systemd System and Service Manager
+CHANGES WITH 212:
+
+ * When restoring the screen brightness at boot, stay away from
+ the darkest setting or from the lowest 5% of the available
+ range, depending on which is the larger value of both. This
+ should effectively protect the user from rebooting into a
+ black screen, should the brightness have been set to minimum
+ by accident.
+
+ * sd-login gained a new sd_machine_get_class() call to
+ determine the class ("vm" or "container") of a machine
+ registered with machined.
+
+ * sd-login gained new calls
+ sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
+ to query the identity of the peer of a local AF_UNIX
+ connection. They operate similar to their sd_pid_get_xyz()
+ counterparts.
+
+ * PID 1 will now maintain a system-wide system state engine
+ with the states "starting", "running", "degraded",
+ "maintenance", "stopping". These states are bound to system
+ startup, normal runtime, runtime with at least one failed
+ service, rescue/emergency mode and system shutdown. This
+ state is shown in the "systemctl status" output when no unit
+ name is passed. It is useful to determine system state, in
+ particularly when doing so for many systems or containers at
+ once.
+
+ * A new command "list-machines" has been added to "systemctl"
+ that lists all local OS containers and shows their system
+ state (see above), if systemd runs inside of them.
+
+ * systemctl gained a new "-r" switch to recursively enumerate
+ units on all local containers, when used with the
+ "list-unit" command (which is the default one that is
+ executed when no parameters are specified).
+
+ * The GPT automatic partition discovery logic will now honour
+ two GPT partition flags: one may be set on a partition to
+ cause it to be mounted read-only, and the other may be set
+ on a partition to ignore it during automatic discovery.
+
+ * Two new GPT type UUIDs have been added for automatic root
+ partition discovery, for 32bit and 64bit ARM. This is not
+ particularly useful for discovering the root directory on
+ these architectures during bare-metal boots (since UEFI is
+ not common there), but still very useful to allow booting of
+ ARM disk images in nspawn with the -i option.
+
+ * MAC addresses of interfaces created with nspawn's
+ --network-interface= switch will now be generated from the
+ machine name, and thus be stable between multiple invocations
+ of the container.
+
+ * logind will now automatically remove all IPC objects owned
+ by a user if she or he fully logs out. This makes sure that
+ users who are logged out cannot continue to consume IPC
+ resources. This covers SysV memory, semaphores and message
+ queues as well as POSIX shared memory and message
+ queues. Traditionally SysV and POSIX IPC had no life-cycle
+ limits, with this functionality this is corrected. This may
+ be turned off using the RemoveIPC= switch of logind.conf.
+
+ * The systemd-machine-id-setup and tmpfiles tools gained a
+ --root= switch to operate on a specific root directory,
+ instead of /.
+
+ * journald can now forward logged messages to the TTYs of all
+ logged in users ("wall"). This is the default for all
+ emergency messages now.
+
+ * A new tool systemd-journal-remote has been added to stream
+ journal log messages across the network.
+
+ * /sys/fs/cgroup/ is now mounted read-only after all cgroup
+ controller trees are mounted into it. Note that the
+ directories mounted beneath it are not read-only. This is a
+ security measure and is particularly useful because glibc
+ actually includes a search logic to pick any tmpfs it can
+ find to implement shm_open() if /dev/shm is not available
+ (which it might very well be in namespaced setups).
+
+ * machinectl gained a new "poweroff" command to cleanly power
+ down a local OS container.
+
+ * The PrivateDevices= unit file setting will now also drop the
+ CAP_MKNOD capability from the capability bound set, and
+ imply DevicePolicy=closed.
+
+ * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
+ comprehensively on all long-running systemd services where
+ this is appropriate.
+
+ * systemd-udevd will now run in a disassociated mount
+ namespace. To mount directories from udev rules make sure to
+ pull in mount units via SYSTEMD_WANTS properties.
+
+ * The kdbus support gained support for uploading policy into
+ the kernel. sd-bus gained support for creating "monitoring"
+ connections that can eavesdrop into all bus communication
+ for debugging purposes.
+
+ * Timestamps may now be specified in seconds since the UNIX
+ epoch Jan 1st, 1970 by specifying "@" followed by the value
+ in seconds.
+
+ * Native tcpwrap support in systemd has been removed. tcpwrap
+ is old code, not really maintained anymore and has serious
+ shortcomings, and better options such as firewalls
+ exist. For setups that require tcpwrap usage, please
+ consider invoking your socket-activated service via tcpd,
+ like on traditional inetd.
+
+ * A new system.conf configuration option
+ DefaultTimerAccuracySec= has been added that controls the
+ default AccuracySec= setting of .timer units.
+
+ * Timer units gained a new WakeSystem= switch. If enabled
+ timers configured this way will cause the system to resume
+ from system suspend (if the system supports that, which most
+ do these days).
+
+ * Timer units gained a new Persistent= switch. If enabled
+ timers configured this way will save to disk when they have
+ been last triggered. This information is then used on next
+ reboot to possible execute overdue timer events, that
+ couldn't take place because the system was powered off. This
+ enables simple anacron-like behaviour for timer units.
+
+ * systemctl's "list-timers" will now also list the time a
+ timer unit was last triggered in addition to the next time
+ it will be triggered.
+
+ * systemd-networkd will now assign predictable IPv4LL
+ addresses to its local interfaces.
+
+ Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
+ Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
+ Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
+ Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
+ Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
+ Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
+ Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
+ Jędrzejewski-Szmek
+
+ -- Berlin, 2014-03-25
+
+CHANGES WITH 211:
+
+ * A new unit file setting RestrictAddressFamilies= has been
+ added to restrict which socket address families unit
+ processes gain access to. This takes address family names
+ like "AF_INET" or "AF_UNIX", and is useful to minimize the
+ attack surface of services via exotic protocol stacks. This
+ is built on seccomp system call filters.
+
+ * Two new unit file settings RuntimeDirectory= and
+ RuntimeDirectoryMode= have been added that may be used to
+ manage a per-daemon runtime directories below /run. This is
+ an alternative for setting up directory permissions with
+ tmpfiles snippets, and has the advantage that the runtime
+ directory's lifetime is bound to the daemon runtime and that
+ the daemon starts up with an empty directory each time. This
+ is particularly useful when writing services that drop
+ priviliges using the User= or Group= setting.
+
+ * The DeviceAllow= unit setting now supports globbing for
+ matching against device group names.
+
+ * The systemd configuration file system.conf gained new
+ settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
+ DefaultMemoryAccounting= to globally turn on/off accounting
+ for specific resources (cgroups) for all units. These
+ settings may still be overridden individually in each unit
+ though.
+
+ * systemd-gpt-auto-generator is now able to discover /srv and
+ root partitions in addition to /home and swap partitions. It
+ also supports LUKS-encrypted partitions now. With this in
+ place automatic discovery of partitions to mount following
+ the Discoverable Partitions Specification
+ (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
+ is now a lot more complete. This allows booting without
+ /etc/fstab and without root= on the kernel command line on
+ appropriately prepared systems.
+
+ * systemd-nspawn gained a new --image= switch which allows
+ booting up disk images and Linux installations on any block
+ device that follow the Discoverable Partitions Specification
+ (see above). This means that installations made with
+ appropriately updated installers may now be started and
+ deployed using container managers, completely
+ unmodified. (We hope that libvirt-lxc will add support for
+ this feature soon, too.)
+
+ * systemd-nspawn gained a new --network-macvlan= setting to
+ set up a private macvlan interface for the
+ container. Similar, systemd-networkd gained a new
+ Kind=macvlan setting in .netdev files.
+
+ * systemd-networkd now supports configuring local addresses
+ using IPv4LL.
+
+ * A new tool systemd-network-wait-online has been added to
+ synchronously wait for network connectivity using
+ systemd-networkd.
+
+ * The sd-bus.h bus API gained a new sd_bus_track object for
+ tracking the life-cycle of bus peers. Note that sd-bus.h is
+ still not a public API though (unless you specify
+ --enable-kdbus on the configure command line, which however
+ voids your warranty and you get no API stability guarantee).
+
+ * The $XDG_RUNTIME_DIR runtime directories for each user are
+ now individual tmpfs instances, which has the benefit of
+ introducing separate pools for each user, with individual
+ size limits, and thus making sure that unprivileged clients
+ can no longer negatively impact the system or other users by
+ filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
+ RuntimeDirectorySize= has been introduced that allows
+ controlling the default size limit for all users. It
+ defaults to 10% of the available physical memory. This is no
+ replacement for quotas on tmpfs though (which the kernel
+ still does not support), as /dev/shm and /tmp are still
+ shared resources used by both the system and unprivileged
+ users.
+
+ * logind will now automatically turn off automatic suspending
+ on laptop lid close when more than one display is
+ connected. This was previously expected to be implemented
+ individually in desktop environments (such as GNOME),
+ however has been added to logind now, in order to fix a
+ boot-time race where a desktop environment might not have
+ been started yet and thus not been able to take an inhibitor
+ lock at the time where logind already suspends the system
+ due to a closed lid.
+
+ * logind will now wait at least 30s after each system
+ suspend/resume cycle, and 3min after system boot before
+ suspending the system due to a closed laptop lid. This
+ should give USB docking stations and similar enough time to
+ be probed and configured after system resume and boot in
+ order to then act as suspend blocker.
+
+ * systemd-run gained a new --property= setting which allows
+ initialization of resource control properties (and others)
+ for the created scope or service unit. Example: "systemd-run
+ --property=BlockIOWeight=10 updatedb" may be used to run
+ updatedb at a low block IO scheduling weight.
+
+ * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
+ now also work in --scope mode.
+
+ * When systemd is compiled with kdbus support, basic support
+ for enforced policies is now in place. (Note that enabling
+ kdbus still voids your warranty and no API compatibility
+ promises are made.)
+
+ Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
+ K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
+ Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
+ Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
+ Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
+ Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
+ Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
+ Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
+ Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
+ Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2014-03-12
+
CHANGES WITH 210:
* systemd will now relabel /dev after loading the SMACK policy
according to SMACK rules.
- * A new unit file option AppArmoreProfile= has been added to
+ * A new unit file option AppArmorProfile= has been added to
set the AppArmor profile for the processes of a unit.
* A new condition check ConditionArchitecture= has been added
* logind will now watch SW_DOCK switches and inhibit reaction
to the lid switch if it is pressed. This means that logind
will not suspend the machine anymore if the lid is closed
- and the systemd is docked, if the laptop supports SW_DOCK
+ and the system is docked, if the laptop supports SW_DOCK
notifications via the input layer. Note that ACPI docking
stations do not generate this currently. Also note that this
logic is usually not fully sufficient and Desktop
IFUNC. Please make sure to use --enable-compat-libs only
during a transitional period!
- Contributions from: Andreas Fuchs, Armin K, Colin Walters,
+ Contributions from: Andreas Fuchs, Armin K., Colin Walters,
Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
~ianmdlvl / elogind.git / blobdiff