systemd System and Service Manager
+CHANGES WITH 206:
+
+ * The systemd-sysctl tool does no longer natively read the
+ file /etc/sysctl.conf. If desired, the file should be
+ symlinked from /etc/sysctl.d/99-sysctl.conf. Apart from
+ providing legacy support by a symlink rather than built-in
+ code, it also makes the otherwise hidden order of application
+ of the different files visible.
+
+CHANGES WITH 206:
+
+ * The documentation has been updated to cover the various new
+ concepts introduced with 205.
+
+ * Unit files now understand the new %v specifier which
+ resolves to the kernel version string as returned by "uname
+ -r".
+
+ * systemctl now supports filtering the unit list output by
+ load state, active state and sub state, using the new
+ --state= parameter.
+
+ * "systemctl status" will now show the results of the
+ condition checks (like ConditionPathExists= and similar) of
+ the last start attempts of the unit. They are also logged to
+ the journal.
+
+ * "journalctl -b" may now be used to look for boot output of a
+ specific boot. Try "journalctl -b -1" for the previous boot,
+ but the syntax is substantially more powerful.
+
+ * "journalctl --show-cursor" has been added which prints the
+ cursor string the last shown log line. This may then be used
+ with the new "journalctl --after-cursor=" switch to continue
+ browsing logs from that point on.
+
+ * "journalctl --force" may now be used to force regeneration
+ of an FSS key.
+
+ * Creation of "dead" device nodes has been moved from udev
+ into kmod and tmpfiles. Previously, udev would read the kmod
+ databases to pre-generate dead device nodes based on meta
+ information contained in kernel modules, so that these would
+ be auto-loaded on access rather then at boot. As this
+ doesn't really have much to do with the exposing actual
+ kernel devices to userspace this has always been slightly
+ alien in the udev codebase. Following the new scheme kmod
+ will now generate a runtime snippet for tmpfiles from the
+ module meta information and it now is tmpfiles' job to the
+ create the nodes. This also allows overriding access and
+ other parameters for the nodes using the usual tmpfiles
+ facilities. As side effect this allows us to remove the
+ CAP_SYS_MKNOD capability bit from udevd entirely.
+
+ * logind's device ACLs may now be applied to these "dead"
+ devices nodes too, thus finally allowing managed access to
+ devices such as /dev/snd/sequencer whithout loading the
+ backing module right-away.
+
+ * A new RPM macro has been added that may be used to apply
+ tmpfiles configuration during package installation.
+
+ * systemd-detect-virt and ConditionVirtualization= now can
+ detect User-Mode-Linux machines (UML).
+
+ * journald will now implicitly log the effective capabilities
+ set of processes in the message metadata.
+
+ * systemd-cryptsetup has gained support for TrueCrypt volumes.
+
+ * The initrd interface has been simplified (more specifically,
+ support for passing performance data via environment
+ variables and fsck results via files in /run has been
+ removed). These features were non-essential, and are
+ nowadays available in a much nicer way by having systemd in
+ the initrd serialize its state and have the hosts systemd
+ deserialize it again.
+
+ * The udev "keymap" data files and tools to apply keyboard
+ specific mappings of scan to key codes, and force-release
+ scan code lists have been entirely replaced by a udev
+ "keyboard" builtin and a hwdb data file.
+
+ * systemd will now honour the kernel's "quiet" command line
+ argument also during late shutdown, resulting in a
+ completely silent shutdown when used.
+
+ * There's now an option to control the SO_REUSEPORT socket
+ option in .socket units.
+
+ * Instance units will now automatically get a per-template
+ subslice of system.slice unless something else is explicitly
+ configured. For example, instances of sshd@.service will now
+ implicitly be placed in system-sshd.slice rather than
+ system.slice as before.
+
+ * Test coverage support may now be enabled at build time.
+
+ Contributions from: Dave Reisner, Frederic Crozat, Harald
+ Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
+ Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
+ Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
+ Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
+ Giokas, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 205:
+
+ * Two new unit types have been introduced:
+
+ Scope units are very similar to service units, however, are
+ created out of pre-existing processes -- instead of PID 1
+ forking off the processes. By using scope units it is
+ possible for system services and applications to group their
+ own child processes (worker processes) in a powerful way
+ which then maybe used to organize them, or kill them
+ together, or apply resource limits on them.
+
+ Slice units may be used to partition system resources in an
+ hierarchial fashion and then assign other units to them. By
+ default there are now three slices: system.slice (for all
+ system services), user.slice (for all user sessions),
+ machine.slice (for VMs and containers).
+
+ Slices and scopes have been introduced primarily in
+ context of the work to move cgroup handling to a
+ single-writer scheme, where only PID 1
+ creates/removes/manages cgroups.
+
+ * There's a new concept of "transient" units. In contrast to
+ normal units these units are created via an API at runtime,
+ not from configuration from disk. More specifically this
+ means it is now possible to run arbitrary programs as
+ independent services, with all execution parameters passed
+ in via bus APIs rather than read from disk. Transient units
+ make systemd substantially more dynamic then it ever was,
+ and useful as a general batch manager.
+
+ * logind has been updated to make use of scope and slice units
+ for managing user sessions. As a user logs in he will get
+ his own private slice unit, to which all sessions are added
+ as scope units. We also added support for automatically
+ adding an instance of user@.service for the user into the
+ slice. Effectively logind will no longer create cgroup
+ hierarchies on its own now, it will defer entirely to PID 1
+ for this by means of scope, service and slice units. Since
+ user sessions this way become entities managed by PID 1
+ the output of "systemctl" is now a lot more comprehensive.
+
+ * A new mini-daemon "systemd-machined" has been added which
+ may be used by virtualization managers to register local
+ VMs/containers. nspawn has been updated accordingly, and
+ libvirt will be updated shortly. machined will collect a bit
+ of meta information about the VMs/containers, and assign
+ them their own scope unit (see above). The collected
+ meta-data is then made available via the "machinectl" tool,
+ and exposed in "ps" and similar tools. machined/machinectl
+ is compile-time optional.
+
+ * As discussed earlier, the low-level cgroup configuration
+ options ControlGroup=, ControlGroupModify=,
+ ControlGroupPersistent=, ControlGroupAttribute= have been
+ removed. Please use high-level attribute settings instead as
+ well as slice units.
+
+ * A new bus call SetUnitProperties() has been added to alter
+ various runtime parameters of a unit. This is primarily
+ useful to alter cgroup parameters dynamically in a nice way,
+ but will be extended later on to make more properties
+ modifiable at runtime. systemctl gained a new set-properties
+ command that wraps this call.
+
+ * A new tool "systemd-run" has been added which can be used to
+ run arbitrary command lines as transient services or scopes,
+ while configuring a number of settings via the command
+ line. This tool is currently very basic, however already
+ very useful. We plan to extend this tool to even allow
+ queuing of execution jobs with time triggers from the
+ command line, similar in fashion to "at".
+
+ * nspawn will now inform the user explicitly that kernels with
+ audit enabled break containers, and suggest the user to turn
+ off audit.
+
+ * Support for detecting the IMA and AppArmor security
+ frameworks with ConditionSecurity= has been added.
+
+ * journalctl gained a new "-k" switch for showing only kernel
+ messages, mimicking dmesg output; in addition to "--user"
+ and "--system" switches for showing only user's own logs
+ and system logs.
+
+ * systemd-delta can now show information about drop-in
+ snippets extending unit files.
+
+ * libsystemd-bus has been substantially updated but is still
+ not available as public API.
+
+ * systemd will now look for the "debug" argument on the kernel
+ command line and enable debug logging, similar to
+ "systemd.log_level=debug" already did before.
+
+ * "systemctl set-default", "systemctl get-default" has been
+ added to configure the default.target symlink, which
+ controls what to boot into by default.
+
+ * "systemctl set-log-level" has been added as a convenient
+ way to raise and lower systemd logging threshold.
+
+ * "systemd-analyze plot" will now show the time the various
+ generators needed for execution, as well as information
+ about the unit file loading.
+
+ * libsystemd-journal gained a new sd_journal_open_files() call
+ for opening specific journal files. journactl also gained a
+ new switch to expose this new functionality. Previously we
+ only supported opening all files from a directory, or all
+ files from the system, as opening individual files only is
+ racy due to journal file rotation.
+
+ * systemd gained the new DefaultEnvironment= setting in
+ /etc/systemd/system.conf to set environment variables for
+ all services.
+
+ * If a privileged process logs a journal message with the
+ OBJECT_PID= field set, then journald will automatically
+ augment this with additional OBJECT_UID=, OBJECT_GID=,
+ OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+ system services want to log events about specific client
+ processes. journactl/systemctl has been updated to make use
+ of this information if all log messages regarding a specific
+ unit is requested.
+
+ Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
+ Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
+ Reisner, David Coppa, David King, David Strauss, Eelco
+ Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
+ Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
+ Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
+ Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
+ Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
+ Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
+ Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
+ Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
+ Łukasz Stelmach, 장동준
+
+CHANGES WITH 204:
+
+ * The Python bindings gained some minimal support for the APIs
+ exposed by libsystemd-logind.
+
+ * ConditionSecurity= gained support for detecting SMACK. Since
+ this condition already supports SELinux and AppArmor we only
+ miss IMA for this. Patches welcome!
+
+ Contributions from: Karol Lewandowski, Lennart Poettering,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 203:
+
+ * systemd-nspawn will now create /etc/resolv.conf if
+ necessary, before bind-mounting the host's file onto it.
+
+ * systemd-nspawn will now store meta information about a
+ container on the container's cgroup as extended attribute
+ fields, including the root directory.
+
+ * The cgroup hierarchy has been reworked in many ways. All
+ objects any of the components systemd creates in the cgroup
+ tree are now suffixed. More specifically, user sessions are
+ now placed in cgroups suffixed with ".session", users in
+ cgroups suffixed with ".user", and nspawn containers in
+ cgroups suffixed with ".nspawn". Furthermore, all cgroup
+ names are now escaped in a simple scheme to avoid collision
+ of userspace object names with kernel filenames. This work
+ is preparation for making these objects relocatable in the
+ cgroup tree, in order to allow easy resource partitioning of
+ these objects without causing naming conflicts.
+
+ * systemctl list-dependencies gained the new switches
+ --plain, --reverse, --after and --before.
+
+ * systemd-inhibit now shows the process name of processes that
+ have taken an inhibitor lock.
+
+ * nss-myhostname will now also resolve "localhost"
+ implicitly. This makes /etc/hosts an optional file and
+ nicely handles that on IPv6 ::1 maps to both "localhost" and
+ the local hostname.
+
+ * libsystemd-logind.so gained a new call
+ sd_get_machine_names() to enumerate running containers and
+ VMs (currently only supported by very new libvirt and
+ nspawn). sd_login_monitor can now be used to watch
+ VMs/containers coming and going.
+
+ * .include is not allowed recursively anymore, and only in
+ unit files. Usually it is better to use drop-in snippets in
+ .d/*.conf anyway, as introduced with systemd 198.
+
+ * systemd-analyze gained a new "critical-chain" command that
+ determines the slowest chain of units run during system
+ boot-up. It is very useful for tracking down where
+ optimizing boot time is the most beneficial.
+
+ * systemd will no longer allow manipulating service paths in
+ the name=systemd:/system cgroup tree using ControlGroup= in
+ units. (But is still fine with it in all other dirs.)
+
+ * There's a new systemd-nspawn@.service service file that may
+ be used to easily run nspawn containers as system
+ services. With the container's root directory in
+ /var/lib/container/foobar it is now sufficient to run
+ "systemctl start systemd-nspawn@foobar.service" to boot it.
+
+ * systemd-cgls gained a new parameter "--machine" to list only
+ the processes within a certain container.
+
+ * ConditionSecurity= now can check for "apparmor". We still
+ are lacking checks for SMACK and IMA for this condition
+ check though. Patches welcome!
+
+ * A new configuration file /etc/systemd/sleep.conf has been
+ added that may be used to configure which kernel operation
+ systemd is supposed to execute when "suspend", "hibernate"
+ or "hybrid-sleep" is requested. This makes the new kernel
+ "freeze" state accessible to the user.
+
+ * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
+ the passed argument if applicable.
+
+ Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
+ Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
+ MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
+ Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
+ Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
+ Jędrzejewski-Szmek
+
+CHANGES WITH 202:
+
+ * The output of 'systemctl list-jobs' got some polishing. The
+ '--type=' argument may now be passed more than once. A new
+ command 'systemctl list-sockets' has been added which shows
+ a list of kernel sockets systemd is listening on with the
+ socket units they belong to, plus the units these socket
+ units activate.
+
+ * The experimental libsystemd-bus library got substantial
+ updates to work in conjunction with the (also experimental)
+ kdbus kernel project. It works well enough to exchange
+ messages with some sophistication. Note that kdbus is not
+ ready yet, and the library is mostly an elaborate test case
+ for now, and not installable.
+
+ * systemd gained a new unit 'systemd-static-nodes.service'
+ that generates static device nodes earlier during boot, and
+ can run in conjunction with udev.
+
+ * libsystemd-login gained a new call sd_pid_get_user_unit()
+ to retrieve the user systemd unit a process is running
+ in. This is useful for systems where systemd is used as
+ session manager.
+
+ * systemd-nspawn now places all containers in the new /machine
+ top-level cgroup directory in the name=systemd
+ hierarchy. libvirt will soon do the same, so that we get a
+ uniform separation of /system, /user and /machine for system
+ services, user processes and containers/virtual
+ machines. This new cgroup hierarchy is also useful to stick
+ stable names to specific container instances, which can be
+ recognized later this way (this name may be controlled
+ via systemd-nspawn's new -M switch). libsystemd-login also
+ gained a new call sd_pid_get_machine_name() to retrieve the
+ name of the container/VM a specific process belongs to.
+
+ * bootchart can now store its data in the journal.
+
+ * libsystemd-journal gained a new call
+ sd_journal_add_conjunction() for AND expressions to the
+ matching logic. This can be used to express more complex
+ logical expressions.
+
+ * journactl can now take multiple --unit= and --user-unit=
+ switches.
+
+ * The cryptsetup logic now understands the "luks.key=" kernel
+ command line switch for specifying a file to read the
+ decryption key from. Also, if a configured key file is not
+ found the tool will now automatically fall back to prompting
+ the user.
+
+ * Python systemd.journal module was updated to wrap recently
+ added functions from libsystemd-journal. The interface was
+ changed to bring the low level interface in s.j._Reader
+ closer to the C API, and the high level interface in
+ s.j.Reader was updated to wrap and convert all data about
+ an entry.
+
+ Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
+ Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
+ Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
+ Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
+ Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 201:
+
+ * journalctl --update-catalog now understands a new --root=
+ option to operate on catalogs found in a different root
+ directory.
+
+ * During shutdown after systemd has terminated all running
+ services a final killing loop kills all remaining left-over
+ processes. We will now print the name of these processes
+ when we send SIGKILL to them, since this usually indicates a
+ problem.
+
+ * If /etc/crypttab refers to password files stored on
+ configured mount points automatic dependencies will now be
+ generated to ensure the specific mount is established first
+ before the key file is attempted to be read.
+
+ * 'systemctl status' will now show information about the
+ network sockets a socket unit is listening on.
+
+ * 'systemctl status' will also shown information about any
+ drop-in configuration file for units. (Drop-In configuration
+ files in this context are files such as
+ /etc/systemd/systemd/foobar.service.d/*.conf)
+
+ * systemd-cgtop now optionally shows summed up CPU times of
+ cgroups. Press '%' while running cgtop to switch between
+ percentage and absolute mode. This is useful to determine
+ which cgroups use up the most CPU time over the entire
+ runtime of the system. systemd-cgtop has also been updated
+ to be 'pipeable' for processing with further shell tools.
+
+ * 'hostnamectl set-hostname' will now allow setting of FQDN
+ hostnames.
+
+ * The formatting and parsing of time span values has been
+ changed. The parser now understands fractional expressions
+ such as "5.5h". The formatter will now output fractional
+ expressions for all time spans under 1min, i.e. "5.123456s"
+ rather than "5s 123ms 456us". For time spans under 1s
+ millisecond values are shown, for those under 1ms
+ microsecond values are shown. This should greatly improve
+ all time-related output of systemd.
+
+ * libsystemd-login and libsystemd-journal gained new
+ functions for querying the poll() events mask and poll()
+ timeout value for integration into arbitrary event
+ loops.
+
+ * localectl gained the ability to list available X11 keymaps
+ (models, layouts, variants, options).
+
+ * 'systemd-analyze dot' gained the ability to filter for
+ specific units via shell-style globs, to create smaller,
+ more useful graphs. I.e. it's now possible to create simple
+ graphs of all the dependencies between only target units, or
+ of all units that Avahi has dependencies with.
+
+ Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
+ Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
+ Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
+ Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
+ Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
+ Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
+ Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
+
+CHANGES WITH 200:
+
+ * The boot-time readahead implementation for rotating media
+ will now read the read-ahead data in multiple passes which
+ consist of all read requests made in equidistant time
+ intervals. This means instead of strictly reading read-ahead
+ data in its physical order on disk we now try to find a
+ middle ground between physical and access time order.
+
+ * /etc/os-release files gained a new BUILD_ID= field for usage
+ on operating systems that provide continuous builds of OS
+ images.
+
+ Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
+ Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
+ William Douglas, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 199:
+
+ * systemd-python gained an API exposing libsystemd-daemon.
+
+ * The SMACK setup logic gained support for uploading CIPSO
+ security policy.
+
+ * Behaviour of PrivateTmp=, ReadWriteDirectories=,
+ ReadOnlyDirectories= and InaccessibleDirectories= has
+ changed. The private /tmp and /var/tmp directories are now
+ shared by all processes of a service (which means
+ ExecStartPre= may now leave data in /tmp that ExecStart= of
+ the same service can still access). When a service is
+ stopped its temporary directories are immediately deleted
+ (normal clean-up with tmpfiles is still done in addition to
+ this though).
+
+ * By default, systemd will now set a couple of sysctl
+ variables in the kernel: the safe sysrq options are turned
+ on, IP route verification is turned on, and source routing
+ disabled. The recently added hardlink and softlink
+ protection of the kernel is turned on. These settings should
+ be reasonably safe, and good defaults for all new systems.
+
+ * The predictable network naming logic may now be turned off
+ with a new kernel command line switch: net.ifnames=0.
+
+ * A new libsystemd-bus module has been added that implements a
+ pretty complete D-Bus client library. For details see:
+
+ http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
+
+ * journald will now explicitly flush the journal files to disk
+ at the latest 5min after each write. The file will then also
+ be marked offline until the next write. This should increase
+ reliability in case of a crash. The synchronization delay
+ can be configured via SyncIntervalSec= in journald.conf.
+
+ * There's a new remote-fs-setup.target unit that can be used
+ to pull in specific services when at least one remote file
+ system is to be mounted.
+
+ * There are new targets timers.target and paths.target as
+ canonical targets to pull user timer and path units in
+ from. This complements sockets.target with a similar
+ purpose for socket units.
+
+ * libudev gained a new call udev_device_set_attribute_value()
+ to set sysfs attributes of a device.
+
+ * The udev daemon now sets the default number of worker
+ processes executed in parallel based on the number of available
+ CPUs instead of the amount of available RAM. This is supposed
+ to provide a more reliable default and limit a too aggressive
+ paralellism for setups with 1000s of devices connected.
+
+ Contributions from: Auke Kok, Colin Walters, Cristian
+ Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
+ Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
+ Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
+ Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
+ Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
+ Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
+ Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 198:
+
+ * Configuration of unit files may now be extended via drop-in
+ files without having to edit/override the unit files
+ themselves. More specifically, if the administrator wants to
+ change one value for a service file foobar.service he can
+ now do so by dropping in a configuration snippet into
+ /etc/systemd/system/foobar.service.d/*.conf. The unit logic
+ will load all these snippets and apply them on top of the
+ main unit configuration file, possibly extending or
+ overriding its settings. Using these drop-in snippets is
+ generally nicer than the two earlier options for changing
+ unit files locally: copying the files from
+ /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
+ them there; or creating a new file in /etc/systemd/system/
+ that incorporates the original one via ".include". Drop-in
+ snippets into these .d/ directories can be placed in any
+ directory systemd looks for units in, and the usual
+ overriding semantics between /usr/lib, /etc and /run apply
+ for them too.
+
+ * Most unit file settings which take lists of items can now be
+ reset by assigning the empty string to them. For example,
+ normally, settings such as Environment=FOO=BAR append a new
+ environment variable assignment to the environment block,
+ each time they are used. By assigning Environment= the empty
+ string the environment block can be reset to empty. This is
+ particularly useful with the .d/*.conf drop-in snippets
+ mentioned above, since this adds the ability to reset list
+ settings from vendor unit files via these drop-ins.
+
+ * systemctl gained a new "list-dependencies" command for
+ listing the dependencies of a unit recursively.
+
+ * Inhibitors are now honored and listed by "systemctl
+ suspend", "systemctl poweroff" (and similar) too, not only
+ GNOME. These commands will also list active sessions by
+ other users.
+
+ * Resource limits (as exposed by the various control group
+ controllers) can now be controlled dynamically at runtime
+ for all units. More specifically, you can now use a command
+ like "systemctl set-cgroup-attr foobar.service cpu.shares
+ 2000" to alter the CPU shares a specific service gets. These
+ settings are stored persistently on disk, and thus allow the
+ administrator to easily adjust the resource usage of
+ services with a few simple commands. This dynamic resource
+ management logic is also available to other programs via the
+ bus. Almost any kernel cgroup attribute and controller is
+ supported.
+
+ * systemd-vconsole-setup will now copy all font settings to
+ all allocated VTs, where it previously applied them only to
+ the foreground VT.
+
+ * libsystemd-login gained the new sd_session_get_tty() API
+ call.
+
+ * This release drops support for a few legacy or
+ distribution-specific LSB facility names when parsing init
+ scripts: $x-display-manager, $mail-transfer-agent,
+ $mail-transport-agent, $mail-transfer-agent, $smtp,
+ $null. Also, the mail-transfer-agent.target unit backing
+ this has been removed. Distributions which want to retain
+ compatibility with this should carry the burden for
+ supporting this themselves and patch support for these back
+ in, if they really need to. Also, the facilities $syslog and
+ $local_fs are now ignored, since systemd does not support
+ early-boot LSB init scripts anymore, and these facilities
+ are implied anyway for normal services. syslog.target has
+ also been removed.
+
+ * There are new bus calls on PID1's Manager object for
+ cancelling jobs, and removing snapshot units. Previously,
+ both calls were only available on the Job and Snapshot
+ objects themselves.
+
+ * systemd-journal-gatewayd gained SSL support.
+
+ * The various "environment" files, such as /etc/locale.conf
+ now support continuation lines with a backslash ("\") as
+ last character in the line, similar in style (but different)
+ to how this is supported in shells.
+
+ * For normal user processes the _SYSTEMD_USER_UNIT= field is
+ now implicitly appended to every log entry logged. systemctl
+ has been updated to filter by this field when operating on a
+ user systemd instance.
+
+ * nspawn will now implicitly add the CAP_AUDIT_WRITE and
+ CAP_AUDIT_CONTROL capabilities to the capabilities set for
+ the container. This makes it easier to boot unmodified
+ Fedora systems in a container, which however still requires
+ audit=0 to be passed on the kernel command line. Auditing in
+ kernel and userspace is unfortunately still too broken in
+ context of containers, hence we recommend compiling it out
+ of the kernel or using audit=0. Hopefully this will be fixed
+ one day for good in the kernel.
+
+ * nspawn gained the new --bind= and --bind-ro= parameters to
+ bind mount specific directories from the host into the
+ container.
+
+ * nspawn will now mount its own devpts file system instance
+ into the container, in order not to leak pty devices from
+ the host into the container.
+
+ * systemd will now read the firmware boot time performance
+ information from the EFI variables, if the used boot loader
+ supports this, and takes it into account for boot performance
+ analysis via "systemd-analyze". This is currently supported
+ only in conjunction with Gummiboot, but could be supported
+ by other boot loaders too. For details see:
+
+ http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
+
+ * A new generator has been added that automatically mounts the
+ EFI System Partition (ESP) to /boot, if that directory
+ exists, is empty, and no other file system has been
+ configured to be mounted there.
+
+ * logind will now send out PrepareForSleep(false) out
+ unconditionally, after coming back from suspend. This may be
+ used by applications as asynchronous notification for
+ system resume events.
+
+ * "systemctl unlock-sessions" has been added, that allows
+ unlocking the screens of all user sessions at once, similar
+ how "systemctl lock-sessions" already locked all users
+ sessions. This is backed by a new D-Bus call UnlockSessions().
+
+ * "loginctl seat-status" will now show the master device of a
+ seat. (i.e. the device of a seat that needs to be around for
+ the seat to be considered available, usually the graphics
+ card).
+
+ * tmpfiles gained a new "X" line type, that allows
+ configuration of files and directories (with wildcards) that
+ shall be excluded from automatic cleanup ("aging").
+
+ * udev default rules set the device node permissions now only
+ at "add" events, and do not change them any longer with a
+ later "change" event.
+
+ * The log messages for lid events and power/sleep keypresses
+ now carry a message ID.
+
+ * We now have a substantially larger unit test suite, but this
+ continues to be work in progress.
+
+ * udevadm hwdb gained a new --root= parameter to change the
+ root directory to operate relative to.
+
+ * logind will now issue a background sync() request to the kernel
+ early at shutdown, so that dirty buffers are flushed to disk early
+ instead of at the last moment, in order to optimize shutdown
+ times a little.
+
+ * A new bootctl tool has been added that is an interface for
+ certain boot loader operations. This is currently a preview
+ and is likely to be extended into a small mechanism daemon
+ like timedated, localed, hostnamed, and can be used by
+ graphical UIs to enumerate available boot options, and
+ request boot into firmware operations.
+
+ * systemd-bootchart has been relicensed to LGPLv2.1+ to match
+ the rest of the package. It also has been updated to work
+ correctly in initrds.
+
+ * Policykit previously has been runtime optional, and is now
+ also compile time optional via a configure switch.
+
+ * systemd-analyze has been reimplemented in C. Also "systemctl
+ dot" has moved into systemd-analyze.
+
+ * "systemctl status" with no further parameters will now print
+ the status of all active or failed units.
+
+ * Operations such as "systemctl start" can now be executed
+ with a new mode "--irreversible" which may be used to queue
+ operations that cannot accidentally be reversed by a later
+ job queuing. This is by default used to make shutdown
+ requests more robust.
+
+ * The Python API of systemd now gained a new module for
+ reading journal files.
+
+ * A new tool kernel-install has been added that can install
+ kernel images according to the Boot Loader Specification:
+
+ http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
+
+ * Boot time console output has been improved to provide
+ animated boot time output for hanging jobs.
+
+ * A new tool systemd-activate has been added which can be used
+ to test socket activation with, directly from the command
+ line. This should make it much easier to test and debug
+ socket activation in daemons.
+
+ * journalctl gained a new "--reverse" (or -r) option to show
+ journal output in reverse order (i.e. newest line first).
+
+ * journalctl gained a new "--pager-end" (or -e) option to jump
+ to immediately jump to the end of the journal in the
+ pager. This is only supported in conjunction with "less".
+
+ * journalctl gained a new "--user-unit=" option, that works
+ similar to "--unit=" but filters for user units rather than
+ system units.
+
+ * A number of unit files to ease adoption of systemd in
+ initrds has been added. This moves some minimal logic from
+ the various initrd implementations into systemd proper.
+
+ * The journal files are now owned by a new group
+ "systemd-journal", which exists specifically to allow access
+ to the journal, and nothing else. Previously, we used the
+ "adm" group for that, which however possibly covers more
+ than just journal/log file access. This new group is now
+ already used by systemd-journal-gatewayd to ensure this
+ daemon gets access to the journal files and as little else
+ as possible. Note that "make install" will also set FS ACLs
+ up for /var/log/journal to give "adm" and "wheel" read
+ access to it, in addition to "systemd-journal" which owns
+ the journal files. We recommend that packaging scripts also
+ add read access to "adm" + "wheel" to /var/log/journal, and
+ all existing/future journal files. To normal users and
+ administrators little changes, however packagers need to
+ ensure to create the "systemd-journal" system group at
+ package installation time.
+
+ * The systemd-journal-gatewayd now runs as unprivileged user
+ systemd-journal-gateway:systemd-journal-gateway. Packaging
+ scripts need to create these system user/group at
+ installation time.
+
+ * timedated now exposes a new boolean property CanNTP that
+ indicates whether a local NTP service is available or not.
+
+ * systemd-detect-virt will now also detect xen PVs
+
+ * The pstore file system is now mounted by default, if it is
+ available.
+
+ * In addition to the SELinux and IMA policies we will now also
+ load SMACK policies at early boot.
+
+ Contributions from: Adel Gadllah, Aleksander Morgado, Auke
+ Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
+ Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
+ Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
+ Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
+ Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
+ Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
+ Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
+ Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
+ Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
+ Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
+ Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
+ Gundersen, Umut Tezduyar, William Giokas, Zbigniew
+ Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
+
+CHANGES WITH 197:
+
+ * Timer units now support calendar time events in addition to
+ monotonic time events. That means you can now trigger a unit
+ based on a calendar time specification such as "Thu,Fri
+ 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
+ or fifth day of any month of the year 2013, given that it is
+ a thursday or friday. This brings timer event support
+ considerably closer to cron's capabilities. For details on
+ the supported calendar time specification language see
+ systemd.time(7).
+
+ * udev now supports a number of different naming policies for
+ network interfaces for predictable names, and a combination
+ of these policies is now the default. Please see this wiki
+ document for details:
+
+ http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
+
+ * Auke Kok's bootchart implementation has been added to the
+ systemd tree. It's an optional component that can graph the
+ boot in quite some detail. It's one of the best bootchart
+ implementations around and minimal in its code and
+ dependencies.
+
+ * nss-myhostname has been integrated into the systemd source
+ tree. nss-myhostname guarantees that the local hostname
+ always stays resolvable via NSS. It has been a weak
+ requirement of systemd-hostnamed since a long time, and
+ since its code is actually trivial we decided to just
+ include it in systemd's source tree. It can be turned off
+ with a configure switch.
+
+ * The read-ahead logic is now capable of properly detecting
+ whether a btrfs file system is on SSD or rotating media, in
+ order to optimize the read-ahead scheme. Previously, it was
+ only capable of detecting this on traditional file systems
+ such as ext4.
+
+ * In udev, additional device properties are now read from the
+ IAB in addition to the OUI database. Also, Bluetooth company
+ identities are attached to the devices as well.
+
+ * In service files %U may be used as specifier that is
+ replaced by the configured user name of the service.
+
+ * nspawn may now be invoked without a controlling TTY. This
+ makes it suitable for invocation as its own service. This
+ may be used to set up a simple containerized server system
+ using only core OS tools.
+
+ * systemd and nspawn can now accept socket file descriptors
+ when they are started for socket activation. This enables
+ implementation of socket activated nspawn
+ containers. i.e. think about autospawning an entire OS image
+ when the first SSH or HTTP connection is received. We expect
+ that similar functionality will also be added to libvirt-lxc
+ eventually.
+
+ * journalctl will now suppress ANSI color codes when
+ presenting log data.
+
+ * systemctl will no longer show control group information for
+ a unit if a the control group is empty anyway.
+
+ * logind can now automatically suspend/hibernate/shutdown the
+ system on idle.
+
+ * /etc/machine-info and hostnamed now also expose the chassis
+ type of the system. This can be used to determine whether
+ the local system is a laptop, desktop, handset or
+ tablet. This information may either be configured by the
+ user/vendor or is automatically determined from ACPI and DMI
+ information if possible.
+
+ * A number of PolicyKit actions are now bound together with
+ "imply" rules. This should simplify creating UIs because
+ many actions will now authenticate similar ones as well.
+
+ * Unit files learnt a new condition ConditionACPower= which
+ may be used to conditionalize a unit depending on whether an
+ AC power source is connected or not, of whether the system
+ is running on battery power.
+
+ * systemctl gained a new "is-failed" verb that may be used in
+ shell scripts and suchlike to check whether a specific unit
+ is in the "failed" state.
+
+ * The EnvironmentFile= setting in unit files now supports file
+ globbing, and can hence be used to easily read a number of
+ environment files at once.
+
+ * systemd will no longer detect and recognize specific
+ distributions. All distribution-specific #ifdeffery has been
+ removed, systemd is now fully generic and
+ distribution-agnostic. Effectively, not too much is lost as
+ a lot of the code is still accessible via explicit configure
+ switches. However, support for some distribution specific
+ legacy configuration file formats has been dropped. We
+ recommend distributions to simply adopt the configuration
+ files everybody else uses now and convert the old
+ configuration from packaging scripts. Most distributions
+ already did that. If that's not possible or desirable,
+ distributions are welcome to forward port the specific
+ pieces of code locally from the git history.
+
+ * When logging a message about a unit systemd will now always
+ log the unit name in the message meta data.
+
+ * localectl will now also discover system locale data that is
+ not stored in locale archives, but directly unpacked.
+
+ * logind will no longer unconditionally use framebuffer
+ devices as seat masters, i.e. as devices that are required
+ to be existing before a seat is considered preset. Instead,
+ it will now look for all devices that are tagged as
+ "seat-master" in udev. By default framebuffer devices will
+ be marked as such, but depending on local systems other
+ devices might be marked as well. This may be used to
+ integrate graphics cards using closed source drivers (such
+ as NVidia ones) more nicely into logind. Note however, that
+ we recommend using the open source NVidia drivers instead,
+ and no udev rules for the closed-source drivers will be
+ shipped from us upstream.
+
+ Contributions from: Adam Williamson, Alessandro Crismani, Auke
+ Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
+ Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
+ Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
+ Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
+ Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
+ Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
+ Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
+ Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
+ Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
+ Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
+ Jędrzejewski-Szmek
+
+CHANGES WITH 196:
+
+ * udev gained support for loading additional device properties
+ from an indexed database that is keyed by vendor/product IDs
+ and similar device identifiers. For the beginning this
+ "hwdb" is populated with data from the well-known PCI and
+ USB database, but also includes PNP, ACPI and OID data. In
+ the longer run this indexed database shall grow into
+ becoming the one central database for non-essential
+ userspace device metadata. Previously, data from the PCI/USB
+ database was only attached to select devices, since the
+ lookup was a relatively expensive operation due to O(n) time
+ complexity (with n being the number of entries in the
+ database). Since this is now O(1), we decided to add in this
+ data for all devices where this is available, by
+ default. Note that the indexed database needs to be rebuilt
+ when new data files are installed. To achieve this you need
+ to update your packaging scripts to invoke "udevadm hwdb
+ --update" after installation of hwdb data files. For
+ RPM-based distributions we introduced the new
+ %udev_hwdb_update macro for this purpose.
+
+ * The Journal gained support for the "Message Catalog", an
+ indexed database to link up additional information with
+ journal entries. For further details please check:
+
+ http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+ The indexed message catalog database also needs to be
+ rebuilt after installation of message catalog files. Use
+ "journalctl --update-catalog" for this. For RPM-based
+ distributions we introduced the %journal_catalog_update
+ macro for this purpose.
+
+ * The Python Journal bindings gained support for the standard
+ Python logging framework.
+
+ * The Journal API gained new functions for checking whether
+ the underlying file system of a journal file is capable of
+ properly reporting file change notifications, or whether
+ applications that want to reflect journal changes "live"
+ need to recheck journal files continuously in appropriate
+ time intervals.
+
+ * It is now possible to set the "age" field for tmpfiles
+ entries to 0, indicating that files matching this entry
+ shall always be removed when the directories are cleaned up.
+
+ * coredumpctl gained a new "gdb" verb which invokes gdb
+ right-away on the selected coredump.
+
+ * There's now support for "hybrid sleep" on kernels that
+ support this, in addition to "suspend" and "hibernate". Use
+ "systemctl hybrid-sleep" to make use of this.
+
+ * logind's HandleSuspendKey= setting (and related settings)
+ now gained support for a new "lock" setting to simply
+ request the screen lock on all local sessions, instead of
+ actually executing a suspend or hibernation.
+
+ * systemd will now mount the EFI variables file system by
+ default.
+
+ * Socket units now gained support for configuration of the
+ SMACK security label.
+
+ * timedatectl will now output the time of the last and next
+ daylight saving change.
+
+ * We dropped support for various legacy and distro-specific
+ concepts, such as insserv, early-boot SysV services
+ (i.e. those for non-standard runlevels such as 'b' or 'S')
+ or ArchLinux /etc/rc.conf support. We recommend the
+ distributions who still need support this to either continue
+ to maintain the necessary patches downstream, or find a
+ different solution. (Talk to us if you have questions!)
+
+ * Various systemd components will now bypass PolicyKit checks
+ for root and otherwise handle properly if PolicyKit is not
+ found to be around. This should fix most issues for
+ PolicyKit-less systems. Quite frankly this should have been
+ this way since day one. It is absolutely our intention to
+ make systemd work fine on PolicyKit-less systems, and we
+ consider it a bug if something doesn't work as it should if
+ PolicyKit is not around.
+
+ * For embedded systems it is now possible to build udev and
+ systemd without blkid and/or kmod support.
+
+ * "systemctl switch-root" is now capable of switching root
+ more than once. I.e. in addition to transitions from the
+ initrd to the host OS it is now possible to transition to
+ further OS images from the host. This is useful to implement
+ offline updating tools.
+
+ * Various other additions have been made to the RPM macros
+ shipped with systemd. Use %udev_rules_update() after
+ installing new udev rules files. %_udevhwdbdir,
+ %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
+ %_sysctldir are now available which resolve to the right
+ directories for packages to place various data files in.
+
+ * journalctl gained the new --full switch (in addition to
+ --all, to disable ellipsation for long messages.
+
+ Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
+ Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
+ Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
+ Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
+ Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
+ Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
+ Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
+ Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
+ Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
+
CHANGES WITH 195:
- * journalctl gained the new --since= and --until= switches to
+ * journalctl gained new --since= and --until= switches to
filter by time. It also now supports nice filtering for
units via --unit=/-u.
- * Type=oneshot services not may use ExecReload= and do the
+ * Type=oneshot services may use ExecReload= and do the
right thing.
* The journal daemon now supports time-based rotation and
* gatewayd/journalctl now supports HTML5/JSON
Server-Sent-Events as output.
- * The SysV init script compatibility logic will no
+ * The SysV init script compatibility logic will now
heuristically determine whether a script supports the
"reload" verb, and only then make this available as
"systemctl reload".
- * "systemctl status --follow" has been removed, use "journal
+ * "systemctl status --follow" has been removed, use "journalctl
-u" instead.
* journald.conf's RuntimeMinSize=, PersistentMinSize= settings
* There's now a new RPM macro definition for the system preset
dir: %_presetdir.
- * journald will now warn if it can't foward a message to the
+ * journald will now warn if it can't forward a message to the
syslog daemon because it's socket is full.
* timedated will no longer write or process /etc/timezone,
the maximum number of iterations to run for. It also gained
-b, to run in batch mode (accepting no input).
- * The suffix ".service" may now be ommited on most systemctl
+ * The suffix ".service" may now be omitted on most systemctl
command lines involving service unit names.
* There's a new bus call in logind to lock all sessions, as
* Show /etc/os-release data in systemd-analyze output
- * Many bugfixes for the journal, including endianess fixes and
+ * Many bugfixes for the journal, including endianness fixes and
ensuring that disk space enforcement works
* sd-login.h is C++ comptaible again
understood to set system wide environment variables
dynamically at boot.
- * We now limit the set of capabilities of systemd-journald.
+ * We now limit the set of capabilities of systemd-journald.
* We now set SIGPIPE to ignore by default, since it only is
useful in shell pipelines, and has little use in general