device nodes get this group assigned. This is useful for
system-level software to get access to input devices. It
complements what is already done for "audio" and "video".
device nodes get this group assigned. This is useful for
system-level software to get access to input devices. It
complements what is already done for "audio" and "video".
was opened for writing, the close will trigger a partition
table rescan in udev's "watch" facility, and if needed
synthesize "change" events for the disk and all its partitions.
was opened for writing, the close will trigger a partition
table rescan in udev's "watch" facility, and if needed
synthesize "change" events for the disk and all its partitions.
devices are excluded from this logic.
* We temporarily dropped the "-l" switch for fsck invocations,
devices are excluded from this logic.
* We temporarily dropped the "-l" switch for fsck invocations,
* systemd-networkd will no longer automatically attempt to
manually load kernel modules necessary for certain tunnel
* systemd-networkd will no longer automatically attempt to
manually load kernel modules necessary for certain tunnel
automatically when required. This only works correctly on
very new kernels. On older kernels, please consider adding
the kernel modules to /etc/modules-load.d/ as a work-around.
* The resolv.conf file systemd-resolved generates has been
automatically when required. This only works correctly on
very new kernels. On older kernels, please consider adding
the kernel modules to /etc/modules-load.d/ as a work-around.
* The resolv.conf file systemd-resolved generates has been
- moved to /run/systemd/resolve/, if you have a symlink from
- /etc/resolv.conf it might be necessary to correct it.
+ moved to /run/systemd/resolve/. If you have a symlink from
+ /etc/resolv.conf, it might be necessary to correct it.
- * Two new service settings ProtectedHome= and ProtectedSystem=
- have been added. When enabled they will make the user data
+ * Two new service settings, ProtectedHome= and ProtectedSystem=,
+ have been added. When enabled, they will make the user data
(such as /home) inaccessible or read-only and the system
(such as /usr) read-only, for specific services. This allows
very light-weight per-service sandboxing to avoid
(such as /home) inaccessible or read-only and the system
(such as /usr) read-only, for specific services. This allows
very light-weight per-service sandboxing to avoid
all FIFOS and sockets in the file system will be removed
when the specific socket unit is stopped.
* Socket units gained a new Symlinks= setting. It takes a list
of symlinks to create to file system sockets or FIFOs
all FIFOS and sockets in the file system will be removed
when the specific socket unit is stopped.
* Socket units gained a new Symlinks= setting. It takes a list
of symlinks to create to file system sockets or FIFOs
reasons for a process to exit, which includes unclean
signals, core dumps, timeouts and watchdog timeouts, but
does not include clean and unclean exit codes or clean
reasons for a process to exit, which includes unclean
signals, core dumps, timeouts and watchdog timeouts, but
does not include clean and unclean exit codes or clean
- lines. So far they have been non-globbing versions of the
- latter, and have thus been redundant. In future it is
- recommended to only use "z"; and "m" has hence been removed
+ lines. So far, they have been non-globbing versions of the
+ latter, and have thus been redundant. In future, it is
+ recommended to only use "z". "m" has hence been removed
from the documentation, even though it stays supported.
* A tmpfiles snippet to recreate the most basic structure in
/var has been added. This is enough to create the /var/run →
/run symlink and create a couple of structural
directories. This allows systems to boot up with an empty or
from the documentation, even though it stays supported.
* A tmpfiles snippet to recreate the most basic structure in
/var has been added. This is enough to create the /var/run →
/run symlink and create a couple of structural
directories. This allows systems to boot up with an empty or
- volatile /var. Of course, while with this change the core OS
- now is capable with dealing with a volatile /var not all
+ volatile /var. Of course, while with this change, the core OS
+ now is capable with dealing with a volatile /var, not all
that they are able to automatically create their necessary
directories in /var at boot, should they be missing. This is
the first step to allow state-less systems that only require
that they are able to automatically create their necessary
directories in /var at boot, should they be missing. This is
the first step to allow state-less systems that only require
* Access modes specified in tmpfiles snippets may now be
prefixed with "~", which indicates that they shall be masked
by whether the existing file or directly is currently
* Access modes specified in tmpfiles snippets may now be
prefixed with "~", which indicates that they shall be masked
by whether the existing file or directly is currently
- writable, readable or executable at all. Also, if specified
+ writable, readable or executable at all. Also, if specified,
* A new "systemd-timesyncd" daemon has been added for
synchronizing the system clock across the network. It
implements an SNTP client. In contrast to NTP
* A new "systemd-timesyncd" daemon has been added for
synchronizing the system clock across the network. It
implements an SNTP client. In contrast to NTP
this only implements a client side, and does not bother with
the full NTP complexity, focusing only on querying time from
one remote server and synchronizing the local clock to
it. Unless you intend to serve NTP to networked clients or
this only implements a client side, and does not bother with
the full NTP complexity, focusing only on querying time from
one remote server and synchronizing the local clock to
it. Unless you intend to serve NTP to networked clients or
client should be more than appropriate for most
installations. The daemon runs with minimal privileges, and
has been hooked up with networkd to only operate when
client should be more than appropriate for most
installations. The daemon runs with minimal privileges, and
has been hooked up with networkd to only operate when
acquired, and uses this to possibly correct the system clock
early at bootup, in order to accommodate for systems that
lack an RTC such as the Raspberry Pi and embedded devices,
acquired, and uses this to possibly correct the system clock
early at bootup, in order to accommodate for systems that
lack an RTC such as the Raspberry Pi and embedded devices,
needs to be created on installation of systemd.
* The queue "seqnum" interface of libudev has been disabled, as
needs to be created on installation of systemd.
* The queue "seqnum" interface of libudev has been disabled, as
* A new FailureAction= setting has been added for service
units which may be used to specify an operation to trigger
when a service fails. This works similarly to
* A new FailureAction= setting has been added for service
units which may be used to specify an operation to trigger
when a service fails. This works similarly to
* hostnamed has been changed to prefer the statically
configured hostname in /etc/hostname (unless set to
'localhost' or empty) over any dynamic one supplied by
* hostnamed has been changed to prefer the statically
configured hostname in /etc/hostname (unless set to
'localhost' or empty) over any dynamic one supplied by
match more closely the rules of other configuration settings
where the local administrator's configuration in /etc always
overrides any other settings.
match more closely the rules of other configuration settings
where the local administrator's configuration in /etc always
overrides any other settings.