X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=f9929d0725d8528c23413e593291c5529745deab;hp=c39939c901b42441c2ce303c2553fc5ef7139cd3;hb=07beec1244817a0e6e9d79798f7c65bd89b23549;hpb=efc0ac6af6a105e38d1b0a37d8d5d016c76713cc diff --git a/NEWS b/NEWS index c39939c90..f9929d072 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,487 @@ systemd System and Service Manager +CHANGES WITH 206: + + * The documentation has been updated to cover the various new + concepts introduced with 205. + + * Unit files now understand the new %v specifier which + resolves to the kernel version string as returned by "uname + -r". + + * systemctl now supports filtering the unit list output by + load state, active state and sub state, using the new + --state= parameter. + + * "systemctl status" will now show the results of the + condition checks (like ConditionPathExists= and similar) of + the last start attempts of the unit. They are also logged to + the journal. + + * "journalctl -b" may now be used to look for boot output of a + specific boot. Try "journalctl -b -1" for the previous boot, + but the syntax is substantially more powerful. + + * "journalctl --show-cursor" has been added which prints the + cursor string the last shown log line. This may then be used + with the new "journalctl --after-cursor=" switch to continue + browsing logs from that point on. + + * "journalctl --force" may now be used to force regeneration + of an FSS key. + + * Creation of "dead" device nodes has been moved from udev + into kmod and tmpfiles. Previously, udev would read the kmod + databases to pre-generate dead device nodes based on meta + information contained in kernel modules, so that these would + be auto-loaded on access rather then at boot. As this + doesn't really have much to do with the exposing actual + kernel devices to userspace this has always been slightly + alien in the udev codebase. Following the new scheme kmod + will now generate a runtime snippet for tmpfiles from the + module meta information and it now is tmpfiles' job to the + create the nodes. This also allows overriding access and + other parameters for the nodes using the usual tmpfiles + facilities. As side effect this allows us to remove the + CAP_SYS_MKNOD capability bit from udevd entirely. + + * logind's device ACLs may now be applied to these "dead" + devices nodes too, thus finally allowing managed access to + devices such as /dev/snd/sequencer whithout loading the + backing module right-away. + + * A new RPM macro has been added that may be used to apply + tmpfiles configuration during package installation. + + * systemd-detect-virt and ConditionVirtualization= now can + detect User-Mode-Linux machines (UML). + + * journald will now implicitly log the effective capabilities + set of processes in the message metadata. + + * systemd-cryptsetup has gained support for TrueCrypt volumes. + + * The initrd interface has been simplified (more specifically, + support for passing performance data via environment + variables and fsck results via files in /run has been + removed). These features were non-essential, and are + nowadays available in a much nicer way by having systemd in + the initrd serialize its state and have the hosts systemd + deserialize it again. + + * The udev "keymap" data files and tools to apply keyboard + specific mappings of scan to key codes, and force-release + scan code lists have been entirely replaced by a udev + "keyboard" builtin and a hwdb data file. + + * systemd will now honour the kernel's "quiet" command line + argument also during late shutdown, resulting in a + completely silent shutdown when used. + + * There's now an option to control the SO_REUSEPORT socket + option in .socket units. + + * Instance units will now automatically get a per-template + subslice of system.slice unless something else is explicitly + configured. For example, instances of sshd@.service will now + implicitly be placed in system-sshd.slice rather than + system.slice as before. + + * Test coverage support may now be enabled at build time. + + Contributions from: Dave Reisner, Frederic Crozat, Harald + Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan + Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart + Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael + Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden, + Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William + Giokas, Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 205: + + * Two new unit types have been introduced: + + Scope units are very similar to service units, however, are + created out of pre-existing processes -- instead of PID 1 + forking off the processes. By using scope units it is + possible for system services and applications to group their + own child processes (worker processes) in a powerful way + which then maybe used to organize them, or kill them + together, or apply resource limits on them. + + Slice units may be used to partition system resources in an + hierarchial fashion and then assign other units to them. By + default there are now three slices: system.slice (for all + system services), user.slice (for all user sessions), + machine.slice (for VMs and containers). + + Slices and scopes have been introduced primarily in + context of the work to move cgroup handling to a + single-writer scheme, where only PID 1 + creates/removes/manages cgroups. + + * There's a new concept of "transient" units. In contrast to + normal units these units are created via an API at runtime, + not from configuration from disk. More specifically this + means it is now possible to run arbitrary programs as + independent services, with all execution parameters passed + in via bus APIs rather than read from disk. Transient units + make systemd substantially more dynamic then it ever was, + and useful as a general batch manager. + + * logind has been updated to make use of scope and slice units + for managing user sessions. As a user logs in he will get + his own private slice unit, to which all sessions are added + as scope units. We also added support for automatically + adding an instance of user@.service for the user into the + slice. Effectively logind will no longer create cgroup + hierarchies on its own now, it will defer entirely to PID 1 + for this by means of scope, service and slice units. Since + user sessions this way become entities managed by PID 1 + the output of "systemctl" is now a lot more comprehensive. + + * A new mini-daemon "systemd-machined" has been added which + may be used by virtualization managers to register local + VMs/containers. nspawn has been updated accordingly, and + libvirt will be updated shortly. machined will collect a bit + of meta information about the VMs/containers, and assign + them their own scope unit (see above). The collected + meta-data is then made available via the "machinectl" tool, + and exposed in "ps" and similar tools. machined/machinectl + is compile-time optional. + + * As discussed earlier, the low-level cgroup configuration + options ControlGroup=, ControlGroupModify=, + ControlGroupPersistent=, ControlGroupAttribute= have been + removed. Please use high-level attribute settings instead as + well as slice units. + + * A new bus call SetUnitProperties() has been added to alter + various runtime parameters of a unit. This is primarily + useful to alter cgroup parameters dynamically in a nice way, + but will be extended later on to make more properties + modifiable at runtime. systemctl gained a new set-properties + command that wraps this call. + + * A new tool "systemd-run" has been added which can be used to + run arbitrary command lines as transient services or scopes, + while configuring a number of settings via the command + line. This tool is currently very basic, however already + very useful. We plan to extend this tool to even allow + queuing of execution jobs with time triggers from the + command line, similar in fashion to "at". + + * nspawn will now inform the user explicitly that kernels with + audit enabled break containers, and suggest the user to turn + off audit. + + * Support for detecting the IMA and AppArmor security + frameworks with ConditionSecurity= has been added. + + * journalctl gained a new "-k" switch for showing only kernel + messages, mimicking dmesg output; in addition to "--user" + and "--system" switches for showing only user's own logs + and system logs. + + * systemd-delta can now show information about drop-in + snippets extending unit files. + + * libsystemd-bus has been substantially updated but is still + not available as public API. + + * systemd will now look for the "debug" argument on the kernel + command line and enable debug logging, similar to + "systemd.log_level=debug" already did before. + + * "systemctl set-default", "systemctl get-default" has been + added to configure the default.target symlink, which + controls what to boot into by default. + + * "systemctl set-log-level" has been added as a convenient + way to raise and lower systemd logging threshold. + + * "systemd-analyze plot" will now show the time the various + generators needed for execution, as well as information + about the unit file loading. + + * libsystemd-journal gained a new sd_journal_open_files() call + for opening specific journal files. journactl also gained a + new switch to expose this new functionality. Previously we + only supported opening all files from a directory, or all + files from the system, as opening individual files only is + racy due to journal file rotation. + + * systemd gained the new DefaultEnvironment= setting in + /etc/systemd/system.conf to set environment variables for + all services. + + * If a privileged process logs a journal message with the + OBJECT_PID= field set, then journald will automatically + augment this with additional OBJECT_UID=, OBJECT_GID=, + OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if + system services want to log events about specific client + processes. journactl/systemctl has been updated to make use + of this information if all log messages regarding a specific + unit is requested. + + Contributions from: Auke Kok, Chengwei Yang, Colin Walters, + Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave + Reisner, David Coppa, David King, David Strauss, Eelco + Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander + Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan + Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart + Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer, + Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer, + Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan, + Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern, + Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar, + Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek, + Łukasz Stelmach, 장동준 + +CHANGES WITH 204: + + * The Python bindings gained some minimal support for the APIs + exposed by libsystemd-logind. + + * ConditionSecurity= gained support for detecting SMACK. Since + this condition already supports SELinux and AppArmor we only + miss IMA for this. Patches welcome! + + Contributions from: Karol Lewandowski, Lennart Poettering, + Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 203: + + * systemd-nspawn will now create /etc/resolv.conf if + necessary, before bind-mounting the host's file onto it. + + * systemd-nspawn will now store meta information about a + container on the container's cgroup as extended attribute + fields, including the root directory. + + * The cgroup hierarchy has been reworked in many ways. All + objects any of the components systemd creates in the cgroup + tree are now suffixed. More specifically, user sessions are + now placed in cgroups suffixed with ".session", users in + cgroups suffixed with ".user", and nspawn containers in + cgroups suffixed with ".nspawn". Furthermore, all cgroup + names are now escaped in a simple scheme to avoid collision + of userspace object names with kernel filenames. This work + is preparation for making these objects relocatable in the + cgroup tree, in order to allow easy resource partitioning of + these objects without causing naming conflicts. + + * systemctl list-dependencies gained the new switches + --plain, --reverse, --after and --before. + + * systemd-inhibit now shows the process name of processes that + have taken an inhibitor lock. + + * nss-myhostname will now also resolve "localhost" + implicitly. This makes /etc/hosts an optional file and + nicely handles that on IPv6 ::1 maps to both "localhost" and + the local hostname. + + * libsystemd-logind.so gained a new call + sd_get_machine_names() to enumerate running containers and + VMs (currently only supported by very new libvirt and + nspawn). sd_login_monitor can now be used to watch + VMs/containers coming and going. + + * .include is not allowed recursively anymore, and only in + unit files. Usually it is better to use drop-in snippets in + .d/*.conf anyway, as introduced with systemd 198. + + * systemd-analyze gained a new "critical-chain" command that + determines the slowest chain of units run during system + boot-up. It is very useful for tracking down where + optimizing boot time is the most beneficial. + + * systemd will no longer allow manipulating service paths in + the name=systemd:/system cgroup tree using ControlGroup= in + units. (But is still fine with it in all other dirs.) + + * There's a new systemd-nspawn@.service service file that may + be used to easily run nspawn containers as system + services. With the container's root directory in + /var/lib/container/foobar it is now sufficient to run + "systemctl start systemd-nspawn@foobar.service" to boot it. + + * systemd-cgls gained a new parameter "--machine" to list only + the processes within a certain container. + + * ConditionSecurity= now can check for "apparmor". We still + are lacking checks for SMACK and IMA for this condition + check though. Patches welcome! + + * A new configuration file /etc/systemd/sleep.conf has been + added that may be used to configure which kernel operation + systemd is supposed to execute when "suspend", "hibernate" + or "hybrid-sleep" is requested. This makes the new kernel + "freeze" state accessible to the user. + + * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape + the passed argument if applicable. + + Contributions from: Auke Kok, Colin Guthrie, Colin Walters, + Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner, + Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh + Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn, + MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel + Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom + Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew + Jędrzejewski-Szmek + +CHANGES WITH 202: + + * The output of 'systemctl list-jobs' got some polishing. The + '--type=' argument may now be passed more than once. A new + command 'systemctl list-sockets' has been added which shows + a list of kernel sockets systemd is listening on with the + socket units they belong to, plus the units these socket + units activate. + + * The experimental libsystemd-bus library got substantial + updates to work in conjunction with the (also experimental) + kdbus kernel project. It works well enough to exchange + messages with some sophistication. Note that kdbus is not + ready yet, and the library is mostly an elaborate test case + for now, and not installable. + + * systemd gained a new unit 'systemd-static-nodes.service' + that generates static device nodes earlier during boot, and + can run in conjunction with udev. + + * libsystemd-login gained a new call sd_pid_get_user_unit() + to retrieve the user systemd unit a process is running + in. This is useful for systems where systemd is used as + session manager. + + * systemd-nspawn now places all containers in the new /machine + top-level cgroup directory in the name=systemd + hierarchy. libvirt will soon do the same, so that we get a + uniform separation of /system, /user and /machine for system + services, user processes and containers/virtual + machines. This new cgroup hierarchy is also useful to stick + stable names to specific container instances, which can be + recognized later this way (this name may be controlled + via systemd-nspawn's new -M switch). libsystemd-login also + gained a new call sd_pid_get_machine_name() to retrieve the + name of the container/VM a specific process belongs to. + + * bootchart can now store its data in the journal. + + * libsystemd-journal gained a new call + sd_journal_add_conjunction() for AND expressions to the + matching logic. This can be used to express more complex + logical expressions. + + * journactl can now take multiple --unit= and --user-unit= + switches. + + * The cryptsetup logic now understands the "luks.key=" kernel + command line switch for specifying a file to read the + decryption key from. Also, if a configured key file is not + found the tool will now automatically fall back to prompting + the user. + + * Python systemd.journal module was updated to wrap recently + added functions from libsystemd-journal. The interface was + changed to bring the low level interface in s.j._Reader + closer to the C API, and the high level interface in + s.j.Reader was updated to wrap and convert all data about + an entry. + + Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer, + Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart + Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer, + Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt, + Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks, + Tom Gundersen, Zbigniew Jędrzejewski-Szmek + +CHANGES WITH 201: + + * journalctl --update-catalog now understands a new --root= + option to operate on catalogs found in a different root + directory. + + * During shutdown after systemd has terminated all running + services a final killing loop kills all remaining left-over + processes. We will now print the name of these processes + when we send SIGKILL to them, since this usually indicates a + problem. + + * If /etc/crypttab refers to password files stored on + configured mount points automatic dependencies will now be + generated to ensure the specific mount is established first + before the key file is attempted to be read. + + * 'systemctl status' will now show information about the + network sockets a socket unit is listening on. + + * 'systemctl status' will also shown information about any + drop-in configuration file for units. (Drop-In configuration + files in this context are files such as + /etc/systemd/systemd/foobar.service.d/*.conf) + + * systemd-cgtop now optionally shows summed up CPU times of + cgroups. Press '%' while running cgtop to switch between + percentage and absolute mode. This is useful to determine + which cgroups use up the most CPU time over the entire + runtime of the system. systemd-cgtop has also been updated + to be 'pipeable' for processing with further shell tools. + + * 'hostnamectl set-hostname' will now allow setting of FQDN + hostnames. + + * The formatting and parsing of time span values has been + changed. The parser now understands fractional expressions + such as "5.5h". The formatter will now output fractional + expressions for all time spans under 1min, i.e. "5.123456s" + rather than "5s 123ms 456us". For time spans under 1s + millisecond values are shown, for those under 1ms + microsecond values are shown. This should greatly improve + all time-related output of systemd. + + * libsystemd-login and libsystemd-journal gained new + functions for querying the poll() events mask and poll() + timeout value for integration into arbitrary event + loops. + + * localectl gained the ability to list available X11 keymaps + (models, layouts, variants, options). + + * 'systemd-analyze dot' gained the ability to filter for + specific units via shell-style globs, to create smaller, + more useful graphs. I.e. it's now possible to create simple + graphs of all the dependencies between only target units, or + of all units that Avahi has dependencies with. + + Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck, + Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly + Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau, + Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal + Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie, + Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav + Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach + +CHANGES WITH 200: + + * The boot-time readahead implementation for rotating media + will now read the read-ahead data in multiple passes which + consist of all read requests made in equidistant time + intervals. This means instead of strictly reading read-ahead + data in its physical order on disk we now try to find a + middle ground between physical and access time order. + + * /etc/os-release files gained a new BUILD_ID= field for usage + on operating systems that provide continuous builds of OS + images. + + Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers, + Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín + William Douglas, Zbigniew Jędrzejewski-Szmek + CHANGES WITH 199: * systemd-python gained an API exposing libsystemd-daemon. @@ -14,7 +496,7 @@ CHANGES WITH 199: ExecStartPre= may now leave data in /tmp that ExecStart= of the same service can still access). When a service is stopped its temporary directories are immediately deleted - (normal clean-up with tmpfiles still is done in addition to + (normal clean-up with tmpfiles is still done in addition to this though). * By default, systemd will now set a couple of sysctl @@ -25,7 +507,7 @@ CHANGES WITH 199: be reasonably safe, and good defaults for all new systems. * The predictable network naming logic may now be turned off - with a new kernel command line switch: net.ifnames=0 + with a new kernel command line switch: net.ifnames=0. * A new libsystemd-bus module has been added that implements a pretty complete D-Bus client library. For details see: @@ -33,10 +515,10 @@ CHANGES WITH 199: http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html * journald will now explicitly flush the journal files to disk - the latest 5min after each write. This will also mark the - files as offline then until the next write. This should - increase reliability. The synchronization delay can be - configured via SyncIntervalSec= in journald.conf. + at the latest 5min after each write. The file will then also + be marked offline until the next write. This should increase + reliability in case of a crash. The synchronization delay + can be configured via SyncIntervalSec= in journald.conf. * There's a new remote-fs-setup.target unit that can be used to pull in specific services when at least one remote file @@ -50,10 +532,10 @@ CHANGES WITH 199: * libudev gained a new call udev_device_set_attribute_value() to set sysfs attributes of a device. - * The udev daemon now adjusts its default number of parallel - executed worker processes based on the number of available + * The udev daemon now sets the default number of worker + processes executed in parallel based on the number of available CPUs instead of the amount of available RAM. This is supposed - to provide a more reliable default and limit a too agressive + to provide a more reliable default and limit a too aggressive paralellism for setups with 1000s of devices connected. Contributions from: Auke Kok, Colin Walters, Cristian @@ -509,7 +991,7 @@ CHANGES WITH 196: the underlying file system of a journal file is capable of properly reporting file change notifications, or whether applications that want to reflect journal changes "live" - need to recheck journal files continously in appropriate + need to recheck journal files continuously in appropriate time intervals. * It is now possible to set the "age" field for tmpfiles @@ -842,7 +1324,7 @@ CHANGES WITH 190: * There's now a new RPM macro definition for the system preset dir: %_presetdir. - * journald will now warn if it can't foward a message to the + * journald will now warn if it can't forward a message to the syslog daemon because it's socket is full. * timedated will no longer write or process /etc/timezone, @@ -977,7 +1459,7 @@ CHANGES WITH 188: the maximum number of iterations to run for. It also gained -b, to run in batch mode (accepting no input). - * The suffix ".service" may now be ommited on most systemctl + * The suffix ".service" may now be omitted on most systemctl command lines involving service unit names. * There's a new bus call in logind to lock all sessions, as @@ -1466,7 +1948,7 @@ CHANGES WITH 44: * Show /etc/os-release data in systemd-analyze output - * Many bugfixes for the journal, including endianess fixes and + * Many bugfixes for the journal, including endianness fixes and ensuring that disk space enforcement works * sd-login.h is C++ comptaible again @@ -1554,7 +2036,7 @@ CHANGES WITH 41: understood to set system wide environment variables dynamically at boot. - * We now limit the set of capabilities of systemd-journald. + * We now limit the set of capabilities of systemd-journald. * We now set SIGPIPE to ignore by default, since it only is useful in shell pipelines, and has little use in general