systemd System and Service Manager
+CHANGES WITH 209:
+
+ * A new component "systemd-networkd" has been added that can
+ be used to configure local network interfaces statically or
+ via DHCP. It is capable of bringing up bridges, VLANs, and
+ bonding. Currently, no hook-ups for interactive network
+ configuration are provided. Use this for your initrd,
+ container, embedded, or server setup if you need a simple,
+ yet powerful, network configuration solution. This
+ configuration subsystem is quite nifty, as it allows wildcard
+ hotplug matching in interfaces. For example, with a single
+ configuration snippet, you can configure that all Ethernet
+ interfaces showing up are automatically added to a bridge,
+ or similar. It supports link-sensing and more.
+
+ * A new tool "systemd-socket-proxyd" has been added which can
+ act as a bidirectional proxy for TCP sockets. This is
+ useful for adding socket activation support to services that
+ do not actually support socket activation, including virtual
+ machines and the like.
+
+ * Add a new tool to save/restore rfkill state on
+ shutdown/boot.
+
+ * Save/restore state of keyboard backlights in addition to
+ display backlights on shutdown/boot.
+
+ * udev learned a new SECLABEL{} construct to label device
+ nodes with a specific security label when they appear. For
+ now, only SECLABEL{selinux} is supported, but the syntax is
+ prepared for additional security frameworks.
+
+ * udev gained a new scheme to configure link-level attributes
+ from files in /etc/systemd/network/*.link. These files can
+ match against MAC address, device path, driver name and type,
+ and will apply attributes like the naming policy, link speed,
+ MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
+ address assignment policy (randomized, ...).
+
+ * When the User= switch is used in a unit file, also
+ initialize $SHELL= based on the user database entry.
+
+ * systemd no longer depends on libdbus. All communication is
+ now done with sd-bus, systemd's low-level bus library
+ implementation.
+
+ * kdbus support has been added to PID 1 itself. When kdbus is
+ enabled, this causes PID 1 to set up the system bus and
+ enable support for a new ".busname" unit type that
+ encapsulates bus name activation on kdbus. It works a little
+ bit like ".socket" units, except for bus names. A new
+ generator has been added that converts classic dbus1 service
+ activation files automatically into native systemd .busname
+ and .service units.
+
+ * sd-bus: add a light-weight vtable implementation that allows
+ defining objects on the bus with a simple static const
+ vtable array of its methods, signals and properties.
+
+ * systemd will not generate or install static dbus
+ introspection data anymore to /usr/share/dbus-1/interfaces,
+ as the precise format of these files is unclear, and
+ nothing makes use of it.
+
+ * A proxy daemon is now provided to proxy clients connecting
+ via classic D-Bus AF_UNIX sockets to kdbus, to provide full
+ compatibility with classic D-Bus.
+
+ * A bus driver implementation has been added that supports the
+ classic D-Bus bus driver calls on kdbus, also for
+ compatibility purposes.
+
+ * A new API "sd-event.h" has been added that implements a
+ minimal event loop API built around epoll. It provides a
+ couple of features that direct epoll usage is lacking:
+ prioritization of events, scales to large numbers of timer
+ events, per-event timer slack (accuracy), system-wide
+ coalescing of timer events, exit handlers, watchdog
+ supervision support using systemd's sd_notify() API, child
+ process handling.
+
+ * A new API "sd-rntl.h" has been added that provides an API
+ around the route netlink interface of the kernel, similar in
+ style to "sd-bus.h".
+
+ * A new API "sd-dhcp-client.h" has been added that provides a
+ small DHCPv4 client-side implementation. This is used by
+ "systemd-networkd".
+
+ * There is a new kernel command line option
+ "systemd.restore_state=0|1". When set to "0", none of the
+ systemd tools will restore saved runtime state to hardware
+ devices. More specifically, the rfkill and backlight states
+ are not restored.
+
+ * The FsckPassNo= compatibility option in mount/service units
+ has been removed. The fstab generator will now add the
+ necessary dependencies automatically, and does not require
+ PID1's support for that anymore.
+
+ * journalctl gained a new switch, --list-boots, that lists
+ recent boots with their times and boot IDs.
+
+ * The various tools like systemctl, loginctl, timedatectl,
+ busctl, systemd-run, ... have gained a new switch "-M" to
+ connect to a specific, local OS container (as direct
+ connection, without requiring SSH). This works on any
+ container that is registered with machined, such as those
+ created by libvirt-lxc or nspawn.
+
+ * systemd-run and systemd-analyze also gained support for "-H"
+ to connect to remote hosts via SSH. This is particularly
+ useful for systemd-run because it enables queuing of jobs
+ onto remote systems.
+
+ * machinectl gained a new command "login" to open a getty
+ login in any local container. This works with any container
+ that is registered with machined (such as those created by
+ libvirt-lxc or nspawn), and which runs systemd inside.
+
+ * machinectl gained a new "reboot" command that may be used to
+ trigger a reboot on a specific container that is registered
+ with machined. This works on any container that runs an init
+ system of some kind.
+
+ * systemctl gained a new "list-timers" command to print a nice
+ listing of installed timer units with the times they elapse
+ next.
+
+ * Alternative reboot() parameters may now be specified on the
+ "systemctl reboot" command line and are passed to the
+ reboot() system call.
+
+ * systemctl gained a new --job-mode= switch to configure the
+ mode to queue a job with. This is a more generic version of
+ --fail, --irreversible, and --ignore-dependencies, which are
+ still available but not advertised anymore.
+
+ * /etc/systemd/system.conf gained new settings to configure
+ various default timeouts of units, as well as the default
+ start limit interval and burst. These may still be overridden
+ within each Unit.
+
+ * PID1 will now export on the bus profile data of the security
+ policy upload process (such as the SELinux policy upload to
+ the kernel).
+
+ * journald: when forwarding logs to the console, include
+ timestamps (following the setting in
+ /sys/module/printk/parameters/time).
+
+ * OnCalendar= in timer units now understands the special
+ strings "yearly" and "annually". (Both are equivalent)
+
+ * The accuracy of timer units is now configurable with the new
+ AccuracySec= setting. It defaults to 1min.
+
+ * A new dependency type JoinsNamespaceOf= has been added that
+ allows running two services within the same /tmp and network
+ namespace, if PrivateNetwork= or PrivateTmp= are used.
+
+ * A new command "cat" has been added to systemctl. It outputs
+ the original unit file of a unit, and concatenates the
+ contents of additional "drop-in" unit file snippets, so that
+ the full configuration is shown.
+
+ * systemctl now supports globbing on the various "list-xyz"
+ commands, like "list-units" or "list-sockets", as well as on
+ those commands which take multiple unit names.
+
+ * journalctl's --unit= switch gained support for globbing.
+
+ * All systemd daemons now make use of the watchdog logic so
+ that systemd automatically notices when they hang.
+
+ * If the $container_ttys environment variable is set,
+ getty-generator will automatically spawn a getty for each
+ listed tty. This is useful for container managers to request
+ login gettys to be spawned on as many ttys as needed.
+
+ * %h, %s, %U specifier support is not available anymore when
+ used in unit files for PID 1. This is because NSS calls are
+ not safe from PID 1. They stay available for --user
+ instances of systemd, and as special case for the root user.
+
+ * loginctl gained a new "--no-legend" switch to turn off output
+ of the legend text.
+
+ * The "sd-login.h" API gained three new calls:
+ sd_session_is_remote(), sd_session_get_remote_user(),
+ sd_session_get_remote_host() to query information about
+ remote sessions.
+
+ * The udev hardware database now also carries vendor/product
+ information of SDIO devices.
+
+ * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
+ determine whether watchdog notifications are requested by
+ the system manager.
+
+ * Socket-activated per-connection services now include a
+ short description of the connection parameters in the
+ description.
+
+ * tmpfiles gained a new "--boot" option. When this is not used,
+ only lines where the command character is not suffixed with
+ "!" are executed. When this option is specified, those
+ options are executed too. This partitions tmpfiles
+ directives into those that can be safely executed at any
+ time, and those which should be run only at boot (for
+ example, a line that creates /run/nologin).
+
+ * A new API "sd-resolve.h" has been added which provides a simple
+ asynchronous wrapper around glibc NSS host name resolution
+ calls, such as getaddrinfo(). In contrast to glibc's
+ getaddrinfo_a(), it does not use signals. In contrast to most
+ other asynchronous name resolution libraries, this one does
+ not reimplement DNS, but reuses NSS, so that alternate
+ host name resolution systems continue to work, such as mDNS,
+ LDAP, etc. This API is based on libasyncns, but it has been
+ cleaned up for inclusion in systemd.
+
+ * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h" are no
+ longer found in individual libraries libsystemd-journal.so,
+ libsystemd-login.so, libsystemd-id128.so. Instead, we have
+ merged them into a single library, libsystemd.so, which
+ provides all symbols. The reason for this is cyclic
+ dependencies, as these libraries tend to use each other's
+ symbols. So far, we've managed to workaround that by linking a
+ copy of a good part of our code into each of these libraries
+ again and again, which, however, makes certain things hard to
+ do, like sharing static variables. Also, it substantially
+ increases footprint. With this change, there is only one
+ library for the basic APIs systemd provides. Also,
+ "sd-bus.h", "sd-memfd.h", "sd-event.h", "sd-rtnl.h",
+ "sd-resolve.h", "sd-utf8.h" are found in this library as
+ well, however are subject to the --enable-kdbus switch (see
+ below). Note that "sd-dhcp-client.h" and "sd-daemon.h" are not
+ part of this library (the former because it only consumes,
+ never provides, services of/to other APIs, and the latter
+ because it is completely standalone). To make the transition
+ easy from the separate libraries to the unified one, we
+ provide the --enable-compat-libs compile-time switch which
+ will generate stub libraries that are compatible with the
+ old ones but redirect all calls to the new one.
+
+ * All of the kdbus logic and the new APIs "sd-bus.h",
+ "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
+ and "sd-utf8.h" are compile-time optional via the
+ "--enable-kdbus" switch, and they are not compiled in by
+ default. To make use of kdbus, you have to explicitly enable
+ the switch. Note however, that neither the kernel nor the
+ userspace API for all of this is considered stable yet. We
+ want to maintain the freedom to still change the APIs for
+ now. By specifying this build-time switch, you acknowledge
+ that you are aware of the instability of the current
+ APIs.
+
+ * Also, note that while kdbus is pretty much complete,
+ it lacks one thing: proper policy support. This means you
+ can build a fully working system with all features; however,
+ it will be highly insecure. Policy support will be added in
+ one of the next releases, at the same time that we will
+ declare the APIs stable.
+
+ * When the kernel command-line argument "kdbus" is specified,
+ systemd will automatically load the kdbus.ko kernel module. At
+ this stage of development, it is only useful for testing kdbus
+ and should not be used in production. Note: if "--enable-kdbus"
+ is specified, and the kdbus.ko kernel module is available, and
+ "kdbus" is added to the kernel command line, the entire system
+ runs with kdbus instead of dbus-daemon, with the above mentioned
+ problem of missing the system policy enforcement. Also a future
+ version of kdbus.ko or a newer systemd will not be compatible with
+ each other, and will unlikely be able to boot the machine if only
+ one of them is updated.
+
+ * systemctl gained a new "import-environment" command which
+ uploads the caller's environment (or parts thereof) into the
+ service manager so that it is inherited by services started
+ by the manager. This is useful to upload variables like
+ $DISPLAY into the user service manager.
+
+ * A new PrivateDevices= switch has been added to service units
+ which allows running a service with a namespaced /dev
+ directory that does not contain any device nodes for
+ physical devices. More specifically, it only includes devices
+ such as /dev/null, /dev/urandom, and /dev/zero which are API
+ entry points.
+
+ * logind has been extended to support behaviour like VT
+ switching on seats that do not support a VT. This makes
+ multi-session available on seats that are not the first seat
+ (seat0), and on systems where kernel support for VTs has
+ been disabled at compile-time.
+
+ * If a process holds a delay lock for system sleep or shutdown
+ and fails to release it in time, we will now log its
+ identity. This makes it easier to identify processes that
+ cause slow suspends or power-offs.
+
+ * When parsing /etc/crypttab, support for a new key-slot=
+ option as supported by Debian is added. It allows indicating
+ which LUKS slot to use on disk, speeding up key loading.
+
+ * The sd_journald_sendv() API call has been checked and
+ officially declared to be async-signal-safe so that it may
+ be invoked from signal handlers for logging purposes.
+
+ * Boot-time status output is now enabled automatically after a
+ short timeout if boot does not progress, in order to give
+ the user an indication what she or he is waiting for.
+
+ * The boot-time output has been improved to show how much time
+ remains until jobs expire.
+
+ * The KillMode= switch in service units gained a new possible
+ value "mixed". If set, and the unit is shut down, then the
+ initial SIGTERM signal is sent only to the main daemon
+ process, while the following SIGKILL signal is sent to
+ all remaining processes of the service.
+
+ * When a scope unit is registered, a new property "Controller"
+ may be set. If set to a valid bus name, systemd will send a
+ RequestStop() signal to this name when it would like to shut
+ down the scope. This may be used to hook manager logic into
+ the shutdown logic of scope units. Also, scope units may now
+ be put in a special "abandoned" state, in which case the
+ manager process which created them takes no further
+ responsibilities for it.
+
+ * When reading unit files, systemd will now verify
+ the access mode of these files, and warn about certain
+ suspicious combinations. This has been added to make it
+ easier to track down packaging bugs where unit files are
+ marked executable or world-writable.
+
+ * systemd-nspawn gained a new "--setenv=" switch to set
+ container-wide environment variables. The similar option in
+ systemd-activate was renamed from "--environment=" to
+ "--setenv=" for consistency.
+
+ * systemd-nspawn has been updated to create a new kdbus domain
+ for each container that is invoked, thus allowing each
+ container to have its own set of system and user buses,
+ independent of the host.
+
+ * systemd-nspawn gained a new --drop-capability= switch to run
+ the container with less capabilities than the default. Both
+ --drop-capability= and --capability= now take the special
+ string "all" for dropping or keeping all capabilities.
+
+ * systemd-nspawn gained new switches for executing containers
+ with specific SELinux labels set.
+
+ * systemd-nspawn gained a new --quiet switch to not generate
+ any additional output but the container's own console
+ output.
+
+ * systemd-nspawn gained a new --share-system switch to run a
+ container without PID namespacing enabled.
+
+ * systemd-nspawn gained a new --register= switch to control
+ whether the container is registered with systemd-machined or
+ not. This is useful for containers that do not run full
+ OS images, but only specific apps.
+
+ * systemd-nspawn gained a new --keep-unit which may be used
+ when invoked as the only program from a service unit, and
+ results in registration of the unit service itself in
+ systemd-machined, instead of a newly opened scope unit.
+
+ * systemd-nspawn gained a new --network-interface= switch for
+ moving arbitrary interfaces to the container. The new
+ --network-veth switch creates a virtual Ethernet connection
+ between host and container. The new --network-bridge=
+ switch then allows assigning the host side of this virtual
+ Ethernet connection to a bridge device.
+
+ * systemd-nspawn gained a new --personality= switch for
+ setting the kernel personality for the container. This is
+ useful when running a 32bit container on a 64bit host.
+
+ * logind will now also track a "Desktop" identifier for each
+ session which encodes the desktop environment of it. This is
+ useful for desktop environments that want to identify
+ multiple running sessions of itself easily.
+
+ * A new SELinuxContext= setting for service units has been
+ added that allows setting a specific SELinux execution
+ context for a service.
+
+ * Most systemd client tools will now honour $SYSTEMD_LESS for
+ settings of the "less" pager. By default, these tools will
+ override $LESS to allow certain operations to work, such as
+ jump-to-the-end. With $SYSTEMD_LESS, it is possible to
+ influence this logic.
+
+ * systemd's "seccomp" hook-up has been changed to make use of
+ the libseccomp library instead of using its own
+ implementation. This has benefits for portability among
+ other things.
+
+ * For usage together with SystemCallFilter=, a new
+ SystemCallErrorNumber= setting has been introduced that
+ allows configuration of a system error number to return on
+ filtered system calls, instead of immediately killing the
+ process. Also, SystemCallArchitectures= has been added to
+ limit access to system calls of a particular architecture
+ (in order to turn off support for unused secondary
+ architectures). There is also a global
+ SystemCallArchitectures= setting in system.conf now to turn
+ off support for non-native system calls system-wide.
+
+ Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
+ Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
+ Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
+ Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
+ David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
+ Elia Pinto, Florian Weimer, George McCollister, Goffredo
+ Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
+ Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
+ Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
+ Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
+ Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
+ Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
+ Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
+ Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
+ Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
+ Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
+ Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
+ Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
+ Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
+ Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
+ Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
+ Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
+ Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2014-02-xx
+
+CHANGES WITH 208:
+
+ * logind has gained support for facilitating privileged input
+ and drm device access for unprivileged clients. This work is
+ useful to allow Wayland display servers (and similar
+ programs, such as kmscon) to run under the user's ID and
+ access input and drm devices which are normally
+ protected. When this is used (and the kernel is new enough)
+ logind will "mute" IO on the file descriptors passed to
+ Wayland as long as it is in the background and "unmute" it
+ if it returns into the foreground. This allows secure
+ session switching without allowing background sessions to
+ eavesdrop on input and display data. This also introduces
+ session switching support if VT support is turned off in the
+ kernel, and on seats that are not seat0.
+
+ * A new kernel command line option luks.options= is understood
+ now which allows specifiying LUKS options for usage for LUKS
+ encrypted partitions specified with luks.uuid=.
+
+ * tmpfiles.d(5) snippets may now use specifier expansion in
+ path names. More specifically %m, %b, %H, %v, are now
+ replaced by the local machine id, boot id, hostname, and
+ kernel version number.
+
+ * A new tmpfiles.d(5) command "m" has been introduced which
+ may be used to change the owner/group/access mode of a file
+ or directory if it exists, but do nothing if it doesn't.
+
+ * This release removes high-level support for the
+ MemorySoftLimit= cgroup setting. The underlying kernel
+ cgroup attribute memory.soft_limit= is currently badly
+ designed and likely to be removed from the kernel API in its
+ current form, hence we shouldn't expose it for now.
+
+ * The memory.use_hierarchy cgroup attribute is now enabled for
+ all cgroups systemd creates in the memory cgroup
+ hierarchy. This option is likely to be come the built-in
+ default in the kernel anyway, and the non-hierarchial mode
+ never made much sense in the intrinsically hierarchial
+ cgroup system.
+
+ * A new field _SYSTEMD_SLICE= is logged along with all journal
+ messages containing the slice a message was generated
+ from. This is useful to allow easy per-customer filtering of
+ logs among other things.
+
+ * systemd-journald will no longer adjust the group of journal
+ files it creates to the "systemd-journal" group. Instead we
+ rely on the journal directory to be owned by the
+ "systemd-journal" group, and its setgid bit set, so that the
+ kernel file system layer will automatically enforce that
+ journal files inherit this group assignment. The reason for
+ this change is that we cannot allow NSS look-ups from
+ journald which would be necessary to resolve
+ "systemd-journal" to a numeric GID, because this might
+ create deadlocks if NSS involves synchronous queries to
+ other daemons (such as nscd, or sssd) which in turn are
+ logging clients of journald and might block on it, which
+ would then dead lock. A tmpfiles.d(5) snippet included in
+ systemd will make sure the setgid bit and group are
+ properly set on the journal directory if it exists on every
+ boot. However, we recommend adjusting it manually after
+ upgrades too (or from RPM scriptlets), so that the change is
+ not delayed until next reboot.
+
+ * Backlight and random seed files in /var/lib/ have moved into
+ the /var/lib/systemd/ directory, in order to centralize all
+ systemd generated files in one directory.
+
+ * Boot time performance measurements (as displayed by
+ "systemd-analyze" for example) will now read ACPI 5.0 FPDT
+ performance information if that's available to determine how
+ much time BIOS and boot loader initialization required. With
+ a sufficiently new BIOS you hence no longer need to boot
+ with Gummiboot to get access to such information.
+
+ Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
+ Cristian Rodríguez, Dave Reisner, David Herrmann, David
+ Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
+ feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
+ Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
+ Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-10-02
+
+CHANGES WITH 207:
+
+ * The Restart= option for services now understands a new
+ on-watchdog setting, which will restart the service
+ automatically if the service stops sending out watchdog keep
+ alive messages (as configured with WatchdogSec=).
+
+ * The getty generator (which is responsible for bringing up a
+ getty on configured serial consoles) will no longer only
+ start a getty on the primary kernel console but on all
+ others, too. This makes the order in which console= is
+ specified on the kernel command line less important.
+
+ * libsystemd-logind gained a new sd_session_get_vt() call to
+ retrieve the VT number of a session.
+
+ * If the option "tries=0" is set for an entry of /etc/crypttab
+ its passphrase is queried indefinitely instead of any
+ maximum number of tries.
+
+ * If a service with a configure PID file terminates its PID
+ file will now be removed automatically if it still exists
+ afterwards. This should put an end to stale PID files.
+
+ * systemd-run will now also take relative binary path names
+ for execution and no longer insists on absolute paths.
+
+ * InaccessibleDirectories= and ReadOnlyDirectories= now take
+ paths that are optionally prefixed with "-" to indicate that
+ it should not be considered a failure if they don't exist.
+
+ * journalctl -o (and similar commands) now understands a new
+ output mode "short-precise", it is similar to "short" but
+ shows timestamps with usec accuracy.
+
+ * The option "discard" (as known from Debian) is now
+ synonymous to "allow-discards" in /etc/crypttab. In fact,
+ "discard" is preferred now (since it is easier to remember
+ and type).
+
+ * Some licensing clean-ups were made, so that more code is now
+ LGPL-2.1 licensed than before.
+
+ * A minimal tool to save/restore the display backlight
+ brightness across reboots has been added. It will store the
+ backlight setting as late as possible at shutdown, and
+ restore it as early as possible during reboot.
+
+ * A logic to automatically discover and enable home and swap
+ partitions on GPT disks has been added. With this in place
+ /etc/fstab becomes optional for many setups as systemd can
+ discover certain partitions located on the root disk
+ automatically. Home partitions are recognized under their
+ GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
+ partitions are recognized under their GPT type ID
+ 0657fd6da4ab43c484e50933c84b4f4f.
+
+ * systemd will no longer pass any environment from the kernel
+ or initrd to system services. If you want to set an
+ environment for all services, do so via the kernel command
+ line systemd.setenv= assignment.
+
+ * The systemd-sysctl tool no longer natively reads the file
+ /etc/sysctl.conf. If desired, the file should be symlinked
+ from /etc/sysctl.d/99-sysctl.conf. Apart from providing
+ legacy support by a symlink rather than built-in code, it
+ also makes the otherwise hidden order of application of the
+ different files visible. (Note that this partly reverts to a
+ pre-198 application order of sysctl knobs!)
+
+ * The "systemctl set-log-level" and "systemctl dump" commands
+ have been moved to systemd-analyze.
+
+ * systemd-run learned the new --remain-after-exit switch,
+ which causes the scope unit not to be cleaned up
+ automatically after the process terminated.
+
+ * tmpfiles learned a new --exclude-prefix= switch to exclude
+ certain paths from operation.
+
+ * journald will now automatically flush all messages to disk
+ as soon as a message of the log priorities CRIT, ALERT or
+ EMERG is received.
+
+ Contributions from: Andrew Cook, Brandon Philips, Christian
+ Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
+ Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
+ McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
+ Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
+ Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
+ Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
+ Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
+ Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
+ Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
+ Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
+ Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
+ William Giokas, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-09-13
+
+CHANGES WITH 206:
+
+ * The documentation has been updated to cover the various new
+ concepts introduced with 205.
+
+ * Unit files now understand the new %v specifier which
+ resolves to the kernel version string as returned by "uname
+ -r".
+
+ * systemctl now supports filtering the unit list output by
+ load state, active state and sub state, using the new
+ --state= parameter.
+
+ * "systemctl status" will now show the results of the
+ condition checks (like ConditionPathExists= and similar) of
+ the last start attempts of the unit. They are also logged to
+ the journal.
+
+ * "journalctl -b" may now be used to look for boot output of a
+ specific boot. Try "journalctl -b -1" for the previous boot,
+ but the syntax is substantially more powerful.
+
+ * "journalctl --show-cursor" has been added which prints the
+ cursor string the last shown log line. This may then be used
+ with the new "journalctl --after-cursor=" switch to continue
+ browsing logs from that point on.
+
+ * "journalctl --force" may now be used to force regeneration
+ of an FSS key.
+
+ * Creation of "dead" device nodes has been moved from udev
+ into kmod and tmpfiles. Previously, udev would read the kmod
+ databases to pre-generate dead device nodes based on meta
+ information contained in kernel modules, so that these would
+ be auto-loaded on access rather then at boot. As this
+ doesn't really have much to do with the exposing actual
+ kernel devices to userspace this has always been slightly
+ alien in the udev codebase. Following the new scheme kmod
+ will now generate a runtime snippet for tmpfiles from the
+ module meta information and it now is tmpfiles' job to the
+ create the nodes. This also allows overriding access and
+ other parameters for the nodes using the usual tmpfiles
+ facilities. As side effect this allows us to remove the
+ CAP_SYS_MKNOD capability bit from udevd entirely.
+
+ * logind's device ACLs may now be applied to these "dead"
+ devices nodes too, thus finally allowing managed access to
+ devices such as /dev/snd/sequencer whithout loading the
+ backing module right-away.
+
+ * A new RPM macro has been added that may be used to apply
+ tmpfiles configuration during package installation.
+
+ * systemd-detect-virt and ConditionVirtualization= now can
+ detect User-Mode-Linux machines (UML).
+
+ * journald will now implicitly log the effective capabilities
+ set of processes in the message metadata.
+
+ * systemd-cryptsetup has gained support for TrueCrypt volumes.
+
+ * The initrd interface has been simplified (more specifically,
+ support for passing performance data via environment
+ variables and fsck results via files in /run has been
+ removed). These features were non-essential, and are
+ nowadays available in a much nicer way by having systemd in
+ the initrd serialize its state and have the hosts systemd
+ deserialize it again.
+
+ * The udev "keymap" data files and tools to apply keyboard
+ specific mappings of scan to key codes, and force-release
+ scan code lists have been entirely replaced by a udev
+ "keyboard" builtin and a hwdb data file.
+
+ * systemd will now honour the kernel's "quiet" command line
+ argument also during late shutdown, resulting in a
+ completely silent shutdown when used.
+
+ * There's now an option to control the SO_REUSEPORT socket
+ option in .socket units.
+
+ * Instance units will now automatically get a per-template
+ subslice of system.slice unless something else is explicitly
+ configured. For example, instances of sshd@.service will now
+ implicitly be placed in system-sshd.slice rather than
+ system.slice as before.
+
+ * Test coverage support may now be enabled at build time.
+
+ Contributions from: Dave Reisner, Frederic Crozat, Harald
+ Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
+ Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
+ Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
+ Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
+ Giokas, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2013-07-23
+
+CHANGES WITH 205:
+
+ * Two new unit types have been introduced:
+
+ Scope units are very similar to service units, however, are
+ created out of pre-existing processes -- instead of PID 1
+ forking off the processes. By using scope units it is
+ possible for system services and applications to group their
+ own child processes (worker processes) in a powerful way
+ which then maybe used to organize them, or kill them
+ together, or apply resource limits on them.
+
+ Slice units may be used to partition system resources in an
+ hierarchial fashion and then assign other units to them. By
+ default there are now three slices: system.slice (for all
+ system services), user.slice (for all user sessions),
+ machine.slice (for VMs and containers).
+
+ Slices and scopes have been introduced primarily in
+ context of the work to move cgroup handling to a
+ single-writer scheme, where only PID 1
+ creates/removes/manages cgroups.
+
+ * There's a new concept of "transient" units. In contrast to
+ normal units these units are created via an API at runtime,
+ not from configuration from disk. More specifically this
+ means it is now possible to run arbitrary programs as
+ independent services, with all execution parameters passed
+ in via bus APIs rather than read from disk. Transient units
+ make systemd substantially more dynamic then it ever was,
+ and useful as a general batch manager.
+
+ * logind has been updated to make use of scope and slice units
+ for managing user sessions. As a user logs in he will get
+ his own private slice unit, to which all sessions are added
+ as scope units. We also added support for automatically
+ adding an instance of user@.service for the user into the
+ slice. Effectively logind will no longer create cgroup
+ hierarchies on its own now, it will defer entirely to PID 1
+ for this by means of scope, service and slice units. Since
+ user sessions this way become entities managed by PID 1
+ the output of "systemctl" is now a lot more comprehensive.
+
+ * A new mini-daemon "systemd-machined" has been added which
+ may be used by virtualization managers to register local
+ VMs/containers. nspawn has been updated accordingly, and
+ libvirt will be updated shortly. machined will collect a bit
+ of meta information about the VMs/containers, and assign
+ them their own scope unit (see above). The collected
+ meta-data is then made available via the "machinectl" tool,
+ and exposed in "ps" and similar tools. machined/machinectl
+ is compile-time optional.
+
+ * As discussed earlier, the low-level cgroup configuration
+ options ControlGroup=, ControlGroupModify=,
+ ControlGroupPersistent=, ControlGroupAttribute= have been
+ removed. Please use high-level attribute settings instead as
+ well as slice units.
+
+ * A new bus call SetUnitProperties() has been added to alter
+ various runtime parameters of a unit. This is primarily
+ useful to alter cgroup parameters dynamically in a nice way,
+ but will be extended later on to make more properties
+ modifiable at runtime. systemctl gained a new set-properties
+ command that wraps this call.
+
+ * A new tool "systemd-run" has been added which can be used to
+ run arbitrary command lines as transient services or scopes,
+ while configuring a number of settings via the command
+ line. This tool is currently very basic, however already
+ very useful. We plan to extend this tool to even allow
+ queuing of execution jobs with time triggers from the
+ command line, similar in fashion to "at".
+
+ * nspawn will now inform the user explicitly that kernels with
+ audit enabled break containers, and suggest the user to turn
+ off audit.
+
+ * Support for detecting the IMA and AppArmor security
+ frameworks with ConditionSecurity= has been added.
+
+ * journalctl gained a new "-k" switch for showing only kernel
+ messages, mimicking dmesg output; in addition to "--user"
+ and "--system" switches for showing only user's own logs
+ and system logs.
+
+ * systemd-delta can now show information about drop-in
+ snippets extending unit files.
+
+ * libsystemd-bus has been substantially updated but is still
+ not available as public API.
+
+ * systemd will now look for the "debug" argument on the kernel
+ command line and enable debug logging, similar to
+ "systemd.log_level=debug" already did before.
+
+ * "systemctl set-default", "systemctl get-default" has been
+ added to configure the default.target symlink, which
+ controls what to boot into by default.
+
+ * "systemctl set-log-level" has been added as a convenient
+ way to raise and lower systemd logging threshold.
+
+ * "systemd-analyze plot" will now show the time the various
+ generators needed for execution, as well as information
+ about the unit file loading.
+
+ * libsystemd-journal gained a new sd_journal_open_files() call
+ for opening specific journal files. journactl also gained a
+ new switch to expose this new functionality. Previously we
+ only supported opening all files from a directory, or all
+ files from the system, as opening individual files only is
+ racy due to journal file rotation.
+
+ * systemd gained the new DefaultEnvironment= setting in
+ /etc/systemd/system.conf to set environment variables for
+ all services.
+
+ * If a privileged process logs a journal message with the
+ OBJECT_PID= field set, then journald will automatically
+ augment this with additional OBJECT_UID=, OBJECT_GID=,
+ OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+ system services want to log events about specific client
+ processes. journactl/systemctl has been updated to make use
+ of this information if all log messages regarding a specific
+ unit is requested.
+
+ Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
+ Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
+ Reisner, David Coppa, David King, David Strauss, Eelco
+ Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
+ Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
+ Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
+ Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
+ Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
+ Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
+ Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
+ Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
+ Łukasz Stelmach, 장동준
+
+CHANGES WITH 204:
+
+ * The Python bindings gained some minimal support for the APIs
+ exposed by libsystemd-logind.
+
+ * ConditionSecurity= gained support for detecting SMACK. Since
+ this condition already supports SELinux and AppArmor we only
+ miss IMA for this. Patches welcome!
+
+ Contributions from: Karol Lewandowski, Lennart Poettering,
+ Zbigniew Jędrzejewski-Szmek
+
+CHANGES WITH 203:
+
+ * systemd-nspawn will now create /etc/resolv.conf if
+ necessary, before bind-mounting the host's file onto it.
+
+ * systemd-nspawn will now store meta information about a
+ container on the container's cgroup as extended attribute
+ fields, including the root directory.
+
+ * The cgroup hierarchy has been reworked in many ways. All
+ objects any of the components systemd creates in the cgroup
+ tree are now suffixed. More specifically, user sessions are
+ now placed in cgroups suffixed with ".session", users in
+ cgroups suffixed with ".user", and nspawn containers in
+ cgroups suffixed with ".nspawn". Furthermore, all cgroup
+ names are now escaped in a simple scheme to avoid collision
+ of userspace object names with kernel filenames. This work
+ is preparation for making these objects relocatable in the
+ cgroup tree, in order to allow easy resource partitioning of
+ these objects without causing naming conflicts.
+
+ * systemctl list-dependencies gained the new switches
+ --plain, --reverse, --after and --before.
+
+ * systemd-inhibit now shows the process name of processes that
+ have taken an inhibitor lock.
+
+ * nss-myhostname will now also resolve "localhost"
+ implicitly. This makes /etc/hosts an optional file and
+ nicely handles that on IPv6 ::1 maps to both "localhost" and
+ the local hostname.
+
+ * libsystemd-logind.so gained a new call
+ sd_get_machine_names() to enumerate running containers and
+ VMs (currently only supported by very new libvirt and
+ nspawn). sd_login_monitor can now be used to watch
+ VMs/containers coming and going.
+
+ * .include is not allowed recursively anymore, and only in
+ unit files. Usually it is better to use drop-in snippets in
+ .d/*.conf anyway, as introduced with systemd 198.
+
+ * systemd-analyze gained a new "critical-chain" command that
+ determines the slowest chain of units run during system
+ boot-up. It is very useful for tracking down where
+ optimizing boot time is the most beneficial.
+
+ * systemd will no longer allow manipulating service paths in
+ the name=systemd:/system cgroup tree using ControlGroup= in
+ units. (But is still fine with it in all other dirs.)
+
+ * There's a new systemd-nspawn@.service service file that may
+ be used to easily run nspawn containers as system
+ services. With the container's root directory in
+ /var/lib/container/foobar it is now sufficient to run
+ "systemctl start systemd-nspawn@foobar.service" to boot it.
+
+ * systemd-cgls gained a new parameter "--machine" to list only
+ the processes within a certain container.
+
+ * ConditionSecurity= now can check for "apparmor". We still
+ are lacking checks for SMACK and IMA for this condition
+ check though. Patches welcome!
+
+ * A new configuration file /etc/systemd/sleep.conf has been
+ added that may be used to configure which kernel operation
+ systemd is supposed to execute when "suspend", "hibernate"
+ or "hybrid-sleep" is requested. This makes the new kernel
+ "freeze" state accessible to the user.
+
+ * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
+ the passed argument if applicable.
+
+ Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
+ Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
+ Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
+ Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
+ MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
+ Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
+ Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
+ Jędrzejewski-Szmek
+
+CHANGES WITH 202:
+
+ * The output of 'systemctl list-jobs' got some polishing. The
+ '--type=' argument may now be passed more than once. A new
+ command 'systemctl list-sockets' has been added which shows
+ a list of kernel sockets systemd is listening on with the
+ socket units they belong to, plus the units these socket
+ units activate.
+
+ * The experimental libsystemd-bus library got substantial
+ updates to work in conjunction with the (also experimental)
+ kdbus kernel project. It works well enough to exchange
+ messages with some sophistication. Note that kdbus is not
+ ready yet, and the library is mostly an elaborate test case
+ for now, and not installable.
+
+ * systemd gained a new unit 'systemd-static-nodes.service'
+ that generates static device nodes earlier during boot, and
+ can run in conjunction with udev.
+
+ * libsystemd-login gained a new call sd_pid_get_user_unit()
+ to retrieve the user systemd unit a process is running
+ in. This is useful for systems where systemd is used as
+ session manager.
+
+ * systemd-nspawn now places all containers in the new /machine
+ top-level cgroup directory in the name=systemd
+ hierarchy. libvirt will soon do the same, so that we get a
+ uniform separation of /system, /user and /machine for system
+ services, user processes and containers/virtual
+ machines. This new cgroup hierarchy is also useful to stick
+ stable names to specific container instances, which can be
+ recognized later this way (this name may be controlled
+ via systemd-nspawn's new -M switch). libsystemd-login also
+ gained a new call sd_pid_get_machine_name() to retrieve the
+ name of the container/VM a specific process belongs to.
+
+ * bootchart can now store its data in the journal.
+
+ * libsystemd-journal gained a new call
+ sd_journal_add_conjunction() for AND expressions to the
+ matching logic. This can be used to express more complex
+ logical expressions.
+
+ * journactl can now take multiple --unit= and --user-unit=
+ switches.
+
+ * The cryptsetup logic now understands the "luks.key=" kernel
+ command line switch for specifying a file to read the
+ decryption key from. Also, if a configured key file is not
+ found the tool will now automatically fall back to prompting
+ the user.
+
+ * Python systemd.journal module was updated to wrap recently
+ added functions from libsystemd-journal. The interface was
+ changed to bring the low level interface in s.j._Reader
+ closer to the C API, and the high level interface in
+ s.j.Reader was updated to wrap and convert all data about
+ an entry.
+
+ Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
+ Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
+ Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
+ Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
+ Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
+ Tom Gundersen, Zbigniew Jędrzejewski-Szmek
+
CHANGES WITH 201:
* journalctl --update-catalog now understands a new --root=
* The udev daemon now sets the default number of worker
processes executed in parallel based on the number of available
CPUs instead of the amount of available RAM. This is supposed
- to provide a more reliable default and limit a too agressive
+ to provide a more reliable default and limit a too aggressive
paralellism for setups with 1000s of devices connected.
Contributions from: Auke Kok, Colin Walters, Cristian
the underlying file system of a journal file is capable of
properly reporting file change notifications, or whether
applications that want to reflect journal changes "live"
- need to recheck journal files continously in appropriate
+ need to recheck journal files continuously in appropriate
time intervals.
* It is now possible to set the "age" field for tmpfiles
* There's now a new RPM macro definition for the system preset
dir: %_presetdir.
- * journald will now warn if it can't foward a message to the
+ * journald will now warn if it can't forward a message to the
syslog daemon because it's socket is full.
* timedated will no longer write or process /etc/timezone,
the maximum number of iterations to run for. It also gained
-b, to run in batch mode (accepting no input).
- * The suffix ".service" may now be ommited on most systemctl
+ * The suffix ".service" may now be omitted on most systemctl
command lines involving service unit names.
* There's a new bus call in logind to lock all sessions, as
* Show /etc/os-release data in systemd-analyze output
- * Many bugfixes for the journal, including endianess fixes and
+ * Many bugfixes for the journal, including endianness fixes and
ensuring that disk space enforcement works
* sd-login.h is C++ comptaible again
understood to set system wide environment variables
dynamically at boot.
- * We now limit the set of capabilities of systemd-journald.
+ * We now limit the set of capabilities of systemd-journald.
* We now set SIGPIPE to ignore by default, since it only is
useful in shell pipelines, and has little use in general
~ianmdlvl / elogind.git / blobdiff