* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
elogind.service. Since v235, IPAddressDeny=any has been set to
- the unit. So, it is expected that the default behavior of elogind
- is not changed. However, if distribution packagers or administrators
- disabled or modified IPAddressDeny= setting by a drop-in config file,
- then it may be necessary to update the file to re-enable AF_INET and
- AF_INET6 to support network user name services, e.g. NIS.
-
- * When the RestrictNamespaces= unit property is specified multiple times,
- then the specified types are merged now. Previously, only the last
- assignment was used. So, if distribution packagers or administrators
- modified the setting by a drop-in config file, then it may be necessary
- to update the file.
+ the unit. So, it is expected that the default behavior of
+ elogind is not changed. However, if distribution packagers or
+ administrators disabled or modified IPAddressDeny= setting by a
+ drop-in config file, then it may be necessary to update the file to
+ re-enable AF_INET and AF_INET6 to support network user name services,
+ e.g. NIS.
+
+ * When the RestrictNamespaces= unit property is specified multiple
+ times, then the specified types are merged now. Previously, only the
+ last assignment was used. So, if distribution packagers or
+ administrators modified the setting by a drop-in config file, then it
+ may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
- behaviour that wasn't useful.
+ behaviour that wasn't useful. systemctl disable/unmask will now undo
+ both runtime and persistent enablement/masking, i.e. it will remove
+ any relevant symlinks both in /run and /etc.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
configuration settings to change the resolution explicitly.
* The elogind-resolve tool has been renamed to resolvectl (it also
+ * elogind-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
+ turned off by default, use PrivateDNS=opportunistic to turn it on in
+ resolved.conf. We intend to make this the default as soon as couple
+ of additional techniques for optimizing the initial latency caused by
+ establishing a TLS/TCP connection are implemented.
+
+ * elogind-resolved.service and elogind-networkd.service now set
+ DynamicUser=yes. The users elogind-resolve and elogind-network are
+ not created by elogind-sysusers.
+
remains available under the old name, for compatibility), and its
interface is now verb-based, similar in style to the other <xyz>ctl
tools, such as systemctl or loginctl.
- * The resolvectl/elogind-resolve tool also provides 'resolveconf'
- compatiblity. It may be symlinked under the 'resolveconf' name, in
+ * The resolvectl/elogind-resolve tool also provides 'resolvconf'
+ compatibility. It may be symlinked under the 'resolvconf' name, in
which case it will take arguments and input compatible with the
Debian and FreeBSD resolvconf tool.
* A new service elogind-time-sync-wait.service has been added. If
enabled it will delay the time-sync.target unit at boot until time
- synchronization has been recieved from the network. This
+ synchronization has been received from the network. This
functionality is useful on systems lacking a local RTC or where it is
acceptable that the boot process shall be delayed by external network
services.
search-binaries-default'. It's generally recommended to continue to
use absolute paths for all binaries specified in unit files.
+ * Units gained a new load state "bad-setting", which is used when a
+ unit file was loaded, but contained fatal errors which prevent it
+ from being started (for example, a service unit has been defined
+ lacking both ExecStart= and ExecStop= lines).
+
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
support alternative debuggers, for example lldb. The old name
continues to be available however, for compatibility reasons. Use the
about its state.
* elogind-nspawn gained a new --rlimit= switch for setting initial
+ * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
+ understood by elogind-timedated. It takes a colon-separated list of
+ unit names of NTP client services. The list is used by
+ "timedatectl set-ntp".
+
resource limits for the container payload. There's a new switch
--hostname= to explicitly override the container's hostname. A new
--no-new-privileges= switch may be used to control the
* A new --dump-bus-properties switch has been added to the elogind
binary, which may be used to dump all supported D-Bus properties.
+ (Options which are still supported, but are deprecated, are *not*
+ shown.)
* sd-bus gained a set of new calls:
sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
* sd-event and sd-bus gained support for calling special user-supplied
destructor functions for userdata pointers associated with
- sd_event_source, sd_bus_slot and sd_bus_track objects.
+ sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
+ functions sd_bus_slot_set_destroy_callback,
+ sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
+ sd_bus_track_get_destroy_callback,
+ sd_event_source_set_destroy_callback,
+ sd_event_source_get_destroy_callback have been added.
* The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
query the default, built-in $PATH PID 1 will pass to the services it
manages.
+ * A new unit file setting PrivateMounts= has been added. It's a boolean
+ option. If enabled the unit's processes are invoked in their own file
+ system namespace. Note that this behaviour is also implied if any
+ other file system namespacing options (such as PrivateTmp=,
+ PrivateDevices=, ProtectSystem=, …) are used. This option is hence
+ primarily useful for services that do not use any of the other file
+ system namespacing options. One such service is elogind-udevd.service
+ wher this is now used by default.
+
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
- Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud
- Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian
- Brauner, Christian Hesse, Daniel Dao, Daniel Lin, Danylo Korostil,
- Davide Cavalca, David Tardon, Dimitri John Ledkov, Dmitriy Geels,
- Douglas Christman, Elia Geretto, emelenas, Evegeny Vereshchagin, Evgeny
- Vereshchagin, Felipe Sateler, Feng Sun, Filipe Brandenburger, Franck
- Bui, futpib, Giuseppe Scrivano, Guillem Jover, guixxx, Hans de Goede,
- Henrique Dante de Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko,
- Ivan Shapovalov, James Cowgill, Jan Janssen, Jan Synacek, Jared
- Kazimir, João Paulo Rechi Vita, Joost Heitbrink, juergbi, Jui-Chi Ricky
- Liang, Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri
- Tirkkonen, Lennart Poettering, Leonard, Long Li, Luca Boccassi, Lucas
+ Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
+ J. Murrell, Bruno Vernay, Chris Lesiak, Christian Brauner, Christian
+ Hesse, Daniel Dao, Daniel Lin, Danylo Korostil, Davide Cavalca, David
+ Tardon, Dimitri John Ledkov, Dmitriy Geels, Douglas Christman, Elia
+ Geretto, emelenas, Evegeny Vereshchagin, Evgeny Vereshchagin, Felipe
+ Sateler, Feng Sun, Filipe Brandenburger, Franck Bui, futpib, Giuseppe
+ Scrivano, Guillem Jover, guixxx, Hans de Goede, Henrique Dante de
+ Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
+ James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir, João Paulo
+ Rechi Vita, Joost Heitbrink, Jui-Chi Ricky Liang, Jürg Billeter,
+ Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri Tirkkonen,
+ Lennart Poettering, Leonard König, Long Li, Luca Boccassi, Lucas
Werkmeister, Marcel Hoppe, Marc Kleine-Budde, Mario Limonciello, Martin
- Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Michael
- Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal Sekletar,
- Mike Gilbert, Mikhail Kasimov, Milan, Milan Broz, mourikwa, Muhammet
- Kara, Nicolas Boichat, Omer Katz, Paride Legovini, Paul Menzel, Paul
- Milliken, Peter A. Bigot, Peter Hutterer, Peter Jones, Philip Sequeira,
- Philip Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de
- Araujo, Rosen Penev, rubensa, Ryan Gonzalez, Salvo 'LtWorf' Tomaselli,
- Sebastian Reichel, Sergio Lindo Mansilla, Stefan Schweter, Stephen
- Hemminger, Stuart Hayes, Susant Sahani, Sylvain Plantefève, Thomas
- H. P. Andersen, Tobias Jungel, Tomasz Torcz, Vito Caputo, Will Dietz,
- Will Thompson, xginn8, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
+ Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Matthew
+ McGinn, Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný,
+ Michal Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan
+ Pässler, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride Legovini,
+ Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot, Peter
+ Hutterer, Peter Jones, Philip Sequeira, Philip Withnall, Piotr Drąg,
+ Radostin Stoyanov, Ricardo Salveti de Araujo, Rosen Penev, Rubén Suárez
+ Alvarez, Ryan Gonzalez, Salvo Tomaselli, Sebastian Reichel, Sergio
+ Lindo Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes,
+ Susant Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias
+ Jungel, Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van
+ Mourik, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2018-06-XX
elogind.service_watchdogs= for controlling the same.
* Two new "log-level" and "log-target" options for elogind-analyze were
- addded that merge the now deprecated get-log-level, set-log-level and
+ added that merge the now deprecated get-log-level, set-log-level and
get-log-target, set-log-target pairs. The deprecated options are still
understood for backwards compatibility. The two new options print the
current value when no arguments are given, and set them when a
(domain search list).
* systemd-networkd gained support for serving IPv6 address ranges using
- the Router Advertisment protocol. The new .network configuration
+ the Router Advertisement protocol. The new .network configuration
section [IPv6Prefix] may be used to configure the ranges to
serve. This is implemented based on a new, minimal, native server
implementation of RA.
counted multiple times, if it takes multiple references.
* sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
- sd_bus_get_exit_on_disconnect(). They may be used to to make a
+ sd_bus_get_exit_on_disconnect(). They may be used to make a
process using sd-bus automatically exit if the bus connection is
severed.