NDP
+ addresses via the new IPv6ProxyNDPAddress= .network file setting.
+
+ * systemd-networkd's bonding device support gained support for two new
+ configuration options ActiveSlave= and PrimarySlave=.
+
+ * The various options in the [Match] section of .network files gained
+ support for negative matching.
+
+ * New systemd-specific mount options are now understood in /etc/fstab:
+
+ x-systemd.mount-timeout= may be used to configure the maximum
+ permitted runtime of the mount command.
+
+ x-systemd.device-bound may be set to bind a mount point to its
+ backing device unit, in order to automatically remove a mount point
+ if its backing device is unplugged. This option may also be
+ configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
+ on the block device, which is now automatically set for all CDROM
+ drives, so that mounted CDs are automatically unmounted when they are
+ removed from the drive.
+
+ x-systemd.after= and x-systemd.before= may be used to explicitly
+ order a mount after or before another unit or mount point.
+
+ * Enqueued start jobs for device units are now automatically garbage
+ collected if there are no jobs waiting for them anymore.
+
+ * systemctl list-jobs gained two new switches: with --after, for every
+ queued job the jobs it's waiting for are shown; with --before the
+ jobs which it's blocking are shown.
+
+ * systemd-nspawn gained support for ephemeral boots from disk images
+ (or in other words: --ephemeral and --image= may now be
+ combined). Moreover, ephemeral boots are now supported for normal
+ directories, even if the backing file system is not btrfs. Of course,
+ if the file system does not support file system snapshots or
+ reflinks, the initial copy operation will be relatively expensive, but
+ this should still be suitable for many use cases.
+
+ * Calendar time specifications in .timer units now support
+ specifications relative to the end of a month by using "~" instead of
+ "-" as separator between month and day. For example, "*-02~03" means
+ "the third last day in February". In addition a new syntax for
+ repeated events has been added using the "/" character. For example,
+ "9..17/2:00" means "every two hours from 9am to 5pm".
+
+ * systemd-socket-proxyd gained a new parameter --connections-max= for
+ configuring the maximum number of concurrent connections.
+
+ * sd-id128 gained a new API for generating unique IDs for the host in a
+ way that does not leak the machine ID. Specifically,
+ sd_id128_get_machine_app_specific() derives an ID based on the
+ machine ID a in well-defined, non-reversible, stable way. This is
+ useful whenever an identifier for the host is needed but where the
+ identifier shall not be useful to identify the system beyond the
+ scope of the application itself. (Internally this uses HMAC-SHA256 as
+ keyed hash function using the machine ID as input.)
+
+ * NotifyAccess= gained a new supported value "exec". When set
+ notifications are accepted from all processes systemd itself invoked,
+ including all control processes.
+
+ * .nspawn files gained support for defining overlay mounts using the
+ Overlay= and OverlayReadOnly= options. Previously this functionality
+ was only available on the systemd-nspawn command line.
+
+ * systemd-nspawn's --bind= and --overlay= options gained support for
+ bind/overlay mounts whose source lies within the container tree by
+ prefixing the source path with "+".
+
+ * systemd-nspawn's --bind= and --overlay= options gained support for
+ automatically allocating a temporary source directory in /var/tmp
+ that is removed when the container dies. Specifically, if the source
+ directory is specified as empty string this mechanism is selected. An
+ example usage is --overlay=+/var::/var, which creates an overlay
+ mount based on the original /var contained in the image, overlayed
+ with a temporary directory in the host's /var/tmp. This way changes
+ to /var are automatically flushed when the container shuts down.
+
+ * systemd-nspawn --image= option does now permit raw file system block
+ devices (in addition to images containing partition tables, as
+ before).
+
+ * The disk image dissection logic in systemd-nspawn gained support for
+ automatically setting up LUKS encrypted as well as Verity protected
+ partitions. When a container is booted from an encrypted image the
+ passphrase is queried at start-up time. When a container with Verity
+ data is started, the root hash is search in a ".roothash" file
+ accompanying the disk image (alternatively, pass the root hash via
+ the new --root-hash= command line option).
+
+ * A new tool /usr/lib/systemd/systemd-dissect has been added that may
+ be used to dissect disk images the same way as systemd-nspawn does
+ it, following the Bootable Partition Specification. It may even be
+ used to mount disk images with complex partition setups (including
+ LUKS and Verity partitions) to a local host directory, in order to
+ inspect them. This tool is not considered public API (yet), and is
+ thus not installed into /usr/bin. Please do not rely on its
+ existence, since it might go away or be changed in later systemd
+ versions.
+
+ * A new generator "systemd-verity-generator" has been added, similar in
+ style to "systemd-cryptsetup-generator", permitting automatic setup of
+ Verity root partitions when systemd boots up. In order to make use of
+ this your partition setup should follow the Discoverable Partitions
+ Specification, and the GPT partition ID of the root file system
+ partition should be identical to the upper 128bit of the Verity root
+ hash. The GPT partition ID of the Verity partition protecting it
+ should be the lower 128bit of the Verity root hash. If the partition
+ image follows this model it is sufficient to specify a single
+ "roothash=" kernel command line argument to both configure which root
+ image and verity partition to use as well as the root hash for
+ it. Note that systemd-nspawn's Verity support follows the same
+ semantics, meaning that disk images with proper Verity data in place
+ may be booted in containers with systemd-nspawn as well as on
+ physical systems via the verity generator. Also note that the "mkosi"
+ tool available at https://github.com/systemd/mkosi has been updated
+ to generate Verity protected disk images following this scheme. In
+ fact, it has been updated to generate disk images that optionally
+ implement a complete UEFI SecureBoot trust chain, involving a signed
+ kernel and initrd image that incorporates such a root hash as well as
+ a Verity-enabled root partition.
+
+ * The hardware database (hwdb) udev supports has been updated to carry
+ accelerometer quirks.
+
+ * All system services are now run with a fresh kernel keyring set up
+ for them. The invocation ID is stored by default in it, thus
+ providing a safe, non-overridable way to determine the invocation
+ ID of each service.
+
+ * Service unit files gained new BindPaths= and BindReadOnlyPaths=
+ options for bind mounting arbitrary paths in a service-specific
+ way. When these options are used, arbitrary host or service files and
+ directories may be mounted to arbitrary locations in the service's
+ view.
+
+ * Documentation has been added that lists all of systemd's low-level
+ environment variables:
+
+ https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md
+
+ * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
+ whether a specific socket file descriptor matches a specified socket
+ address.
+
+ * systemd-firstboot has been updated to check for the
+ systemd.firstboot= kernel command line option. It accepts a boolean
+ and when set to false the first boot questions are skipped.
+
+ * systemd-fstab-generator has been updated to check for the
+ systemd.volatile= kernel command line option, which either takes an
+ optional boolean parameter or the special value "state". If used the
+ system may be booted in a "volatile" boot mode. Specifically,
+ "systemd.volatile" is used, the root directory will be mounted as
+ tmpfs, and only /usr is mounted from the actual root file system. If
+ "systemd.volatile=state" is used, the root directory will be mounted
+ as usual, but /var is mounted as tmpfs. This concept provides similar
+ functionality as systemd-nspawn's --volatile= option, but provides it
+ on physical boots. Use this option for implementing stateless
+ systems, or testing systems with all state and/or configuration reset
+ to the defaults. (Note though that many distributions are not
+ prepared to boot up without a populated /etc or /var, though.)
+
+ * systemd-gpt-auto-generator gained support for LUKS encrypted root
+ partitions. Previously it only supported LUKS encrypted partitions
+ for all other uses, except for the root partition itself.
+
+ * Socket units gained support for listening on AF_VSOCK sockets for
+ communication in virtualized QEMU environments.
+
+ * The "configure" script gained a new option --with-fallback-hostname=
+ for specifying the fallback hostname to use if none is configured in
+ /etc/hostname. For example, by specifying
+ --with-fallback-hostname=fedora it is possible to default to a
+ hostname of "fedora" on pristine installations.
+
+ * systemd-cgls gained support for a new --unit= switch for listing only
+ the control groups of a specific unit. Similar --user-unit= has been
+ added for listing only the control groups of a specific user unit.
+
+ * systemd-mount gained a new --umount switch for unmounting a mount or
+ automount point (and all mount/automount points below it).
+
+ * systemd will now refuse full configuration reloads (via systemctl
+ daemon-reload and related calls) unless at least 16MiB of free space
+ are available in /run. This is a safety precaution in order to ensure
+ that generators can safely operate after the reload completed.
+
+ * A new unit file option RootImage= has been added, which has a similar
+ effect as RootDirectory= but mounts the service's root directory from
+ a disk image instead of plain directory. This logic reuses the same
+ image dissection and mount logic that systemd-nspawn already uses,
+ and hence supports any disk images systemd-nspawn supports, including
+ those following the Discoverable Partition Specification, as well as
+ Verity enabled images. This option enables systemd to run system
+ services directly off disk images acting as resource bundles,
+ possibly even including full integrity data.
+
+ * A new MountAPIVFS= unit file option has been added, taking a boolean
+ argument. If enabled /proc, /sys and /dev (collectively called the
+ "API VFS") will be mounted for the service. This is only relevant if
+ RootDirectory= or RootImage= is used for the service, as these mounts
+ are of course in place in the host mount namespace anyway.
+
+ * systemd-nspawn gained support for a new --pivot-root= switch. If
+ specified the root directory within the container image is pivoted to
+ the specified mount point, while the original root disk is moved to a
+ different place. This option enables booting of ostree images
+ directly with systemd-nspawn.
+
+ * The systemd build scripts will no longer complain if the NTP server
+ addresses are not changed from the defaults. Google now supports
+ these NTP servers officially. We still recommend downstreams to
+ properly register an NTP pool with the NTP pool project though.
+
+ * coredumpctl gained new new "--reverse" option for printing the list
+ of coredumps in reverse order.
+
+ * coredumpctl will now show additional information about truncated and
+ inaccessible coredumps, as well as coredumps that are still being
+ processed. It also gained a new --quiet switch for suppressing
+ additional informational message in its output.
+
+ * coredumpctl gained support for only showing coredumps newer and/or
+ older than specific timestamps, using the new --since= and --until=
+ options, reminiscent of journalctl's options by the same name.
+
+ * The systemd-coredump logic has been improved so that it may be reused
+ to collect backtraces in non-compiled languages, for example in
+ scripting languages such as Python.
+
+ * machinectl will now show the UID shift of local containers, if user
+ namespacing is enabled for them.
+
+ * systemd will now optionally run "environment generator" binaries at
+ configuration load time. They may be used to add environment
+ variables to the environment block passed to services invoked. One
+ user environment generator is shipped by default that sets up
+ environment variables based on files dropped into /etc/environment.d
+ and ~/.config/environment.d/.
+
+ * systemd-resolved now includes the new, recently published 2017 DNSSEC
+ root key (KSK).
+
+ * hostnamed has been updated to report a new chassis type of
+ "convertible" to cover "foldable" laptops that can both act as a
+ tablet and as a laptop, such as various Lenovo Yoga devices.
+
+ Contributions from: Adrián López, Alexander Galanin, Alexander
+ Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
+ Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
+ Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
+ Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
+ David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
+ Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
+ Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
+ Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
+ Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
+ Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
+ Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
+ Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
+ Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
+ Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
+ Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
+ Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
+ Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
+ Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
+ Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
+ Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
+ Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
+ Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
+ Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
+ Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
+ Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
+ Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
+ YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
+ Тихонов
+
+ — Berlin, 2017-03-01
+
+CHANGES WITH 232:
+
+ * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
+ RestrictAddressFamilies= enabled. These sandboxing options should
+ generally be compatible with the various external udev call-out
+ binaries we are aware of, however there may be exceptions, in
+ particular when exotic languages for these call-outs are used. In
+ this case, consider turning off these settings locally.
+
+ * The new RemoveIPC= option can be used to remove IPC objects owned by
+ the user or group of a service when that service exits.
+
+ * The new ProtectKernelModules= option can be used to disable explicit
+ load and unload operations of kernel modules by a service. In
+ addition access to /usr/lib/modules is removed if this option is set.
+
+ * ProtectSystem= option gained a new value "strict", which causes the
+ whole file system tree with the exception of /dev, /proc, and /sys,
+ to be remounted read-only for a service.
+
+ * The new ProtectKernelTunables= option can be used to disable
+ modification of configuration files in /sys and /proc by a service.
+ Various directories and files are remounted read-only, so access is
+ restricted even if the file permissions would allow it.
+
+ * The new ProtectControlGroups= option can be used to disable write
+ access by a service to /sys/fs/cgroup.
+
+ * Various systemd services have been hardened with
+ ProtectKernelTunables=yes, ProtectControlGroups=yes,
+ RestrictAddressFamilies=.
+
+ * Support for dynamically creating users for the lifetime of a service
+ has been added. If DynamicUser=yes is specified, user and group IDs
+ will be allocated from the range 61184..65519 for the lifetime of the
+ service. They can be resolved using the new nss-systemd.so NSS
+ module. The module must be enabled in /etc/nsswitch.conf. Services
+ started in this way have PrivateTmp= and RemoveIPC= enabled, so that
+ any resources allocated by the service will be cleaned up when the
+ service exits. They also have ProtectHome=read-only and
+ ProtectSystem=strict enabled, so they are not able to make any
+ permanent modifications to the system.
+
+ * The nss-systemd module also always resolves root and nobody, making
+ it possible to have no /etc/passwd or /etc/group files in minimal
+ container or chroot environments.
+
+ * Services may be started with their own user namespace using the new
+ boolean PrivateUsers= option. Only root, nobody, and the uid/gid
+ under which the service is running are mapped. All other users are
+ mapped to nobody.
+
+ * Support for the cgroup namespace has been added to systemd-nspawn. If
+ supported by kernel, the container system started by systemd-nspawn
+ will have its own view of the cgroup hierarchy. This new behaviour
+ can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
+
+ * The new MemorySwapMax= option can be used to limit the maximum swap
+ usage under the unified cgroup hierarchy.
+
+ * Support for the CPU controller in the unified cgroup hierarchy has
+ been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
+ options. This controller requires out-of-tree patches for the kernel
+ and the support is provisional.
+
+ * Mount and automount units may now be created transiently
+ (i.e. dynamically at runtime via the bus API, instead of requiring
+ unit files in the file system).
+
+ * systemd-mount is a new tool which may mount file systems – much like
+ mount(8), optionally pulling in additional dependencies through
+ transient .mount and .automount units. For example, this tool
+ automatically runs fsck on a backing block device before mounting,
+ and allows the automount logic to be used dynamically from the
+ command line for establishing mount points. This tool is particularly
+ useful when dealing with removable media, as it will ensure fsck is
+ run – if necessary – before the first access and that the file system
+ is quickly unmounted after each access by utilizing the automount
+ logic. This maximizes the chance that the file system on the
+ removable media stays in a clean state, and if it isn't in a clean
+ state is fixed automatically.
+
+ * LazyUnmount=yes option for mount units has been added to expose the
+ umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
+ option.
+
+ * /efi will be used as the mount point of the EFI boot partition, if
+ the directory is present, and the mount point was not configured
+ through other means (e.g. fstab). If /efi directory does not exist,
+ /boot will be used as before. This makes it easier to automatically
+ mount the EFI partition on systems where /boot is used for something
+ else.
+
+ * When operating on GPT disk images for containers, systemd-nspawn will
+ now mount the ESP to /boot or /efi according to the same rules as PID
+ 1 running on a host. This allows tools like "bootctl" to operate
+ correctly within such containers, in order to make container images
+ bootable on physical systems.
+
+ * disk/by-id and disk/by-path symlinks are now created for NVMe drives.
+
+ * Two new user session targets have been added to support running
+ graphical sessions under the systemd --user instance:
+ graphical-session.target and graphical-session-pre.target. See
+ systemd.special(7) for a description of how those targets should be
+ used.
+
+ * The vconsole initialization code has been significantly reworked to
+ use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
+ support unicode keymaps. Font and keymap configuration will now be
+ copied to all allocated virtual consoles.
+
+ * FreeBSD's bhyve virtualization is now detected.
+
+ * Information recorded in the journal for core dumps now includes the
+ contents of /proc/mountinfo and the command line of the process at
+ the top of the process hierarchy (which is usually the init process
+ of the container).
+
+ * systemd-journal-gatewayd learned the --directory= option to serve
+ files from the specified location.
+
+ * journalctl --root=… can be used to peruse the journal in the
+ /var/log/ directories inside of a container tree. This is similar to
+ the existing --machine= option, but does not require the container to
+ be active.
+
+ * The hardware database has been extended to support
+ ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
+ trackball devices.
+
+ MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
+ specify the click rate for mice which include a horizontal wheel with
+ a click rate that is different than the one for the vertical wheel.
+
+ * systemd-run gained a new --wait option that makes service execution
+ synchronous. (Specifically, the command will not return until the
+ specified service binary exited.)
+
+ * systemctl gained a new --wait option that causes the start command to
+ wait until the units being started have terminated again.
+
+ * A new journal output mode "short-full" has been added which displays
+ timestamps with abbreviated English day names and adds a timezone
+ suffix. Those timestamps include more information than the default
+ "short" output mode, and can be passed directly to journalctl's
+ --since= and --until= options.
+
+ * /etc/resolv.conf will be bind-mounted into containers started by
+ systemd-nspawn, if possible, so any changes to resolv.conf contents
+ are automatically propagated to the container.
+
+ * The number of instances for socket-activated services originating
+ from a single IP address can be limited with
+ MaxConnectionsPerSource=, extending the existing setting of
+ MaxConnections=.
+
+ * systemd-networkd gained support for vcan ("Virtual CAN") interface
+ configuration.
+
+ * .netdev and .network configuration can now be extended through
+ drop-ins.
+
+ * UDP Segmentation Offload, TCP Segmentation Offload, Generic
+ Segmentation Offload, Generic Receive Offload, Large Receive Offload
+ can be enabled and disabled using the new UDPSegmentationOffload=,
+ TCPSegmentationOffload=, GenericSegmentationOffload=,
+ GenericReceiveOffload=, LargeReceiveOffload= options in the
+ [Link] section of .link files.
+
+ * The Spanning Tree Protocol, Priority, Aging Time, and the Default
+ Port VLAN ID can be configured for bridge devices using the new STP=,
+ Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
+ section of .netdev files.
+
+ * The route table to which routes received over DHCP or RA should be
+ added can be configured with the new RouteTable= option in the [DHCP]
+ and [IPv6AcceptRA] sections of .network files.
+
+ * The Address Resolution Protocol can be disabled on links managed by
+ systemd-networkd using the ARP=no setting in the [Link] section of
+ .network files.
+
+ * New environment variables $SERVICE_RESULT, $EXIT_CODE and
+ $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
+ encode information about the result and exit codes of the current
+ service runtime cycle.
+
+ * systemd-sysctl will now configure kernel parameters in the order
+ they occur in the configuration files. This matches what sysctl
+ has been traditionally doing.
+
+ * kernel-install "plugins" that are executed to perform various
+ tasks after a new kernel is added and before an old one is removed
+ can now return a special value to terminate the procedure and
+ prevent any later plugins from running.
+
+ * Journald's SplitMode=login setting has been deprecated. It has been
+ removed from documentation, and its use is discouraged. In a future
+ release it will be completely removed, and made equivalent to current
+ default of SplitMode=uid.
+
+ * Storage=both option setting in /etc/systemd/coredump.conf has been
+ removed. With fast LZ4 compression storing the core dump twice is not
+ useful.
+
+ * The --share-system systemd-nspawn option has been replaced with an
+ (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
+ this functionality is discouraged. In addition the variables
+ $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
+ $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
+ individual namespaces.
+
+ * "machinectl list" now shows the IP address of running containers in
+ the output, as well as OS release information.
+
+ * "loginctl list" now shows the TTY of each session in the output.
+
+ * sd-bus gained new API calls sd_bus_track_set_recursive(),
+ sd_bus_track_get_recursive(), sd_bus_track_count_name(),
+ sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
+ tracking objects in a "recursive" mode, where a single client can be
+ counted multiple times, if it takes multiple references.
+
+ * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
+ sd_bus_get_exit_on_disconnect(). They may be used to to make a
+ process using sd-bus automatically exit if the bus connection is
+ severed.
+
+ * Bus clients of the service manager may now "pin" loaded units into
+ memory, by taking an explicit reference on them. This is useful to
+ ensure the client can retrieve runtime data about the service even
+ after the service completed execution. Taking such a reference is
+ available only for privileged clients and should be helpful to watch
+ running services in a race-free manner, and in particular collect
+ information about exit statuses and results.
+
+ * The nss-resolve module has been changed to strictly return UNAVAIL
+ when communication via D-Bus with resolved failed, and NOTFOUND when
+ a lookup completed but was negative. This means it is now possible to
+ neatly configure fallbacks using nsswitch.conf result checking
+ expressions. Taking benefit of this, the new recommended
+ configuration line for the "hosts" entry in /etc/nsswitch.conf is:
+
+ hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+
+ * A new setting CtrlAltDelBurstAction= has been added to
+ /etc/systemd/system.conf which may be used to configure the precise
+ behaviour if the user on the console presses Ctrl-Alt-Del more often
+ than 7 times in 2s. Previously this would unconditionally result in
+ an expedited, immediate reboot. With this new setting the precise
+ operation may be configured in more detail, and also turned off
+ entirely.
+
+ * In .netdev files two new settings RemoteChecksumTx= and
+ RemoteChecksumRx= are now understood that permit configuring the
+ remote checksumming logic for VXLAN networks.
+
+ * The service manager learnt a new "invocation ID" concept for invoked
+ services. Each runtime cycle of a service will get a new invocation
+ ID (a 128bit random UUID) assigned that identifies the current
+ run of the service uniquely and globally. A new invocation ID
+ is generated each time a service starts up. The journal will store
+ the invocation ID of a service along with any logged messages, thus
+ making the invocation ID useful for matching the online runtime of a
+ service with the offline log data it generated in a safe way without
+ relying on synchronized timestamps. In many ways this new service
+ invocation ID concept is similar to the kernel's boot ID concept that
+ uniquely and globally identifies the runtime of each boot. The
+ invocation ID of a service is passed to the service itself via an
+ environment variable ($INVOCATION_ID). A new bus call
+ GetUnitByInvocationID() has been added that is similar to GetUnit()
+ but instead of retrieving the bus path for a unit by its name
+ retrieves it by its invocation ID. The returned path is valid only as
+ long as the passed invocation ID is current.
+
+ * systemd-resolved gained a new "DNSStubListener" setting in
+ resolved.conf. It either takes a boolean value or the special values
+ "udp" and "tcp", and configures whether to enable the stub DNS
+ listener on 127.0.0.53:53.
+
+ * IP addresses configured via networkd may now carry additional
+ configuration settings supported by the kernel. New options include:
+ HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
+ PrefixRoute=, AutoJoin=.
+
+ * The PAM configuration fragment file for "user@.service" shipped with
+ systemd (i.e. the --user instance of systemd) has been stripped to
+ the minimum necessary to make the system boot. Previously, it
+ contained Fedora-specific stanzas that did not apply to other
+ distributions. It is expected that downstream distributions add
+ additional configuration lines, matching their needs to this file,
+ using it only as rough template of what systemd itself needs. Note
+ that this reduced fragment does not even include an invocation of
+ pam_limits which most distributions probably want to add, even though
+ systemd itself does not need it. (There's also the new build time
+ option --with-pamconfdir=no to disable installation of the PAM
+ fragment entirely.)
+
+ * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
+ capability is now also dropped from its set (in addition to
+ CAP_SYS_MKNOD as before).
+
+ * In service unit files it is now possible to connect a specific named
+ file descriptor with stdin/stdout/stdout of an executed service. The
+ name may be specified in matching .socket units using the
+ FileDescriptorName= setting.
+
+ * A number of journal settings may now be configured on the kernel
+ command line. Specifically, the following options are now understood:
+ systemd.journald.max_level_console=,
+ systemd.journald.max_level_store=,
+ systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
+ systemd.journald.max_level_wall=.
+
+ * "systemctl is-enabled --full" will now show by which symlinks a unit
+ file is enabled in the unit dependency tree.
+
+ * Support for VeraCrypt encrypted partitions has been added to the
+ "cryptsetup" logic and /etc/crypttab.
+
+ * systemd-detect-virt gained support for a new --private-users switch
+ that checks whether the invoking processes are running inside a user
+ namespace. Similar, a new special value "private-users" for the
+ existing ConditionVirtualization= setting has been added, permitting
+ skipping of specific units in user namespace environments.
+
+ Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
+ Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
+ Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
+ Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
+ Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
+ Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
+ Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
+ Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
+ Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
+ Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
+ Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
+ Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
+ Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
+ Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
+ Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
+ Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
+ Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
+ Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
+ Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
+ Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
+ Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
+ Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
+ Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
+ Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
+ E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zeal Jagannatha
+
+ — Santa Fe, 2016-11-03
+