X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=bc79479b2d71e6da3783852b415088c8f47eaf15;hp=ef91f81f0afed5f36125dafd1dfcdec9960d7310;hb=49a32d43de3bd57bced22ed9a94342ea1efbb31c;hpb=c4f1b86299c4ce2a62ce845bc48f2794f5459762 diff --git a/NEWS b/NEWS index ef91f81f0..bc79479b2 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,129 @@ systemd System and Service Manager +CHANGES WITH 189: + + * Support for reading structured kernel messages from + /dev/kmsg has now been added and is enabled by default. + + * Support for reading kernel messages from /proc/kmsg has now + been removed. If you want kernel messages in the journal + make sure to run a recent kernel (>= 3.5) that supports + reading structured messages from /dev/kmsg (see + above). /proc/kmsg is now exclusive property of classic + syslog daemons again. + + * The libudev API gained the new + udev_device_new_from_device_id() call. + + * The logic for file system namespace (ReadOnlyDirectory=, + ReadWriteDirectoy=, PrivateTmp=) has been reworked not to + require pivot_root() anymore. This means fewer temporary + directories are created below /tmp for this feature. + + * nspawn containers will now see and receive all submounts + made on the host OS below the root file system of the + container. + + * Forward Secure Sealing is now supported for Journal files, + which provide cryptographical sealing of journal files so + that attackers cannot alter log history anymore without this + being detectable. Lennart will soon post a blog story about + this explaining it in more detail. + + * There are two new service settings RestartPreventExitStatus= + and SuccessExitStatus= which allow configuration of exit + status (exit code or signal) which will be excepted from the + restart logic, resp. consider successful. + + * journalctl gained the new --verify switch that can be used + to check the integrity of the structure of journal files and + (if Forward Secure Sealing is enabled) the contents of + journal files. + + * nspawn containers will now be run with /dev/stdin, /dev/fd/ + and similar symlinks pre-created. This makes running shells + as container init process a lot more fun. + + * The fstab support can now handle PARTUUID= and PARTLABEL= + entries. + + * A new ConditionHost= condition has been added to match + against the hostname (with globs) and machine ID. This is + useful for clusters where a single OS image is used to + provision a large number of hosts which shall run slightly + different sets of services. + + * Services which hit the restart limit will now be placed in a + failure state. + + Contributions from Bertram Poettering, Dave Reisner, Huang + Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin + Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 188: + + * When running in --user mode systemd will now become a + subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps + tree a lot more organized. + + * A new PartOf= unit dependency type has been introduced that + may be used to group services in a natural way. + + * "systemctl enable" may now be used to enable instances of + services. + + * journalctl now prints error log levels in red, and + warning/notice log levels in bright white. It also supports + filtering by log level now. + + * cgtop gained a new -n switch (similar to top), to configure + the maximum number of iterations to run for. It also gained + -b, to run in batch mode (accepting no input). + + * The suffix ".service" may now be ommited on most systemctl + command lines involving service unit names. + + * There's a new bus call in logind to lock all sessions, as + well as a loginctl verb for it "lock-sessions". + + * libsystemd-logind.so gained a new call sd_journal_perror() + that works similar to libc perror() but logs to the journal + and encodes structured information about the error number. + + * /etc/crypttab entries now understand the new keyfile-size= + option. + + * shutdown(8) now can send a (configurable) wall message when + a shutdown is cancelled. + + * The mount propagation mode for the root file system will now + default to "shared", which is useful to make containers work + nicely out-of-the-box so that they receive new mounts from + the host. This can be undone locally by running "mount + --make-rprivate /" if needed. + + * The prefdm.service file has been removed. Distributions + should maintain this unit downstream if they intend to keep + it around. However, we recommend writing normal unit files + for display managers instead. + + * Since systemd is a crucial part of the OS we will now + default to a number of compiler switches that improve + security (hardening) such as read-only relocations, stack + protection, and suchlike. + + * The TimeoutSec= setting for services is now split into + TimeoutStartSec= and TimeoutStopSec= to allow configuration + of individual time outs for the start and the stop phase of + the service. + + Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke + Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer, + Jim Meyering, Kay Sievers, Lennart Poettering, Mantas + Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter + Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom + Gundersen, Zbigniew Jędrzejewski-Szmek + CHANGES WITH 187: * The journal and id128 C APIs are now fully documented as man @@ -9,7 +133,7 @@ CHANGES WITH 187: the initial RAM disk to the main system to avoid accidental data loss. - * /etc/crypttab entrie now understand the new keyfile-offset= + * /etc/crypttab entries now understand the new keyfile-offset= option. * systemctl -t can now be used to filter by unit load state.