systemd System and Service Manager
+CHANGES WITH 228:
+
+ * A number of properties previously only settable in unit
+ files are now also available as properties to set when
+ creating transient units programmatically via the bus, as it
+ is exposed with systemd-run's --property=
+ setting. Specifically, these are: SyslogIdentifier=,
+ SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
+ EnvironmentFile=, ReadWriteDirectories=,
+ ReadOnlyDirectories=, InaccessibleDirectories=,
+ ProtectSystem=, ProtectHome=, RuntimeDirectory=.
+
+ * When creating transient services via the bus API it is now
+ possible to pass in a set of file descriptors to use as
+ STDIN/STDOUT/STDERR for the invoked process.
+
+ * Slice units may now be created transiently via the bus APIs,
+ similar to the way service and scope units may already be
+ created transiently.
+
+ * Wherever systemd expects a calendar timestamp specification
+ (like in journalctl's --since= and --until= switches) UTC
+ timestamps are now supported. Timestamps suffixed with "UTC"
+ are now considered to be in Universal Time Coordinated
+ instead of the local timezone. Also, timestamps may now
+ optionally be specified with sub-second accuracy. Both of
+ these additions also apply to recurring calendar event
+ specification, such as OnCalendar= in timer units.
+
+ * journalctl gained a new "--sync" switch that asks the
+ journal daemon to write all so far unwritten log messages to
+ disk and sync the files, before returning.
+
+ * systemd-tmpfiles learned two new line types "q" and "Q" that
+ operate like "v", but also set up a basic btrfs quota
+ hierarchy when used on a btrfs file system with quota
+ enabled.
+
+ * tmpfiles' "v", "q" and "Q" will now create a plain directory
+ instead of a subvolume (even on a btrfs file system) if the
+ root directory is a plain directory, and not a
+ subvolume. This should simplify things with certain chroot()
+ environments which are not aware of the concept of btrfs
+ subvolumes.
+
+ * systemd-detect-virt gained a new --chroot switch to detect
+ whether execution takes place in a chroot() environment.
+
+ * CPUAffinity= now takes CPU index ranges in addition to
+ individual indexes.
+
+ * The various memory-related resource limit settings (such as
+ LimitAS=) now understand the usual K, M, G, ... suffixes to
+ the base of 1024 (IEC). Similar, the time-related resource
+ limit settings understand the usual min, h, day, ...
+ suffixes now.
+
+ * There's a new system.conf setting DefaultTasksMax= to
+ control the default TasksMax= setting for services and
+ scopes running on the system. (TasksMax= is the primary
+ setting that exposes the "pids" cgroup controller on systemd
+ and was introduced in the previous systemd release.) The
+ setting now defaults to 512, which means services that are
+ not explicitly configured otherwise will only be able to
+ create 512 processes or threads at maximum, from this
+ version on. Note that this means that thread- or
+ process-heavy services might need to be reconfigured to set
+ TasksMax= to a higher value. It is sufficient to set
+ TasksMax= in these specific unit files to a higher value, or
+ even "infinity". Similar, there's now a logind.conf setting
+ UserTasksMax= that defaults to 4096 and limits the total
+ number of processes or tasks each user may own
+ concurrently. nspawn containers also have the TasksMax=
+ value set by default now, to 8192. Note that all of this
+ only has an effect if the "pids" cgroup controller is
+ enabled in the kernel. The general benefit of these changes
+ should be a more robust and safer system, that provides a
+ certain amount of per-service fork() bomb protection.
+
+ * systemd-nspawn gained the new --network-veth-extra= switch
+ to define additional and arbitrarily-named virtual Ethernet
+ links between the host and the container.
+
+ * A new service execution setting PassEnvironment= has been
+ added that allows importing select environment variables
+ from PID1's environment block into the environment block of
+ the service.
+
+ * systemd will now bump the net.unix.max_dgram_qlen to 512 by
+ default now (the kernel default is 16). This is beneficial
+ for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
+ allows substantially larger numbers of queued
+ datagrams. This should increase the capability of systemd to
+ parallelize boot-up, as logging and sd_notify() are unlikely
+ to stall execution anymore. If you need to change the value
+ from the new defaults, use the usual sysctl.d/ snippets.
+
+ * The compression framing format used by the journal or
+ coredump processing has changed to be in line with what the
+ official LZ4 tools generate. LZ4 compression support in
+ systemd was considered unsupported previously, as the format
+ was not compatible with the normal tools. With this release
+ this has changed now, and it is hence safe for downstream
+ distributions to turn it on. While not compressing as well
+ as the XZ, LZ4 is substantially faster, which makes
+ it a good default choice for the compression logic in the
+ journal and in coredump handling.
+
+ * Any reference to /etc/mtab has been dropped from
+ systemd. The file has been obsolete since a while, but
+ systemd refused to work on systems where it was incorrectly
+ set up (it should be a symlink or non-existent). Please make
+ sure to update to util-linux 2.27.1 or newer in conjunction
+ with this systemd release, which also drops any reference to
+ /etc/mtab. If you maintain a distribution make sure that no
+ software you package still references it, as this is a
+ likely source of bugs. There's also a glibc bug pending,
+ asking for removal of any reference to this obsolete file:
+
+ https://sourceware.org/bugzilla/show_bug.cgi?id=19108
+
+ * Support for the ".snapshot" unit type has been removed. This
+ feature turned out to be little useful and little used, and
+ has now been removed from the core and from systemctl.
+
+ * The dependency types RequiresOverridable= and
+ RequisiteOverridable= have been removed from systemd. They
+ have been used only very sparingly to our knowledge and
+ other options that provide a similar effect (such as
+ systemctl --mode=ignore-dependencies) are much more useful
+ and commonly used. Moreover, they were only half-way
+ implemented as the option to control behaviour regarding
+ these dependencies was never added to systemctl. By removing
+ these dependency types the execution engine becomes a bit
+ simpler. Unit files that use these dependencies should be
+ changed to use the non-Overridable dependency types
+ instead. In fact, when parsing unit files with these
+ options, that's what systemd will automatically convert them
+ too, but it will also warn, asking users to fix the unit
+ files accordingly. Removal of these dependency types should
+ only affect a negligible number of unit files in the wild.
+
+ * Behaviour of networkd's IPForward= option changed
+ (again). It will no longer maintain a per-interface setting,
+ but propagate one way from interfaces where this is enabled
+ to the global kernel setting. The global setting will be
+ enabled when requested by a network that is set up, but
+ never be disabled again. This change was made to make sure
+ IPv4 and IPv6 behaviour regarding packet forwarding is
+ similar (as the Linux IPv6 stack does not support
+ per-interface control of this setting) and to minimize
+ surprises.
+
+ * In unit files the behaviour of %u, %U, %h, %s has
+ changed. These specifiers will now unconditionally resolve
+ to the various user database fields of the user that the
+ systemd instance is running as, instead of the user
+ configured in the specific unit via User=. Note that this
+ effectively doesn't change much, as resolving of these
+ specifiers was already turned off in the --system instance
+ of systemd, as we cannot do NSS lookups from PID 1. In the
+ --user instance of systemd these specifiers where correctly
+ resolved, but hardly made any sense, since the user instance
+ lacks privileges to do user switches anyway, and User= is
+ hence useless. Morever, even in the --user instance of
+ systemd behaviour was awkward as it would only take settings
+ from User= assignment placed before the specifier into
+ account. In order to unify and simplify the logic around
+ this the specifiers will now always resolve to the
+ credentials of the user invoking the manager (which in case
+ of PID 1 is the root user).
+
+ Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
+ Yang, Daniel Machon, Daniel Mack, David Herrmann, David
+ Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
+ Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
+ Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
+ Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
+ Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
+ Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
+ Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
+ Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
+ Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
+ Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
+ Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
+ Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
+ Jędrzejewski-Szmek
+
+ -- Berlin, 2015-11-18
+
+CHANGES WITH 227:
+
+ * systemd now depends on util-linux v2.27. More specifically,
+ the newly added mount monitor feature in libmount now
+ replaces systemd's former own implementation.
+
+ * libmount mandates /etc/mtab not to be regular file, and
+ systemd now enforces this condition at early boot.
+ /etc/mtab has been deprecated and warned about for a very
+ long time, so systems running systemd should already have
+ stopped having this file around as anything else than a
+ symlink to /proc/self/mounts.
+
+ * Support for the "pids" cgroup controller has been added. It
+ allows accounting the number of tasks in a cgroup and
+ enforcing limits on it. This adds two new setting
+ TasksAccounting= and TasksMax= to each unit, as well as a
+ global option DefaultTasksAccounting=.
+
+ * Support for the "net_cls" cgroup controller has been added.
+ It allows assigning a net class ID to each task in the
+ cgroup, which can then be used in firewall rules and traffic
+ shaping configurations. Note that the kernel netfilter net
+ class code does not currently work reliably for ingress
+ packets on unestablished sockets.
+
+ This adds a new config directive called NetClass= to CGroup
+ enabled units. Allowed values are positive numbers for fixed
+ assignments and "auto" for picking a free value
+ automatically.
+
+ * 'systemctl is-system-running' now returns 'offline' if the
+ system is not booted with systemd. This command can now be
+ used as a substitute for 'systemd-notify --booted'.
+
+ * Watchdog timeouts have been increased to 3 minutes for all
+ in-tree service files. Apparently, disk IO issues are more
+ frequent than we hoped, and user reported >1 minute waiting
+ for disk IO.
+
+ * 'machine-id-commit' functionality has been merged into
+ 'machine-id-setup --commit'. The separate binary has been
+ removed.
+
+ * The WorkingDirectory= directive in unit files may now be set
+ to the special value '~'. In this case, the working
+ directory is set to the home directory of the user
+ configured in User=.
+
+ * "machinectl shell" will now open the shell in the home
+ directory of the selected user by default.
+
+ * The CrashChVT= configuration file setting is renamed to
+ CrashChangeVT=, following our usual logic of not
+ abbreviating unnecessarily. The old directive is still
+ supported for compat reasons. Also, this directive now takes
+ an integer value between 1 and 63, or a boolean value. The
+ formerly supported '-1' value for disabling stays around for
+ compat reasons.
+
+ * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
+ NoNewPrivileges=, TTYPath=, WorkingDirectory= and
+ RootDirectory= properties can now be set for transient
+ units.
+
+ * The systemd-analyze tool gained a new "set-log-target" verb
+ to change the logging target the system manager logs to
+ dynamically during runtime. This is similar to how
+ "systemd-analyze set-log-level" already changes the log
+ level.
+
+ * In nspawn /sys is now mounted as tmpfs, with only a selected
+ set of subdirectories mounted in from the real sysfs. This
+ enhances security slightly, and is useful for ensuring user
+ namespaces work correctly.
+
+ * Support for USB FunctionFS activation has been added. This
+ allows implementation of USB gadget services that are
+ activated as soon as they are requested, so that they don't
+ have to run continously, similar to classic socket
+ activation.
+
+ * The "systemctl exit" command now optionally takes an
+ additional parameter that sets the exit code to return from
+ the systemd manager when exiting. This is only relevant when
+ running the systemd user instance, or when running the
+ system instance in a container.
+
+ * sd-bus gained the new API calls sd_bus_path_encode_many()
+ and sd_bus_path_decode_many() that allow easy encoding and
+ decoding of multiple identifier strings inside a D-Bus
+ object path. Another new call sd_bus_default_flush_close()
+ has been added to flush and close per-thread default
+ connections.
+
+ * systemd-cgtop gained support for a -M/--machine= switch to
+ show the control groups within a certain container only.
+
+ * "systemctl kill" gained support for an optional --fail
+ switch. If specified the requested operation will fail of no
+ processes have been killed, because the unit had no
+ processes attached, or similar.
+
+ * A new systemd.crash_reboot=1 kernel command line option has
+ been added that triggers a reboot after crashing. This can
+ also be set through CrashReboot= in systemd.conf.
+
+ * The RuntimeDirectory= setting now understands unit
+ specifiers like %i or %f.
+
+ * A new (still internal) libary API sd-ipv4acd has been added,
+ that implements address conflict detection for IPv4. It's
+ based on code from sd-ipv4ll, and will be useful for
+ detecting DHCP address conflicts.
+
+ * File descriptors passed during socket activation may now be
+ named. A new API sd_listen_fds_with_names() is added to
+ access the names. The default names may be overridden,
+ either in the .socket file using the FileDescriptorName=
+ parameter, or by passing FDNAME= when storing the file
+ descriptors using sd_notify().
+
+ * systemd-networkd gained support for:
+
+ - Setting the IPv6 Router Advertisment settings via
+ IPv6AcceptRouterAdvertisements= in .network files.
+
+ - Configuring the HelloTimeSec=, MaxAgeSec= and
+ ForwardDelaySec= bridge parameters in .netdev files.
+
+ - Configuring PreferredSource= for static routes in
+ .network files.
+
+ * The "ask-password" framework used to query for LUKS harddisk
+ passwords or SSL passwords during boot gained support for
+ caching passwords in the kernel keyring, if it is
+ available. This makes sure that the user only has to type in
+ a passphrase once if there are multiple objects to unlock
+ with the same one. Previously, such password caching was
+ available only when Plymouth was used; this moves the
+ caching logic into the systemd codebase itself. The
+ "systemd-ask-password" utility gained a new --keyname=
+ switch to control which kernel keyring key to use for
+ caching a password in. This functionality is also useful for
+ enabling display managers such as gdm to automatically
+ unlock the user's GNOME keyring if its passphrase, the
+ user's password and the harddisk password are the same, if
+ gdm-autologin is used.
+
+ * When downloading tar or raw images using "machinectl
+ pull-tar" or "machinectl pull-raw", a matching ".nspawn"
+ file is now also downloaded, if it is available and stored
+ next to the image file.
+
+ * Units of type ".socket" gained a new boolean setting
+ Writable= which is only useful in conjunction with
+ ListenSpecial=. If true, enables opening the specified
+ special file in O_RDWR mode rather than O_RDONLY mode.
+
+ * systemd-rfkill has been reworked to become a singleton
+ service that is activated through /dev/rfkill on each rfkill
+ state change and saves the settings to disk. This way,
+ systemd-rfkill is now compatible with devices that exist
+ only intermittendly, and even restores state if the previous
+ system shutdown was abrupt rather than clean.
+
+ * The journal daemon gained support for vacuuming old journal
+ files controlled by the number of files that shall remain,
+ in addition to the already existing control by size and by
+ date. This is useful as journal interleaving performance
+ degrades with too many seperate journal files, and allows
+ putting an effective limit on them. The new setting defaults
+ to 100, but this may be changed by setting SystemMaxFiles=
+ and RuntimeMaxFiles= in journald.conf. Also, the
+ "journalctl" tool gained the new --vacuum-files= switch to
+ manually vacuum journal files to leave only the specified
+ number of files in place.
+
+ * udev will now create /dev/disk/by-path links for ATA devices
+ on kernels where that is supported.
+
+ * Galician, Serbian, Turkish and Korean translations were added.
+
+ Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
+ Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
+ (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
+ Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
+ Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
+ de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
+ Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
+ Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
+ Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
+ Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
+ Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
+ Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
+ Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
+ Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
+ Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
+ Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
+ Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
+ Zbigniew Jędrzejewski-Szmek, Марко М. Костић
+
+ -- Berlin, 2015-10-07
+
+CHANGES WITH 226:
+
+ * The DHCP implementation of systemd-networkd gained a set of
+ new features:
+
+ - The DHCP server now supports emitting DNS and NTP
+ information. It may be enabled and configured via
+ EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
+ and NTP information is enabled, but no servers are
+ configured, the corresponding uplink information (if there
+ is any) is propagated.
+
+ - Server and client now support transmission and reception
+ of timezone information. It can be configured via the
+ newly introduced network options UseTimezone=,
+ EmitTimezone=, and Timezone=. Transmission of timezone
+ information is enabled between host and containers by
+ default now: the container will change its local timezone
+ to what the host has set.
+
+ - Lease timeouts can now be configured via
+ MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
+
+ - The DHCP server improved on the stability of
+ leases. Clients are more likely to get the same lease
+ information back, even if the server loses state.
+
+ - The DHCP server supports two new configuration options to
+ control the lease address pool metrics, PoolOffset= and
+ PoolSize=.
+
+ * The encapsulation limit of tunnels in systemd-networkd may
+ now be configured via 'EncapsulationLimit='. It allows
+ modifying the maximum additional levels of encapsulation
+ that are permitted to be prepended to a packet.
+
+ * systemd now supports the concept of user buses replacing
+ session buses, if used with dbus-1.10 (and enabled via dbus
+ --enable-user-session). It previously only supported this on
+ kdbus-enabled systems, and this release expands this to
+ 'dbus-daemon' systems.
+
+ * systemd-networkd now supports predictable interface names
+ for virtio devices.
+
+ * systemd now optionally supports the new Linux kernel
+ "unified" control group hierarchy. If enabled via the kernel
+ command-line option 'systemd.unified_cgroup_hierarchy=1',
+ systemd will try to mount the unified cgroup hierarchy
+ directly on /sys/fs/cgroup. If not enabled, or not
+ available, systemd will fall back to the legacy cgroup
+ hierarchy setup, as before. Host system and containers can
+ mix and match legacy and unified hierarchies as they
+ wish. nspawn understands the $UNIFIED_CROUP_HIERARCHY
+ environment variable to individually select the hierarchy to
+ use for executed containers. By default, nspawn will use the
+ unified hierarchy for the containers if the host uses the
+ unified hierarchy, and the legacy hierarchy otherwise.
+ Please note that at this point the unified hierarchy is an
+ experimental kernel feature and is likely to change in one
+ of the next kernel releases. Therefore, it should not be
+ enabled by default in downstream distributions yet. The
+ minimum required kernel version for the unified hierarchy to
+ work is 4.2. Note that when the unified hierarchy is used
+ for the first time delegated access to controllers is
+ safe. Because of this systemd-nspawn containers will get
+ access to controllers now, as will systemd user
+ sessions. This means containers and user sessions may now
+ manage their own resources, partitioning up what the system
+ grants them.
+
+ * A new special scope unit "init.scope" has been introduced
+ that encapsulates PID 1 of the system. It may be used to
+ determine resource usage and enforce resource limits on PID
+ 1 itself. PID 1 hence moved out of the root of the control
+ group tree.
+
+ * The cgtop tool gained support for filtering out kernel
+ threads when counting tasks in a control group. Also, the
+ count of processes is now recursively summed up by
+ default. Two options -k and --recursive= have been added to
+ revert to old behaviour. The tool has also been updated to
+ work correctly in containers now.
+
+ * systemd-nspawn's --bind= and --bind-ro= options have been
+ extended to allow creation of non-recursive bind mounts.
+
+ * libsystemd gained two new calls sd_pid_get_cgroup() and
+ sd_peer_get_cgroup() which return the control group path of
+ a process or peer of a connected AF_UNIX socket. This
+ function call is particularly useful when implementing
+ delegated subtrees support in the control group hierarchy.
+
+ * The "sd-event" event loop API of libsystemd now supports
+ correct dequeuing of real-time signals, without losing
+ signal events.
+
+ * When systemd requests a PolicyKit decision when managing
+ units it will now add additional fields to the request,
+ including unit name and desired operation. This enables more
+ powerful PolicyKit policies, that make decisions depending
+ on these parameters.
+
+ * nspawn learnt support for .nspawn settings files, that may
+ accompany the image files or directories of containers, and
+ may contain additional settings for the container. This is
+ an alternative to configuring container parameters via the
+ nspawn command line.
+
+ Contributions from: Cristian Rodríguez, Daniel Mack, David
+ Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
+ Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
+ Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
+ Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
+ Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
+ Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
+ Andersen, Tom Gundersen, Torstein Husebø
+
+ -- Berlin, 2015-09-08
+
+CHANGES WITH 225:
+
+ * machinectl gained a new verb 'shell' which opens a fresh
+ shell on the target container or the host. It is similar to
+ the existing 'login' command of machinectl, but spawns the
+ shell directly without prompting for username or
+ password. The pseudo machine '.host' now refers to the local
+ host and is used by default. Hence, 'machinectl shell' can
+ be used as replacement for 'su -' which spawns a session as
+ a fresh systemd unit in a way that is fully isolated from
+ the originating session.
+
+ * systemd-networkd learned to cope with private-zone DHCP
+ options and allows other programs to query the values.
+
+ * SELinux access control when enabling/disabling units is no
+ longer enforced with this release. The previous
+ implementation was incorrect, and a new corrected
+ implementation is not yet available. As unit file operations
+ are still protected via PolicyKit and D-Bus policy this is
+ not a security problem. Yet, distributions which care about
+ optimal SELinux support should probably not stabilize on
+ this release.
+
+ * sd-bus gained support for matches of type "arg0has=", that
+ test for membership of strings in string arrays sent in bus
+ messages.
+
+ * systemd-resolved now dumps the contents of its DNS and LLMNR
+ caches to the logs on reception of the SIGUSR1 signal. This
+ is useful to debug DNS behaviour.
+
+ * The coredumpctl tool gained a new --directory= option to
+ operate on journal files in a specific directory.
+
+ * "systemctl reboot" and related commands gained a new
+ "--message=" option which may be used to set a free-text
+ wall message when shutting down or rebooting the
+ system. This message is also logged, which is useful for
+ figuring out the reason for a reboot or shutdown a
+ posteriori.
+
+ * The "systemd-resolve-host" tool's -i switch now takes
+ network interface numbers as alternative to interface names.
+
+ * A new unit file setting for services has been introduced:
+ UtmpMode= allows configuration of how precisely systemd
+ handles utmp and wtmp entries for the service if this is
+ enabled. This allows writing services that appear similar to
+ user sessions in the output of the "w", "who", "last" and
+ "lastlog" tools.
+
+ * systemd-resolved will now locally synthesize DNS resource
+ records for the "localhost" and "gateway" domains as well as
+ the local hostname. This should ensure that clients querying
+ RRs via resolved will get similar results as those going via
+ NSS, if nss-myhostname is enabled.
+
+ Contributions from: Alastair Hughes, Alex Crawford, Daniel
+ Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
+ Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
+ Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
+ Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
+ Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
+ Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
+ Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
+ reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
+ Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
+ Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
+ WaLyong Cho, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2015-08-27
+
+CHANGES WITH 224:
+
+ * The systemd-efi-boot-generator functionality was merged into
+ systemd-gpt-auto-generator.
+
+ * systemd-networkd now supports Group Policy for vxlan
+ devices. It can be enabled via the new boolean configuration
+ option called 'GroupPolicyExtension='.
+
+ Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
+ Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
+ Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
+
+ -- Berlin, 2015-07-31
+
CHANGES WITH 223:
* The python-systemd code has been removed from the systemd repository.
mapped as 'vg-foo-TGID'.
Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
- Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov, Jan
- Alexander Steffens (heftig), Johan Ouwerkerk, Jose Carlos Venegas Munoz,
- Kay Sievers, Lennart Poettering, Lidong Zhong, Martin Pitt, Michael
- Biebl, Michael Olbrich, Michal Schmidt, Mike Gilbert, Namhyung Kim, Nick
- Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo, Susant
- Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
- Umut Tezduyar Lindskog, Vito Caputo, Vivenzio Pagliari, Zbigniew
- Jędrzejewski-Szmek
-
- -- Berlin, 2015-XX-XX
+ Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
+ HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
+ Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
+ Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
+ Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
+ Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
+ Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
+ Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
+ Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2015-07-29
CHANGES WITH 222:
* When querying unit file enablement status (for example via
"systemctl is-enabled"), a new state "indirect" is now known
which indicates that a unit might not be enabled itself, but
- another unit listed in its Alias= setting might be.
+ another unit listed in its Also= setting might be.
* Similar to the various existing ConditionXYZ= settings for
- units there are now matching AssertXYZ= settings. While
+ units, there are now matching AssertXYZ= settings. While
failing conditions cause a unit to be skipped, but its job
to succeed, failing assertions declared like this will cause
a unit start operation and its job to fail.
* hostnamed now knows a new chassis type "embedded".
* systemctl gained a new "edit" command. When used on a unit
- file this allows extending unit files with .d/ drop-in
+ file, this allows extending unit files with .d/ drop-in
configuration snippets or editing the full file (after
copying it from /usr/lib to /etc). This will invoke the
user's editor (as configured with $EDITOR), and reload the
inhibitors.
* Scope and service units gained a new "Delegate" boolean
- property, which when set allows processes running inside the
+ property, which, when set, allows processes running inside the
unit to further partition resources. This is primarily
useful for systemd user instances as well as container
managers.
audit fields are split up and fully indexed. This means that
journalctl in many ways is now a (nicer!) alternative to
ausearch, the traditional audit client. Note that this
- implements only a minimal audit client, if you want the
+ implements only a minimal audit client. If you want the
special audit modes like reboot-on-log-overflow, please use
the traditional auditd instead, which can be used in
parallel to journald.
* journalctl gained two new commands --vacuum-size= and
--vacuum-time= to delete old journal files until the
- remaining ones take up no more the specified size on disk,
+ remaining ones take up no more than the specified size on disk,
or are not older than the specified time.
* A new, native PPPoE library has been added to sd-network,
will spew out warnings if the compilation fails. This
requires libxkbcommon to be installed.
- * When a coredump is collected a larger number of metadata
+ * When a coredump is collected, a larger number of metadata
fields is now collected and included in the journal records
- created for it. More specifically control group membership,
+ created for it. More specifically, control group membership,
environment variables, memory maps, working directory,
chroot directory, /proc/$PID/status, and a list of open file
descriptors is now stored in the log entry.
a fixed machine ID for subsequent boots.
* networkd's .netdev files now provide a large set of
- configuration parameters for VXLAN devices. Similar, the
+ configuration parameters for VXLAN devices. Similarly, the
bridge port cost parameter is now configurable in .network
files. There's also new support for configuring IP source
routing. networkd .link files gained support for a new
* .socket units gained a new DeferAcceptSec= setting that
controls the kernels' TCP_DEFER_ACCEPT sockopt for
- TCP. Similar, support for controlling TCP keep-alive
+ TCP. Similarly, support for controlling TCP keep-alive
settings has been added (KeepAliveTimeSec=,
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
turning off Nagle's algorithm on TCP has been added
* tmpfiles learnt a new "L+" directive which creates a symlink
but (unlike "L") deletes a pre-existing file first, should
it already exist and not already be the correct
- symlink. Similar, "b+", "c+" and "p+" directives have been
+ symlink. Similarly, "b+", "c+" and "p+" directives have been
added as well, which create block and character devices, as
well as fifos in the filesystem, possibly removing any
pre-existing files of different types.
open_by_handle_at() is now prohibited for containers,
closing a hole similar to a recently discussed vulnerability
in docker regarding access to files on file hierarchies the
- container should normally not have access to. Note that for
- nspawn we generally make no security claims anyway (and
+ container should normally not have access to. Note that, for
+ nspawn, we generally make no security claims anyway (and
this is explicitly documented in the man page), so this is
just a fix for one of the most obvious problems.
CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
loses the ability to write to files owned by root this way.
- * Similar, systemd-resolved now runs under its own
+ * Similarly, systemd-resolved now runs under its own
"systemd-resolve" user with no capabilities remaining.
- * Similar, systemd-bus-proxyd now runs under its own
+ * Similarly, systemd-bus-proxyd now runs under its own
"systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
* systemd-networkd gained support for setting up "veth"
- virtual ethernet devices for container connectivity, as well
+ virtual Ethernet devices for container connectivity, as well
as GRE and VTI tunnels.
* systemd-networkd will no longer automatically attempt to
* The configuration of network interface naming rules for
"permanent interface names" has changed: a new NamePolicy=
setting in the [Link] section of .link files determines the
- priority of possible naming schemes (onboard, slot, mac,
+ priority of possible naming schemes (onboard, slot, MAC,
path). The default value of this setting is determined by
/usr/lib/net/links/99-default.link. Old
80-net-name-slot.rules udev configuration file has been
devices as seat masters, i.e. as devices that are required
to be existing before a seat is considered preset. Instead,
it will now look for all devices that are tagged as
- "seat-master" in udev. By default framebuffer devices will
- be marked as such, but depending on local systems other
+ "seat-master" in udev. By default, framebuffer devices will
+ be marked as such, but depending on local systems, other
devices might be marked as well. This may be used to
integrate graphics cards using closed source drivers (such
as NVidia ones) more nicely into logind. Note however, that
* Reorder configuration file lookup order. /etc now always
overrides /run in order to allow the administrator to always
- and unconditionally override vendor supplied or
+ and unconditionally override vendor-supplied or
automatically generated data.
* The various user visible bits of the journal now have man
~ianmdlvl / elogind.git / blobdiff