X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=41ed127ecaab53ce5c872dc7f343d7f8963675ae;hp=c240d11dc7c27caef6d3e079d72893919e6f802b;hb=965e5c5daff660e13a31bfa5a27af733a707ec4b;hpb=6afc95b73605833e6e966af1c466b5c08feb953f diff --git a/NEWS b/NEWS index c240d11dc..41ed127ec 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,110 @@ systemd System and Service Manager +CHANGES WITH 210: + + * systemd will now relabel /dev after loading the SMACK policy + according to SMACK rules. + + * A new unit file option AppArmorProfile= has been added to + set the AppArmor profile for the processes of a unit. + + * A new condition check ConditionArchitecture= has been added + to conditionalize units based on the system architecture, as + reported by uname()'s "machine" field. + + * systemd-networkd now supports matching on the system + virtualization, architecture, kernel command line, host name + and machine ID. + + * logind is now a lot more aggressive when suspending the + machine due to a closed laptop lid. Instead of acting only + on the lid close action it will continuously watch the lid + status and act on it. This is useful for laptops where the + power button is on the outside of the chassis so that it can + be reached without opening the lid (such as the Lenovo + Yoga). On those machines logind will now immediately + re-suspend the machine if the power button has been + accidentally pressed while the laptop was suspended and in a + backpack or similar. + + * logind will now watch SW_DOCK switches and inhibit reaction + to the lid switch if it is pressed. This means that logind + will not suspend the machine anymore if the lid is closed + and the system is docked, if the laptop supports SW_DOCK + notifications via the input layer. Note that ACPI docking + stations do not generate this currently. Also note that this + logic is usually not fully sufficient and Desktop + Environments should take a lid switch inhibitor lock when an + external display is connected, as systemd will not watch + this on its own. + + * nspawn will now make use of the devices cgroup controller by + default, and only permit creation of and access to the usual + API device nodes like /dev/null or /dev/random, as well as + access to (but not creation of) the pty devices. + + * We will now ship a default .network file for + systemd-networkd that automatically configures DHCP for + network interfaces created by nspawn's --network-veth or + --network-bridge= switches. + + * systemd will now understand the usual M, K, G, T suffixes + according to SI conventions (i.e. to the base 1000) when + referring to throughput and hardware metrics. It will stay + with IEC conventions (i.e. to the base 1024) for software + metrics, according to what is customary according to + Wikipedia. We explicitly document which base applies for + each configuration option. + + * The DeviceAllow= setting in unit files now supports a syntax + to whitelist an entire group of devices node majors at once, + based on the /proc/devices listing. For example, with the + string "char-pts" it is now possible to whitelist all + current and future pseudo-TTYs at once. + + * sd-event learned a new "post" event source. Event sources of + this type are triggered by the dispatching of any event + source of a type that is not "post". This is useful for + implementing clean-up and check event sources that are + triggered by other work being done in the program. + + * systemd-networkd is no longer statically enabled, but uses + the usual [Install] sections so that it can be + enabled/disabled using systemctl. It still is enabled by + default however. + + * When creating a veth interface pair with systemd-nspawn the + host side will now be prefixed with "vb-" if + --network-bridge= is used, and with "ve-" if --network-veth + is used. This way it is easy to distinguish these cases on + the host, for example to apply different configuration to + them with systemd-networkd. + + * The compatibility libraries for libsystemd-journal.so, + libsystem-id128.so, libsystemd-login.so and + libsystemd-daemon.so do not make use of IFUNC + anymore. Instead we now build libsystemd.so multiple times + under these alternative names. This means that the footprint + is drastically increased, but given that these are + transitional compatibility libraries this shouldn't matter + much. This change has been made necessary to support the ARM + platform for these compatibility libraries, as the ARM + toolchain isn't really at the same level as the toolchain + for other architectures like x86 and does not support + IFUNC. Please make sure to use --enable-compat-libs only + during a transitional period! + + Contributions from: Andreas Fuchs, Armin K, Colin Walters, + Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni, + Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper + St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach, + Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike + Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe + Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, + Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-02-24 + CHANGES WITH 209: * A new component "systemd-networkd" has been added that can @@ -39,6 +144,16 @@ CHANGES WITH 209: MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC address assignment policy (randomized, ...). + * The configuration of network interface naming rules for + "permanent interface names" has changed: a new NamePolicy= + setting in the [Link] section of .link files determines the + priority of possible naming schemes (onboard, slot, mac, + path). The default value of this setting is determined by + /usr/lib/net/links/99-default.link. Old + 80-net-name-slot.rules udev configuration file has been + removed, so local configuration overriding this file should + be adapated to override 99-default.link instead. + * When the User= switch is used in a unit file, also initialize $SHELL= based on the user database entry. @@ -222,25 +337,25 @@ CHANGES WITH 209: LDAP, etc. This API is based on libasyncns, but it has been cleaned up for inclusion in systemd. - * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h" are no - longer found in individual libraries libsystemd-journal.so, - libsystemd-login.so, libsystemd-id128.so. Instead, we have + * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h", + "sd-daemon.h" are no longer found in individual libraries + libsystemd-journal.so, libsystemd-login.so, + libsystemd-id128.so, libsystemd-daemon.so. Instead, we have merged them into a single library, libsystemd.so, which provides all symbols. The reason for this is cyclic dependencies, as these libraries tend to use each other's - symbols. So far, we've managed to workaround that by linking a - copy of a good part of our code into each of these libraries - again and again, which, however, makes certain things hard to - do, like sharing static variables. Also, it substantially - increases footprint. With this change, there is only one - library for the basic APIs systemd provides. Also, - "sd-bus.h", "sd-memfd.h", "sd-event.h", "sd-rtnl.h", - "sd-resolve.h", "sd-utf8.h" are found in this library as - well, however are subject to the --enable-kdbus switch (see - below). Note that "sd-dhcp-client.h" and "sd-daemon.h" are not - part of this library (the former because it only consumes, - never provides, services of/to other APIs, and the latter - because it is completely standalone). To make the transition + symbols. So far, we've managed to workaround that by linking + a copy of a good part of our code into each of these + libraries again and again, which, however, makes certain + things hard to do, like sharing static variables. Also, it + substantially increases footprint. With this change, there + is only one library for the basic APIs systemd + provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h", + "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this + library as well, however are subject to the --enable-kdbus + switch (see below). Note that "sd-dhcp-client.h" is not part + of this library (this is because it only consumes, never + provides, services of/to other APIs). To make the transition easy from the separate libraries to the unified one, we provide the --enable-compat-libs compile-time switch which will generate stub libraries that are compatible with the @@ -381,7 +496,9 @@ CHANGES WITH 209: * systemd-nspawn gained a new --personality= switch for setting the kernel personality for the container. This is - useful when running a 32bit container on a 64bit host. + useful when running a 32bit container on a 64bit host. A + similar option Personality= is now also available in service + units. * logind will now also track a "Desktop" identifier for each session which encodes the desktop environment of it. This is @@ -414,6 +531,9 @@ CHANGES WITH 209: SystemCallArchitectures= setting in system.conf now to turn off support for non-native system calls system-wide. + * systemd requires a kernel with a working name_to_handle_at(), + please see the kernel config requirements in the README file. + Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov, Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera, Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters, @@ -439,7 +559,7 @@ CHANGES WITH 209: Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-02-xx + -- Berlin, 2014-02-20 CHANGES WITH 208: