systemd System and Service Manager
+CHANGES WITH 206:
+
+ * The documentation has been updated to cover the various new
+ concepts introduced with 205.
+
+ * Unit files now understand the new %v specifier which
+ resolves to the kernel version string as returned by "uname
+ -r".
+
+ * systemctl now supports filtering the unit list output by
+ load state, active state and sub state, using the new
+ --state= parameter.
+
+ * "systemctl status" will now show the results of the
+ condition checks (like ConditionPathExists= and similar) of
+ the last start attempts of the unit. They are also logged to
+ the journal.
+
+ * "journalctl -b" may now be used to look for boot output of a
+ specific boot. Try "journalctl -b -1" for the previous boot,
+ but the syntax is substantially more powerful.
+
+ * "journalctl --show-cursor" has been added which prints the
+ cursor string the last shown log line. This may then be used
+ with the new "journalctl --after-cursor=" switch to continue
+ browsing logs from that point on.
+
+ * "journalctl --force" may now be used to force regeneration
+ of an FSS key.
+
+ * Creation of "dead" device nodes has been moved from udev
+ into kmod and tmpfiles. Previously, udev would read the kmod
+ databases to pre-generate dead device nodes based on meta
+ information contained in kernel modules, so that these would
+ be auto-loaded on access rather then at boot. As this
+ doesn't really have much to do with the exposing actual
+ kernel devices to userspace this has always been slightly
+ alien in the udev codebase. Following the new scheme kmod
+ will now generate a runtime snippet for tmpfiles from the
+ module meta information and it now is tmpfiles' job to the
+ create the nodes. This also allows overriding access and
+ other parameters for the nodes using the usual tmpfiles
+ facilities. As side effect this allows us to remove the
+ CAP_SYS_MKNOD capability bit from udevd entirely.
+
+ * logind's device ACLs may now be applied to these "dead"
+ devices nodes too, thus finally allowing managed access to
+ devices such as /dev/snd/sequencer whithout loading the
+ backing module right-away.
+
+ * A new RPM macro has been added that may be used to apply
+ tmpfiles configuration during package installation.
+
+ * systemd-detect-virt and ConditionVirtualization= now can
+ detect User-Mode-Linux machines (UML).
+
+ * journald will now implicitly log the effective capabilities
+ set of processes in the message metadata.
+
+ * systemd-cryptsetup has gained support for TrueCrypt volumes.
+
+ * The initrd interface has been simplified (more specifically,
+ support for passing performance data via environment
+ variables and fsck results via files in /run has been
+ removed). These features were non-essential, and are
+ nowadays available in a much nicer way by having systemd in
+ the initrd serialize its state and have the hosts systemd
+ deserialize it again.
+
+ * The udev "keymap" data files and tools to apply keyboard
+ specific mappings of scan to key codes, and force-release
+ scan code lists have been entirely replaced by a udev
+ "keyboard" builtin and a hwdb data file.
+
+ * systemd will now honour the kernel's "quiet" command line
+ argument also during late shutdown, resulting in a
+ completely silent shutdown when used.
+
+ * There's now an option to control the SO_REUSEPORT socket
+ option in .socket units.
+
+ * Instance units will now automatically get a per-template
+ subslice of system.slice unless something else is explicitly
+ configured. For example, instances of sshd@.service will now
+ implicitly be placed in system-sshd.slice rather than
+ system.slice as before.
+
+ * Test coverage support may now be enabled at build time.
+
+ Contributions from: Dave Reisner, Frederic Crozat, Harald
+ Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
+ Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
+ Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
+ Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
+ Giokas, Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 205:
+
+ * Two new unit types have been introduced:
+
+ Scope units are very similar to service units, however, are
+ created out of pre-existing processes -- instead of PID 1
+ forking off the processes. By using scope units it is
+ possible for system services and applications to group their
+ own child processes (worker processes) in a powerful way
+ which then maybe used to organize them, or kill them
+ together, or apply resource limits on them.
+
+ Slice units may be used to partition system resources in an
+ hierarchial fashion and then assign other units to them. By
+ default there are now three slices: system.slice (for all
+ system services), user.slice (for all user sessions),
+ machine.slice (for VMs and containers).
+
+ Slices and scopes have been introduced primarily in
+ context of the work to move cgroup handling to a
+ single-writer scheme, where only PID 1
+ creates/removes/manages cgroups.
+
+ * There's a new concept of "transient" units. In contrast to
+ normal units these units are created via an API at runtime,
+ not from configuration from disk. More specifically this
+ means it is now possible to run arbitrary programs as
+ independent services, with all execution parameters passed
+ in via bus APIs rather than read from disk. Transient units
+ make systemd substantially more dynamic then it ever was,
+ and useful as a general batch manager.
+
+ * logind has been updated to make use of scope and slice units
+ for managing user sessions. As a user logs in he will get
+ his own private slice unit, to which all sessions are added
+ as scope units. We also added support for automatically
+ adding an instance of user@.service for the user into the
+ slice. Effectively logind will no longer create cgroup
+ hierarchies on its own now, it will defer entirely to PID 1
+ for this by means of scope, service and slice units. Since
+ user sessions this way become entities managed by PID 1
+ the output of "systemctl" is now a lot more comprehensive.
+
+ * A new mini-daemon "systemd-machined" has been added which
+ may be used by virtualization managers to register local
+ VMs/containers. nspawn has been updated accordingly, and
+ libvirt will be updated shortly. machined will collect a bit
+ of meta information about the VMs/containers, and assign
+ them their own scope unit (see above). The collected
+ meta-data is then made available via the "machinectl" tool,
+ and exposed in "ps" and similar tools. machined/machinectl
+ is compile-time optional.
+
+ * As discussed earlier, the low-level cgroup configuration
+ options ControlGroup=, ControlGroupModify=,
+ ControlGroupPersistent=, ControlGroupAttribute= have been
+ removed. Please use high-level attribute settings instead as
+ well as slice units.
+
+ * A new bus call SetUnitProperties() has been added to alter
+ various runtime parameters of a unit. This is primarily
+ useful to alter cgroup parameters dynamically in a nice way,
+ but will be extended later on to make more properties
+ modifiable at runtime. systemctl gained a new set-properties
+ command that wraps this call.
+
+ * A new tool "systemd-run" has been added which can be used to
+ run arbitrary command lines as transient services or scopes,
+ while configuring a number of settings via the command
+ line. This tool is currently very basic, however already
+ very useful. We plan to extend this tool to even allow
+ queuing of execution jobs with time triggers from the
+ command line, similar in fashion to "at".
+
+ * nspawn will now inform the user explicitly that kernels with
+ audit enabled break containers, and suggest the user to turn
+ off audit.
+
+ * Support for detecting the IMA and AppArmor security
+ frameworks with ConditionSecurity= has been added.
+
+ * journalctl gained a new "-k" switch for showing only kernel
+ messages, mimicking dmesg output; in addition to "--user"
+ and "--system" switches for showing only user's own logs
+ and system logs.
+
+ * systemd-delta can now show information about drop-in
+ snippets extending unit files.
+
+ * libsystemd-bus has been substantially updated but is still
+ not available as public API.
+
+ * systemd will now look for the "debug" argument on the kernel
+ command line and enable debug logging, similar to
+ "systemd.log_level=debug" already did before.
+
+ * "systemctl set-default", "systemctl get-default" has been
+ added to configure the default.target symlink, which
+ controls what to boot into by default.
+
+ * "systemctl set-log-level" has been added as a convenient
+ way to raise and lower systemd logging threshold.
+
+ * "systemd-analyze plot" will now show the time the various
+ generators needed for execution, as well as information
+ about the unit file loading.
+
+ * libsystemd-journal gained a new sd_journal_open_files() call
+ for opening specific journal files. journactl also gained a
+ new switch to expose this new functionality. Previously we
+ only supported opening all files from a directory, or all
+ files from the system, as opening individual files only is
+ racy due to journal file rotation.
+
+ * systemd gained the new DefaultEnvironment= setting in
+ /etc/systemd/system.conf to set environment variables for
+ all services.
+
+ * If a privileged process logs a journal message with the
+ OBJECT_PID= field set, then journald will automatically
+ augment this with additional OBJECT_UID=, OBJECT_GID=,
+ OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+ system services want to log events about specific client
+ processes. journactl/systemctl has been updated to make use
+ of this information if all log messages regarding a specific
+ unit is requested.
+
+ Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
+ Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
+ Reisner, David Coppa, David King, David Strauss, Eelco
+ Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
+ Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
+ Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
+ Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
+ Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
+ Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
+ Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
+ Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
+ Łukasz Stelmach, 장동준
+
+CHANGES WITH 204:
+
+ * The Python bindings gained some minimal support for the APIs
+ exposed by libsystemd-logind.
+
+ * ConditionSecurity= gained support for detecting SMACK. Since
+ this condition already supports SELinux and AppArmor we only
+ miss IMA for this. Patches welcome!
+
+ Contributions from: Karol Lewandowski, Lennart Poettering,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 203:
+
+ * systemd-nspawn will now create /etc/resolv.conf if
+ necessary, before bind-mounting the host's file onto it.
+
+ * systemd-nspawn will now store meta information about a
+ container on the container's cgroup as extended attribute
+ fields, including the root directory.
+
+ * The cgroup hierarchy has been reworked in many ways. All
+ objects any of the components systemd creates in the cgroup
+ tree are now suffixed. More specifically, user sessions are
+ now placed in cgroups suffixed with ".session", users in
+ cgroups suffixed with ".user", and nspawn containers in
+ cgroups suffixed with ".nspawn". Furthermore, all cgroup
+ names are now escaped in a simple scheme to avoid collision
+ of userspace object names with kernel filenames. This work
+ is preparation for making these objects relocatable in the
+ cgroup tree, in order to allow easy resource partitioning of
+ these objects without causing naming conflicts.
+
+ * systemctl list-dependencies gained the new switches
+ --plain, --reverse, --after and --before.
+
+ * systemd-inhibit now shows the process name of processes that
+ have taken an inhibitor lock.
+
+ * nss-myhostname will now also resolve "localhost"
+ implicitly. This makes /etc/hosts an optional file and
+ nicely handles that on IPv6 ::1 maps to both "localhost" and
+ the local hostname.
+
+ * libsystemd-logind.so gained a new call
+ sd_get_machine_names() to enumerate running containers and
+ VMs (currently only supported by very new libvirt and
+ nspawn). sd_login_monitor can now be used to watch
+ VMs/containers coming and going.
+
+ * .include is not allowed recursively anymore, and only in
+ unit files. Usually it is better to use drop-in snippets in
+ .d/*.conf anyway, as introduced with systemd 198.
+
+ * systemd-analyze gained a new "critical-chain" command that
+ determines the slowest chain of units run during system
+ boot-up. It is very useful for tracking down where
+ optimizing boot time is the most beneficial.
+
+ * systemd will no longer allow manipulating service paths in
+ the name=systemd:/system cgroup tree using ControlGroup= in
+ units. (But is still fine with it in all other dirs.)
+
+ * There's a new systemd-nspawn@.service service file that may
+ be used to easily run nspawn containers as system
+ services. With the container's root directory in
+ /var/lib/container/foobar it is now sufficient to run
+ "systemctl start systemd-nspawn@foobar.service" to boot it.
+
+ * systemd-cgls gained a new parameter "--machine" to list only
+ the processes within a certain container.
+
+ * ConditionSecurity= now can check for "apparmor". We still
+ are lacking checks for SMACK and IMA for this condition
+ check though. Patches welcome!
+
+ * A new configuration file /etc/systemd/sleep.conf has been
+ added that may be used to configure which kernel operation
+ systemd is supposed to execute when "suspend", "hibernate"
+ or "hybrid-sleep" is requested. This makes the new kernel
+ "freeze" state accessible to the user.
+
+ * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
+ the passed argument if applicable.
+
+ Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
+ Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
+ MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
+ Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
+ Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
+ Jędrzejewski-Szmek
+
CHANGES WITH 202:
* The output of 'systemctl list-jobs' got some polishing. The
understood to set system wide environment variables
dynamically at boot.
- * We now limit the set of capabilities of systemd-journald.
+ * We now limit the set of capabilities of systemd-journald.
* We now set SIGPIPE to ignore by default, since it only is
useful in shell pipelines, and has little use in general