X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=d5d4697d79bc27d1473748ddec3b8fbdfde9256d;hp=00727d15119615c70d05dd25f6ad3cd1fb28a742;hb=f47ad59316ddbfce0b24edac752222d300ed0da4;hpb=45df8656ebb1b0559a75993d1508fc61c2d39829 diff --git a/NEWS b/NEWS index 00727d151..d5d4697d7 100644 --- a/NEWS +++ b/NEWS @@ -1,11 +1,648 @@ systemd System and Service Manager +CHANGES WITH 217: + + * journalctl gained the new options -t/--identifier= to match + on the syslog identifier (aka "tag"), as well as --utc to + show log timestamps in the UTC timezone. journalctl now also + accepts -n/--lines=all to disable line capping in a pager. + + * Services can notify the manager before they start a reload + (by sending RELOADING=1) or shutdown (by sending + STOPPING=1). This allows the manager to track and show the + internal state of daemons and closes a race condition when + the process is still running but has closed its D-Bus + connection. + + * Services with Type=oneshot do not have to have any ExecStart + commands anymore. + + * User units are now loaded also from + $XDG_RUNTIME_DIR/systemd/user/. This is similar to the + /run/systemd/user directory that was already previously + supported, but is under the control of the user. + + * Job timeouts (i.e. time-outs on the time a job that is + queued stays in the run queue) can now optionally result in + immediate reboot or power-off actions (JobTimeoutAction= and + JobTimeoutRebootArgument=). This is useful on ".target" + units, to limit the maximum time a target remains + undispatched in the run queue, and to trigger an emergency + operation in such a case. This is now used by default to + turn off the system if boot-up (as defined by everything in + basic.target) hangs and does not complete for at least + 15min. Also, if power-off or reboot hang for at least 30min + an immediate power-off/reboot operation is triggered. This + functionality is particularly useful to increase reliability + on embedded devices, but also on laptops which might + accidentally get powered on when carried in a backpack and + whose boot stays stuck in a hard disk encryption passphrase + question. + + * systemd-logind can be configured to also handle lid switch + events even when the machine is docked or multiple displays + are attached (HandleLidSwitchDocked= option). + + * A helper binary and a service have been added which can be + used to resume from hibernation in the initramfs. A + generator will parse the resume= option on the kernel + command-line to trigger resume. + + * A user console daemon systemd-consoled has been + added. Currently, it is a preview, and will so far open a + single terminal on each session of the user marked as + Desktop=systemd-console. + + * Route metrics can be specified for DHCP routes added by + systemd-networkd. + + * The SELinux context of socket-activated services can be set + from the information provided by the networking stack + (SELinuxContextFromNet= option). + + * Userspace firmware loading support has been removed and + the minimum supported kernel version is thus bumped to 3.7. + + * Timeout for udev workers has been increased from 1 to 3 + minutes, but a warning will be printed after 1 minute to + help diagnose kernel modules that take a long time to load. + + * Udev rules can now remove tags on devices with TAG-="foobar". + + * systemd's readahead implementation has been removed. In many + circumstances it didn't give expected benefits even for + rotational disk drives and was becoming less relevant in the + age of SSDs. As none of the developers has been using + rotating media anymore, and nobody stepped up to actively + maintain this component of systemd it has now been removed. + + * Swap units can use Options= to specify discard options. + Discard options specified for swaps in /etc/fstab are now + respected. + + * Docker containers are now detected as a separate type of + virtualization. + + * The Password Agent protocol gained support for queries where + the user input is shown, useful e.g. for user names. + systemd-ask-password gained a new --echo option to turn that + on. + + * The default sysctl.d/ snippets will now set: + + net.core.default_qdisc = fq_codel + + This selects Fair Queuing Controlled Delay as the default + queuing discipline for network interfaces. fq_codel helps + fight the network bufferbloat problem. It is believed to be + a good default with no tuning required for most workloads. + Downstream distributions may override this choice. On 10Gbit + servers that do not do forwarding, "fq" may perform better. + Systems without a good clocksource should use "pfifo_fast". + + * If kdbus is enabled during build a new option BusPolicy= is + available for service units, that allows locking all service + processes into a stricter bus policy, in order to limit + access to various bus services, or even hide most of them + from the service's view entirely. + + * networkctl will now show the .network and .link file + networkd has applied to a specific interface. + + * sd-login gained a new API call sd_session_get_desktop() to + query which desktop environment has been selected for a + session. + + * UNIX utmp support is now compile-time optional to support + legacy-free systems. + + * systemctl gained two new commands "add-wants" and + "add-requires" for pulling in units from specific targets + easily. + + * If the word "rescue" is specified on the kernel command line + the system will now boot into rescue mode (aka + rescue.target), which was previously available only by + specifying "1" or "systemd.unit=rescue.target" on the kernel + command line. This new kernel command line option nicely + mirrors the already existing "emergency" kernel command line + option. + + * New kernel command line options mount.usr=, mount.usrflags=, + mount.usrfstype= have been added that match root=, rootflags=, + rootfstype= but allow mounting a specific file system to + /usr. + + * The $NOTIFY_SOCKET is now also passed to control processes of + services, not only the main process. + + * This version reenables support for fsck's -l switch. This + means at least version v2.25 of util-linux is required for + operation, otherwise dead-locks on device nodes may + occur. Again: you need to update util-linux to at least + v2.25 when updating systemd to v217. + + * The "multi-seat-x" tool has been removed from systemd, as + its functionality has been integrated into X servers 1.16, + and the tool is hence redundant. It is recommended to update + display managers invoking this tool to simply invoke X + directly from now on, again. + + * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus + message flag has been added for all of systemd's PolicyKit + authenticated method calls has been added. In particular + this now allows optional interactive authorization via + PolicyKit for many of PID1's privileged operations such as + unit file enabling and disabling. + + * "udevadm hwdb --update" learnt a new switch "--usr" for + placing the rebuilt hardware database in /usr instead of + /etc. When used only hardware database entries stored in + /usr will be used, and any user database entries in /etc are + ignored. This functionality is useful for vendors to ship a + pre-built database on systems where local configuration is + unnecessary or unlikely. + + * Calendar time specifications in .timer units now also + understand the strings "semi-annually", "quarterly" and + "minutely" as shortcuts (in addition to the preexisting + "anually", "hourly", ...). + + * systemd-tmpfiles will now correctly create files in /dev + at boot which are marked for creation only at boot. It is + recommended to always create static device nodes with 'c!' + and 'b!', so that they are created only at boot and not + overwritten at runtime. + + * When the watchdog logic is used for a service (WatchdogSec=) + and the watchdog timeout is hit the service will now be + terminated with SIGABRT (instead of just SIGTERM), in order + to make sure a proper coredump and backtrace is + generated. This ensures that hanging services will result in + similar coredump/backtrace behaviour as services that hit a + segmentation fault. + + Contributions from: Andreas Henriksson, Andrei Borzenkov, + Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L. + Black, Christian Hesse, Cristian Rodríguez, Daniel Buch, + Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David + Herrmann, David Sommerseth, David Strauss, Emil Renner + Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger, + Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo + Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan + Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus + Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz + Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann, + Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl, + Michael Marineau, Michael Olbrich, Michael Scherer, Michal + Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt, + Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard + Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof, + Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd + Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant + Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen, + Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein + Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew + Jędrzejewski-Szmek. + + -- Berlin, 2014-10-28 + +CHANGES WITH 216: + + * timedated no longer reads NTP implementation unit names from + /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP + implementations should add a + + Conflicts=systemd-timesyncd.service + + to their unit files to take over and replace systemd's NTP + default functionality. + + * systemd-sysusers gained a new line type "r" for configuring + which UID/GID ranges to allocate system users/groups + from. Lines of type "u" may now add an additional column + that specifies the home directory for the system user to be + created. Also, systemd-sysusers may now optionally read user + information from STDIN instead of a file. This is useful for + invoking it from RPM preinst scriptlets that need to create + users before the first RPM file is installed since these + files might need to be owned by them. A new + %sysusers_create_inline RPM macro has been introduced to do + just that. systemd-sysusers now updates the shadow files as + well as the user/group databases, which should enhance + compatibility with certain tools like grpck. + + * A number of bus APIs of PID 1 now optionally consult + PolicyKit to permit access for otherwise unprivileged + clients under certain conditions. Note that this currently + doesn't support interactive authentication yet, but this is + expected to be added eventually, too. + + * /etc/machine-info now has new fields for configuring the + deployment environment of the machine, as well as the + location of the machine. hostnamectl has been updated with + new command to update these fields. + + * systemd-timesyncd has been updated to automatically acquire + NTP server information from systemd-networkd, which might + have been discovered via DHCP. + + * systemd-resolved now includes a caching DNS stub resolver + and a complete LLMNR name resolution implementation. A new + NSS module "nss-resolve" has been added which can be used + instead of glibc's own "nss-dns" to resolve hostnames via + systemd-resolved. Hostnames, addresses and arbitrary RRs may + be resolved via systemd-resolved D-Bus APIs. In contrast to + the glibc internal resolver systemd-resolved is aware of + multi-homed system, and keeps DNS server and caches separate + and per-interface. Queries are sent simultaneously on all + interfaces that have DNS servers configured, in order to + properly handle VPNs and local LANs which might resolve + separate sets of domain names. systemd-resolved may acquire + DNS server information from systemd-networkd automatically, + which in turn might have discovered them via DHCP. A tool + "systemd-resolve-host" has been added that may be used to + query the DNS logic in resolved. systemd-resolved implements + IDNA and automatically uses IDNA or UTF-8 encoding depending + on whether classic DNS or LLMNR is used as transport. In the + next releases we intend to add a DNSSEC and mDNS/DNS-SD + implementation to systemd-resolved. + + * A new NSS module nss-mymachines has been added, that + automatically resolves the names of all local registered + containers to their respective IP addresses. + + * A new client tool "networkctl" for systemd-networkd has been + added. It currently is entirely passive and will query + networking configuration from udev, rtnetlink and networkd, + and present it to the user in a very friendly + way. Eventually, we hope to extend it to become a full + control utility for networkd. + + * .socket units gained a new DeferAcceptSec= setting that + controls the kernels' TCP_DEFER_ACCEPT sockopt for + TCP. Similar, support for controlling TCP keep-alive + settings has been added (KeepAliveTimeSec=, + KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for + turning off Nagle's algorithm on TCP has been added + (NoDelay=). + + * logind learned a new session type "web", for use in projects + like Cockpit which register web clients as PAM sessions. + + * timer units with at least one OnCalendar= setting will now + be started only after timer-sync.target has been + reached. This way they will not elapse before the system + clock has been corrected by a local NTP client or + similar. This is particular useful on RTC-less embedded + machines, that come up with an invalid system clock. + + * systemd-nspawn's --network-veth= switch should now result in + stable MAC addresses for both the outer and the inner side + of the link. + + * systemd-nspawn gained a new --volatile= switch for running + container instances with /etc or /var unpopulated. + + * The kdbus client code has been updated to use the new Linux + 3.17 memfd subsystem instead of the old kdbus-specific one. + + * systemd-networkd's DHCP client and server now support + FORCERENEW. There are also new configuration options to + configure the vendor client identifier and broadcast mode + for DHCP. + + * systemd will no longer inform the kernel about the current + timezone, as this is necessarily incorrect and racy as the + kernel has no understanding of DST and similar + concepts. This hence means FAT timestamps will be always + considered UTC, similar to what Android is already + doing. Also, when the RTC is configured to the local time + (rather than UTC) systemd will never synchronize back to it, + as this might confuse Windows at a later boot. + + * systemd-analyze gained a new command "verify" for offline + validation of unit files. + + * systemd-networkd gained support for a couple of additional + settings for bonding networking setups. Also, the metric for + statically configured routes may now be configured. For + network interfaces where this is appropriate the peer IP + address may now be configured. + + * systemd-networkd's DHCP client will no longer request + broadcasting by default, as this tripped up some networks. + For hardware where broadcast is required the feature should + be switched back on using RequestBroadcast=yes. + + * systemd-networkd will now set up IPv4LL addresses (when + enabled) even if DHCP is configured successfully. + + * udev will now default to respect network device names given + by the kernel when the kernel indicates that these are + predictable. This behavior can be tweaked by changing + NamePolicy= in the relevant .link file. + + * A new library systemd-terminal has been added that + implements full TTY stream parsing and rendering. This + library is supposed to be used later on for implementing a + full userspace VT subsystem, replacing the current kernel + implementation. + + * A new tool systemd-journal-upload has been added to push + journal data to a remote system running + systemd-journal-remote. + + * journald will no longer forward all local data to another + running syslog daemon. This change has been made because + rsyslog (which appears to be the most commonly used syslog + implementation these days) no longer makes use of this, and + instead pulls the data out of the journal on its own. Since + forwarding the messages to a non-existent syslog server is + more expensive than we assumed we have now turned this + off. If you run a syslog server that is not a recent rsyslog + version, you have to turn this option on again + (ForwardToSyslog= in journald.conf). + + * journald now optionally supports the LZ4 compressor for + larger journal fields. This compressor should perform much + better than XZ which was the previous default. + + * machinectl now shows the IP addresses of local containers, + if it knows them, plus the interface name of the container. + + * A new tool "systemd-escape" has been added that makes it + easy to escape strings to build unit names and similar. + + * sd_notify() messages may now include a new ERRNO= field + which is parsed and collected by systemd and shown among the + "systemctl status" output for a service. + + * A new component "systemd-firstboot" has been added that + queries the most basic systemd information (timezone, + hostname, root password) interactively on first + boot. Alternatively it may also be used to provision these + things offline on OS images installed into directories. + + * The default sysctl.d/ snippets will now set + + net.ipv4.conf.default.promote_secondaries=1 + + This has the benefit of no flushing secondary IP addresses + when primary addresses are removed. + + Contributions from: Ansgar Burchardt, Bastien Nocera, Colin + Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel + Mack, Dan Williams, Dave Reisner, David Herrmann, Denis + Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald + Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann + B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin + Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, + Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael + Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, + Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert + Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef + Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas + Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, + Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut + Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-08-19 + CHANGES WITH 215: - * A new system group "input" is introduced, and all input - device nodes get this group assigned. This is useful for - system-level software to get access to input devices. It + + * A new tool systemd-sysusers has been added. This tool + creates system users and groups in /etc/passwd and + /etc/group, based on static declarative system user/group + definitions in /usr/lib/sysusers.d/. This is useful to + enable factory resets and volatile systems that boot up with + an empty /etc directory, and thus need system users and + groups created during early boot. systemd now also ships + with two default sysusers.d/ files for the most basic + users and groups systemd and the core operating system + require. + + * A new tmpfiles snippet has been added that rebuilds the + essential files in /etc on boot, should they be missing. + + * A directive for ensuring automatic clean-up of + /var/cache/man/ has been removed from the default + configuration. This line should now be shipped by the man + implementation. The necessary change has been made to the + man-db implementation. Note that you need to update your man + implementation to one that ships this line, otherwise no + automatic clean-up of /var/cache/man will take place. + + * A new condition ConditionNeedsUpdate= has been added that + may conditionalize services to only run when /etc or /var + are "older" than the vendor operating system resources in + /usr. This is useful for reconstructing or updating /etc + after an offline update of /usr or a factory reset, on the + next reboot. Services that want to run once after such an + update or reset should use this condition and order + themselves before the new systemd-update-done.service, which + will mark the two directories as fully updated. A number of + service files have been added making use of this, to rebuild + the udev hardware database, the journald message catalog and + dynamic loader cache (ldconfig). The systemd-sysusers tool + described above also makes use of this now. With this in + place it is now possible to start up a minimal operating + system with /etc empty cleanly. For more information on the + concepts involved see this recent blog story: + + http://0pointer.de/blog/projects/stateless.html + + * A new system group "input" has been introduced, and all + input device nodes get this group assigned. This is useful + for system-level software to get access to input devices. It complements what is already done for "audio" and "video". + * systemd-networkd learnt minimal DHCPv4 server support in + addition to the existing DHCPv4 client support. It also + learnt DHCPv6 client and IPv6 Router Solicitation client + support. The DHCPv4 client gained support for static routes + passed in from the server. Note that the [DHCPv4] section + known in older systemd-networkd versions has been renamed to + [DHCP] and is now also used by the DHCPv6 client. Existing + .network files using settings of this section should be + updated, though compatibility is maintained. Optionally, the + client hostname may now be sent to the DHCP server. + + * networkd gained support for vxlan virtual networks as well + as tun/tap and dummy devices. + + * networkd gained support for automatic allocation of address + ranges for interfaces from a system-wide pool of + addresses. This is useful for dynamically managing a large + number of interfaces with a single network configuration + file. In particular this is useful to easily assign + appropriate IP addresses to the veth links of a large number + of nspawn instances. + + * RPM macros for processing sysusers, sysctl and binfmt + drop-in snippets at package installation time have been + added. + + * The /etc/os-release file should now be placed in + /usr/lib/os-release. The old location is automatically + created as symlink. /usr/lib is the more appropriate + location of this file, since it shall actually describe the + vendor operating system shipped in /usr, and not the + configuration stored in /etc. + + * .mount units gained a new boolean SloppyOptions= setting + that maps to mount(8)'s -s option which enables permissive + parsing of unknown mount options. + + * tmpfiles learnt a new "L+" directive which creates a symlink + but (unlike "L") deletes a pre-existing file first, should + it already exist and not already be the correct + symlink. Similar, "b+", "c+" and "p+" directives have been + added as well, which create block and character devices, as + well as fifos in the filesystem, possibly removing any + pre-existing files of different types. + + * For tmpfiles' "L", "L+", "C" and "C+" directives the final + 'argument' field (which so far specified the source to + symlink/copy the files from) is now optional. If omitted the + same file os copied from /usr/share/factory/ suffixed by the + full destination path. This is useful for populating /etc + with essential files, by copying them from vendor defaults + shipped in /usr/share/factory/etc. + + * A new command "systemctl preset-all" has been added that + applies the service preset settings to all installed unit + files. A new switch --preset-mode= has been added that + controls whether only enable or only disable operations + shall be executed. + + * A new command "systemctl is-system-running" has been added + that allows checking the overall state of the system, for + example whether it is fully up and running. + + * When the system boots up with an empty /etc, the equivalent + to "systemctl preset-all" is executed during early boot, to + make sure all default services are enabled after a factory + reset. + + * systemd now contains a minimal preset file that enables the + most basic services systemd ships by default. + + * Unit files' [Install] section gained a new DefaultInstance= + field for defining the default instance to create if a + template unit is enabled with no instance specified. + + * A new passive target cryptsetup-pre.target has been added + that may be used by services that need to make they run and + finish before the first LUKS cryptographic device is set up. + + * The /dev/loop-control and /dev/btrfs-control device nodes + are now owned by the "disk" group by default, opening up + access to this group. + + * systemd-coredump will now automatically generate a + stack trace of all core dumps taking place on the system, + based on elfutils' libdw library. This stack trace is logged + to the journal. + + * systemd-coredump may now optionally store coredumps directly + on disk (in /var/lib/systemd/coredump, possibly compressed), + instead of storing them unconditionally in the journal. This + mode is the new default. A new configuration file + /etc/systemd/coredump.conf has been added to configure this + and other parameters of systemd-coredump. + + * coredumpctl gained a new "info" verb to show details about a + specific coredump. A new switch "-1" has also been added + that makes sure to only show information about the most + recent entry instead of all entries. Also, as the tool is + generally useful now the "systemd-" prefix of the binary + name has been removed. Distributions that want to maintain + compatibility with the old name should add a symlink from + the old name to the new name. + + * journald's SplitMode= now defaults to "uid". This makes sure + that unprivileged users can access their own coredumps with + coredumpctl without restrictions. + + * New kernel command line options "systemd.wants=" (for + pulling an additional unit during boot), "systemd.mask=" + (for masking a specific unit for the boot), and + "systemd.debug-shell" (for enabling the debug shell on tty9) + have been added. This is implemented in the new generator + "systemd-debug-generator". + + * systemd-nspawn will now by default filter a couple of + syscalls for containers, among them those required for + kernel module loading, direct x86 IO port access, swap + management, and kexec. Most importantly though + open_by_handle_at() is now prohibited for containers, + closing a hole similar to a recently discussed vulnerability + in docker regarding access to files on file hierarchies the + container should normally not have access to. Note that for + nspawn we generally make no security claims anyway (and + this is explicitly documented in the man page), so this is + just a fix for one of the most obvious problems. + + * A new man page file-hierarchy(7) has been added that + contains a minimized, modernized version of the file system + layout systemd expects, similar in style to the FHS + specification or hier(5). A new tool systemd-path(1) has + been added to query many of these paths for the local + machine and user. + + * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no + longer done. Since the directory now has a per-user size + limit, and is cleaned on logout this appears unnecessary, + in particular since this now brings the lifecycle of this + directory closer in line with how IPC objects are handled. + + * systemd.pc now exports a number of additional directories, + including $libdir (which is useful to identify the library + path for the primary architecture of the system), and a + couple of drop-in directories. + + * udev's predictable network interface names now use the dev_port + sysfs attribute, introduced in linux 3.15 instead of dev_id to + distinguish between ports of the same PCI function. dev_id should + only be used for ports using the same HW address, hence the need + for dev_port. + + * machined has been updated to export the OS version of a + container (read from /etc/os-release and + /usr/lib/os-release) on the bus. This is now shown in + "machinectl status" for a machine. + + * A new service setting RestartForceExitStatus= has been + added. If configured to a set of exit signals or process + return values, the service will be restarted when the main + daemon process exits with any of them, regardless of the + Restart= setting. + + * systemctl's -H switch for connecting to remote systemd + machines has been extended so that it may be used to + directly connect to a specific container on the + host. "systemctl -H root@foobar:waldi" will now connect as + user "root" to host "foobar", and then proceed directly to + the container named "waldi". Note that currently you have to + authenticate as user "root" for this to work, as entering + containers is a privileged operation. + + Contributions from: Andreas Henriksson, Benjamin Steinwender, + Carl Schaefer, Christian Hesse, Colin Ian King, Cristian + Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene + Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo + Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart + Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine + Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, + Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le + Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, + Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe + Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar + Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-07-03 + CHANGES WITH 214: * As an experimental feature, udev now tries to lock the @@ -64,7 +701,7 @@ CHANGES WITH 214: moved to /run/systemd/resolve/. If you have a symlink from /etc/resolv.conf, it might be necessary to correct it. - * Two new service settings, ProtectedHome= and ProtectedSystem=, + * Two new service settings, ProtectHome= and ProtectSystem=, have been added. When enabled, they will make the user data (such as /home) inaccessible or read-only and the system (such as /usr) read-only, for specific services. This allows @@ -176,7 +813,7 @@ CHANGES WITH 214: * Access modes specified in tmpfiles snippets may now be prefixed with "~", which indicates that they shall be masked - by whether the existing file or directly is currently + by whether the existing file or directory is currently writable, readable or executable at all. Also, if specified, the sgid/suid/sticky bits will be masked for all non-directories. @@ -1183,7 +1820,7 @@ CHANGES WITH 208: kernel, and on seats that are not seat0. * A new kernel command line option luks.options= is understood - now which allows specifiying LUKS options for usage for LUKS + now which allows specifying LUKS options for usage for LUKS encrypted partitions specified with luks.uuid=. * tmpfiles.d(5) snippets may now use specifier expansion in @@ -1334,8 +1971,8 @@ CHANGES WITH 207: certain paths from operation. * journald will now automatically flush all messages to disk - as soon as a message of the log priorities CRIT, ALERT or - EMERG is received. + as soon as a message at the log level CRIT, ALERT or EMERG + is received. Contributions from: Andrew Cook, Brandon Philips, Christian Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,