X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=6fc752ba99b98293a01798dcfb39aa79c0c30325;hp=00727d15119615c70d05dd25f6ad3cd1fb28a742;hb=9c5dcb68b058b6bde056fc1ece768ba74a120091;hpb=45df8656ebb1b0559a75993d1508fc61c2d39829 diff --git a/NEWS b/NEWS index 00727d151..6fc752ba9 100644 --- a/NEWS +++ b/NEWS @@ -1,11 +1,239 @@ systemd System and Service Manager CHANGES WITH 215: - * A new system group "input" is introduced, and all input - device nodes get this group assigned. This is useful for - system-level software to get access to input devices. It + + * A new tool systemd-sysusers has been added. This tool + creates system users and groups in /etc/passwd and + /etc/group, based on static declarative system user/group + definitions in /usr/lib/sysusers.d/. This is useful to + enable factory resets and volatile systems that boot up with + an empty /etc directory, and thus need system users and + groups created during early boot. systemd now also ships + with two default sysusers.d/ files for the most basic + users and groups systemd and the core operating system + require. + + * A new tmpfiles snippet has been added that rebuilds the + essential files in /etc on boot, should they be missing. + + * A directive for ensuring automatic clean-up of + /var/cache/man/ has been removed from the default + configuration. This line should now be shipped by the man + implementation. The necessary change has been made to the + man-db implementation. Note that you need to update your man + implementation to one that ships this line, otherwise no + automatic clean-up of /var/cache/man will take place. + + * A new condition ConditionNeedsUpdate= has been added that + may conditionalize services to only run when /etc or /var + are "older" than the vendor operating system resources in + /usr. This is useful for reconstructing or updating /etc + after an offline update of /usr or a factory reset, on the + next reboot. Services that want to run once after such an + update or reset should use this condition and order + themselves before the new systemd-update-done.service, which + will mark the two directories as fully updated. A number of + service files have been added making use of this, to rebuild + the udev hardware database, the journald message catalog and + dynamic loader cache (ldconfig). The systemd-sysusers tool + described above also makes use of this now. With this in + place it is now possible to start up a minimal operating + system with /etc empty cleanly. For more information on the + concepts involved see this recent blog story: + + http://0pointer.de/blog/projects/stateless.html + + * A new system group "input" has been introduced, and all + input device nodes get this group assigned. This is useful + for system-level software to get access to input devices. It complements what is already done for "audio" and "video". + * systemd-networkd learnt minimal DHCPv4 server support in + addition to the existing DHCPv4 client support. It also + learnt DHCPv6 client and IPv6 Router Solicitation client + support. The DHCPv4 client gained support for static routes + passed in from the server. Note that the [DHCPv4] section + known in older systemd-networkd versions has been renamed to + [DHCP] and is now also used by the DHCPv6 client. Existing + .network files using settings of this section should be + updated, though compatibility is maintained. Optionally, the + client hostname may now be sent to the DHCP server. + + * networkd gained support for vxlan virtual networks as well + as tun/tap and dummy devices. + + * networkd gained support for automatic allocation of address + ranges for interfaces from a system-wide pool of + addresses. This is useful for dynamically managing a large + number of interfaces with a single network configuration + file. In particular this is useful to easily assign + appropriate IP addresses to the veth links of a large number + of nspawn instances. + + * RPM macros for processing sysusers, sysctl and binfmt + drop-in snippets at package installation time have been + added. + + * The /etc/os-release file should now be placed in + /usr/lib/os-release. The old location is automatically + created as symlink. /usr/lib is the more appropriate + location of this file, since it shall actually describe the + vendor operating system shipped in /usr, and not the + configuration stored in /etc. + + * .mount units gained a new boolean SloppyOptions= setting + that maps to mount(8)'s -s option which enables permissive + parsing of unknown mount options. + + * tmpfiles learnt a new "L+" directive which creates a symlink + but (unlike "L") deletes a pre-existing file first, should + it already exist and not already be the correct + symlink. Similar, "b+", "c+" and "p+" directives have been + added as well, which create block and character devices, as + well as fifos in the filesystem, possibly removing any + pre-existing files of different types. + + * For tmpfiles' "L", "L+", "C" and "C+" directives the final + 'argument' field (which so far specified the source to + symlink/copy the files from) is now optional. If omitted the + same file os copied from /usr/share/factory/ suffixed by the + full destination path. This is useful for populating /etc + with essential files, by copying them from vendor defaults + shipped in /usr/share/factory/etc. + + * A new command "systemctl preset-all" has been added that + applies the service preset settings to all installed unit + files. A new switch --preset-mode= has been added that + controls whether only enable or only disable operations + shall be executed. + + * A new command "systemctl is-system-running" has been added + that allows checking the overall state of the system, for + example whether it is fully up and running. + + * When the system boots up with an empty /etc, the equivalent + to "systemctl preset-all" is executed during early boot, to + make sure all default services are enabled after a factory + reset. + + * systemd now contains a minimal preset file that enables the + most basic services systemd ships by default. + + * Unit files' [Install] section gained a new DefaultInstance= + field for defining the default instance to create if a + template unit is enabled with no instance specified. + + * A new passive target cryptsetup-pre.target has been added + that may be used by services that need to make they run and + finish before the first LUKS cryptographic device is set up. + + * The /dev/loop-control and /dev/btrfs-control device nodes + are now owned by the "disk" group by default, opening up + access to this group. + + * systemd-coredump will now automatically generate a + stack trace of all core dumps taking place on the system, + based on elfutils' libdw library. This stack trace is logged + to the journal. + + * systemd-coredump may now optionally store coredumps directly + on disk (in /var/lib/systemd/coredump, possibly compressed), + instead of storing them unconditionally in the journal. This + mode is the new default. A new configuration file + /etc/systemd/coredump.conf has been added to configure this + and other parameters of systemd-coredump. + + * coredumpctl gained a new "info" verb to show details about a + specific coredump. A new switch "-1" has also been added + that makes sure to only show information about the most + recent entry instead of all entries. Also, as the tool is + generally useful now the "systemd-" prefix of the binary + name has been removed. Distributions that want to maintain + compatibility with the old name should add a symlink from + the old name to the new name. + + * journald's SplitMode= now defaults to "uid". This makes sure + that unprivileged users can access their own coredumps with + coredumpctl without restrictions. + + * New kernel command line options "systemd.wants=" (for + pulling an additional unit during boot), "systemd.mask=" + (for masking a specific unit for the boot), and + "systemd.debug-shell" (for enabling the debug shell on tty9) + have been added. This is implemented in the new generator + "systemd-debug-generator". + + * systemd-nspawn will now by default filter a couple of + syscalls for containers, among them those required for + kernel module loading, direct x86 IO port access, swap + management, and kexec. Most importantly though + open_by_handle_at() is now prohibited for containers, + closing a hole similar to a recently discussed vulnerability + in docker regarding access to files on file hierarchies the + container should normally not have access to. Note that for + nspawn we generally make no security claims anyway (and + this is explicitly documented in the man page), so this is + just a fix for one of the most obvious problems. + + * A new man page file-hierarchy(7) has been added that + contains a minimized, modernized version of the file system + layout systemd expects, similar in style to the FHS + specification or hier(5). A new tool systemd-path(1) has + been added to query many of these paths for the local + machine and user. + + * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no + longer done. Since the directory now has a per-user size + limit, and is cleaned on logout this appears unnecessary, + in particular since this now brings the lifecycle of this + directory closer in line with how IPC objects are handled. + + * systemd.pc now exports a number of additional directories, + including $libdir (which is useful to identify the library + path for the primary architecture of the system), and a + couple of drop-in directories. + + * udev's predictable network interface names now use the dev_port + sysfs attribute, introduced in linux 3.15 instead of dev_id to + distinguish between ports of the same PCI function. dev_id should + only be used for ports using the same HW address, hence the need + for dev_port. + + * machined has been updated to export the OS version of a + container (read from /etc/os-release and + /usr/lib/os-release) on the bus. This is now shown in + "machinectl status" for a machine. + + * A new service setting RestartForceExitStatus= has been + added. If configured to a set of exit signals or process + return values, the service will be restarted when the main + daemon process exits with any of them, regardless of the + Restart= setting. + + * systemctl's -H switch for connecting to remote systemd + machines has been extended so that it may be used to + directly connect to a specific container on the + host. "systemctl -H root@foobar:waldi" will now connect as + user "root" to host "foobar", and then proceed directly to + the container named "waldi". Note that currently you have to + authenticate as user "root" for this to work, as entering + containers is a privileged operation. + + Contributions from: Andreas Henriksson, Benjamin Steinwender, + Carl Schaefer, Christian Hesse, Colin Ian King, Cristian + Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene + Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo + Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart + Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine + Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, + Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le + Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, + Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe + Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar + Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-07-03 + CHANGES WITH 214: * As an experimental feature, udev now tries to lock the