systemd System and Service Manager
-CHANGES WITH 239 in spe:
+CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: elogind-udevd's "net_id"
- builtin may name network interfaces differently than in previous
- versions. SR-IOV virtual functions and NPAR partitions with PCI
- function numbers of 8 and above will be named more predictably, and
- udev may generate names based on the PCI slot number in some cases
- where it previously did not.
+ builtin will name network interfaces differently than in previous
+ versions for virtual network interfaces created with SR-IOV and NPAR
+ and for devices where the PCI network controller device does not have
+ a slot number associated.
+
+ SR-IOV virtual devices are now named based on the name of the parent
+ interface, with a suffix of "v<N>", where <N> is the virtual device
+ number. Previously those virtual devices were named as if completely
+ independent.
+
+ The ninth and later NPAR virtual devices will be named following the
+ scheme used for the first eight NPAR partitions. Previously those
+ devices were not renamed and the kernel default (eth<n>) was used.
+
+ "net_id" will also generate names for PCI devices where the PCI
+ network controller device does not have an associated slot number
+ itself, but one of its parents does. Previously those devices were
+ not renamed and the kernel default (eth<n>) was used.
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
elogind.service. Since v235, IPAddressDeny=any has been set to
- the unit. So, it is expected that the default behavior of elogind
- is not changed. However, if distribution packagers or administrators
- disabled or modified IPAddressDeny= setting by a drop-in config file,
- then it may be necessary to update the file to re-enable AF_INET and
- AF_INET6 to support network user name services, e.g. NIS.
-
- * When the RestrictNamespaces= unit property is specified multiple times,
- then the specified types are merged now. Previously, only the last
- assignment was used. So, if distribution packagers or administrators
- modified the setting by a drop-in config file, then it may be necessary
- to update the file.
+ the unit. So, it is expected that the default behavior of
+ elogind is not changed. However, if distribution packagers or
+ administrators disabled or modified IPAddressDeny= setting by a
+ drop-in config file, then it may be necessary to update the file to
+ re-enable AF_INET and AF_INET6 to support network user name services,
+ e.g. NIS.
+
+ * When the RestrictNamespaces= unit property is specified multiple
+ times, then the specified types are merged now. Previously, only the
+ last assignment was used. So, if distribution packagers or
+ administrators modified the setting by a drop-in config file, then it
+ may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
- behaviour that wasn't useful. systemctl disable/unmask will now
- undo both runtime and persistent enablement/masking, i.e. it will
- remove any relevant symlinks both in /run and /etc.
+ behaviour that wasn't useful. systemctl disable/unmask will now undo
+ both runtime and persistent enablement/masking, i.e. it will remove
+ any relevant symlinks both in /run and /etc.
+
+ * Note that all long-running system services shipped with elogind will
+ now default to a system call whitelist (rather than a blacklist, as
+ before). In particular, elogind-udevd will now enforce one too. For
+ most cases this should be safe, however downstream distributions
+ which disabled sandboxing of elogind-udevd (specifically the
+ MountFlags= setting), might want to disable this security feature
+ too, as the default whitelisting will prohibit all mount, swap,
+ reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
configuration settings to change the resolution explicitly.
* The elogind-resolve tool has been renamed to resolvectl (it also
- * elogind-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
- turned off by default, use PrivateDNS=opportunistic to turn it on in
+ * elogind-resolved now supports DNS-over-TLS. It's still
+ turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.
interface is now verb-based, similar in style to the other <xyz>ctl
tools, such as systemctl or loginctl.
- * The resolvectl/elogind-resolve tool also provides 'resolveconf'
- compatibility. It may be symlinked under the 'resolveconf' name, in
+ * The resolvectl/elogind-resolve tool also provides 'resolvconf'
+ compatibility. It may be symlinked under the 'resolvconf' name, in
which case it will take arguments and input compatible with the
Debian and FreeBSD resolvconf tool.
name following the last dash.
* Unit files and other configuration files that support specifier
- expansion now understand another two new specifiers: %T and %V will
+ expansion now understand another three new specifiers: %T and %V will
resolve to /tmp and /var/tmp respectively, or whatever temporary
- directory has been set for the calling user.
+ directory has been set for the calling user. %E will expand to either
+ /etc (for system units) or $XDG_CONFIG_HOME (for user units).
* The ExecStart= lines of unit files are no longer required to
reference absolute paths. If non-absolute paths are specified the
* Units gained a new load state "bad-setting", which is used when a
unit file was loaded, but contained fatal errors which prevent it
- from being started (for example, an ExecStart= path which references
- a non-existent executable).
+ from being started (for example, a service unit has been defined
+ lacking both ExecStart= and ExecStop= lines).
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
support alternative debuggers, for example lldb. The old name
example, "elogind-tmpfiles --cat-config" will now output the full
list of tmpfiles.d/ lines in place.
- * timedatectl gained two new verbs "timesync-status" (to show the
- current NTP synchronization state of elogind-timesyncd) and
- "show-timesync" (to show bus properties of elogind-timesyncd).
+ * timedatectl gained three new verbs: "show" shows bus properties of
+ elogind-timedated, "timesync-status" shows the current NTP
+ synchronization state of elogind-timesyncd, and "show-timesync"
+ shows bus properties of elogind-timesyncd.
* elogind-timesyncd gained a bus interface on which it exposes details
about its state.
https://github.com/systemd/systemd/blob/master/doc/PORTABLE_SERVICES.md
https://github.com/systemd/systemd/blob/master/doc/CODE_QUALITY.md
+ * The Boot Loader Specification has been added to the source tree.
+
+ https://github.com/systemd/systemd/blob/master/doc/BOOT_LOADER_SPECIFICATION.md
+
+ While moving it into our source tree we have updated it and further
+ changes are now accepted through the usual github PR workflow.
+
* pam_elogind will now look for PAM userdata fields elogind.memory_max,
elogind.tasks_max, elogind.cpu_weight, elogind.io_weight set by
earlier PAM modules. The data in these fields is used to initialize
system namespacing options. One such service is elogind-udevd.service
wher this is now used by default.
+ * ConditionSecurity= gained a new value "uefi-secureboot" that is true
+ when the system is booted in UEFI "secure mode".
+
+ * A new unit "system-update-pre.target" is added, which defines an
+ optional synchronization point for offline system updates, as
+ implemented by the pre-existing "system-update.target" unit. It
+ allows ordering services before the service that executes the actual
+ update process in a generic way.
+
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
- Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud
- Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian
- Brauner, Christian Hesse, Daniel Dao, Daniel Lin, Danylo Korostil,
- Davide Cavalca, David Tardon, Dimitri John Ledkov, Dmitriy Geels,
- Douglas Christman, Elia Geretto, emelenas, Evegeny Vereshchagin, Evgeny
- Vereshchagin, Felipe Sateler, Feng Sun, Filipe Brandenburger, Franck
- Bui, futpib, Giuseppe Scrivano, Guillem Jover, guixxx, Hans de Goede,
- Henrique Dante de Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko,
- Ivan Shapovalov, James Cowgill, Jan Janssen, Jan Synacek, Jared
- Kazimir, João Paulo Rechi Vita, Joost Heitbrink, juergbi, Jui-Chi Ricky
- Liang, Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri
- Tirkkonen, Lennart Poettering, Leonard, Long Li, Luca Boccassi, Lucas
- Werkmeister, Marcel Hoppe, Marc Kleine-Budde, Mario Limonciello, Martin
- Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Michael
- Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal Sekletar,
- Mike Gilbert, Mikhail Kasimov, Milan, Milan Broz, mourikwa, Muhammet
- Kara, Nicolas Boichat, Omer Katz, Paride Legovini, Paul Menzel, Paul
- Milliken, Peter A. Bigot, Peter Hutterer, Peter Jones, Philip Sequeira,
- Philip Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de
- Araujo, Rosen Penev, rubensa, Ryan Gonzalez, Salvo 'LtWorf' Tomaselli,
- Sebastian Reichel, Sergio Lindo Mansilla, Stefan Schweter, Stephen
- Hemminger, Stuart Hayes, Susant Sahani, Sylvain Plantefève, Thomas
- H. P. Andersen, Tobias Jungel, Tomasz Torcz, Vito Caputo, Will Dietz,
- Will Thompson, xginn8, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
-
- — Berlin, 2018-06-XX
+ Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
+ J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
+ Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
+ Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
+ Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
+ Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
+ Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
+ guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
+ Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
+ Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
+ Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
+ Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
+ Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
+ Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
+ Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
+ Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
+ Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
+ Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
+ Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
+ Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
+ Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
+ Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
+ Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
+ Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
+ Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
+ Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
+ Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
+ Yu Watanabe, Zbigniew Jędrzejewski-Szmek
+
+ — Berlin, 2018-06-22
CHANGES WITH 238:
~ianmdlvl / elogind.git / blobdiff