CHANGES WITH 239 in spe:
* NETWORK INTERFACE DEVICE NAMING CHANGES: elogind-udevd's "net_id"
- builtin may name network interfaces differently than in previous
- versions. SR-IOV virtual functions and NPAR partitions with PCI
- function numbers of 8 and above will be named more predictably, and
- udev may generate names based on the PCI slot number in some cases
- where it previously did not.
+ builtin will name network interfaces differently than in previous
+ versions for virtual network interfaces created with SR-IOV and NPAR
+ and for devices where the PCI network controller device does not have
+ a slot number associated.
+
+ SR-IOV virtual devices are now named based on the name of the parent
+ interface, with a suffix of "v<N>", where <N> is the virtual device
+ number. Previously those virtual devices were named as if completely
+ independent.
+
+ The ninth and later NPAR virtual devices will be named following the
+ scheme used for the first eight NPAR partitions. Previously those
+ devices were not renamed and the kernel default (eth<n>) was used.
+
+ "net_id" will also generate names for PCI devices where the PCI
+ network controller device does not have an associated slot number
+ itself, but one of its parents does. Previously those devices were
+ not renamed and the kernel default (eth<n>) was used.
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
elogind.service. Since v235, IPAddressDeny=any has been set to
- the unit. So, it is expected that the default behavior of elogind
- is not changed. However, if distribution packagers or administrators
- disabled or modified IPAddressDeny= setting by a drop-in config file,
- then it may be necessary to update the file to re-enable AF_INET and
- AF_INET6 to support network user name services, e.g. NIS.
-
- * When the RestrictNamespaces= unit property is specified multiple times,
- then the specified types are merged now. Previously, only the last
- assignment was used. So, if distribution packagers or administrators
- modified the setting by a drop-in config file, then it may be necessary
- to update the file.
+ the unit. So, it is expected that the default behavior of
+ elogind is not changed. However, if distribution packagers or
+ administrators disabled or modified IPAddressDeny= setting by a
+ drop-in config file, then it may be necessary to update the file to
+ re-enable AF_INET and AF_INET6 to support network user name services,
+ e.g. NIS.
+
+ * When the RestrictNamespaces= unit property is specified multiple
+ times, then the specified types are merged now. Previously, only the
+ last assignment was used. So, if distribution packagers or
+ administrators modified the setting by a drop-in config file, then it
+ may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
- behaviour that wasn't useful. systemctl disable/unmask will now
- undo both runtime and persistent enablement/masking, i.e. it will
- remove any relevant symlinks both in /run and /etc.
+ behaviour that wasn't useful. systemctl disable/unmask will now undo
+ both runtime and persistent enablement/masking, i.e. it will remove
+ any relevant symlinks both in /run and /etc.
+
+ * Note that all long-running system services shipped with elogind will
+ now default to a system call whitelist (rather than a blacklist, as
+ before). In particular, elogind-udevd will now enforce one too. For
+ most cases this should be safe, however downstream distributions
+ which disabled sandboxing of elogind-udevd (specifically the
+ MountFlags= setting), might want to disable this security feature
+ too, as the default whitelisting will prohibit all mount, swap,
+ reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
configuration settings to change the resolution explicitly.
* The elogind-resolve tool has been renamed to resolvectl (it also
- * elogind-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
- turned off by default, use PrivateDNS=opportunistic to turn it on in
+ * elogind-resolved now supports DNS-over-TLS. It's still
+ turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.
interface is now verb-based, similar in style to the other <xyz>ctl
tools, such as systemctl or loginctl.
- * The resolvectl/elogind-resolve tool also provides 'resolveconf'
- compatibility. It may be symlinked under the 'resolveconf' name, in
+ * The resolvectl/elogind-resolve tool also provides 'resolvconf'
+ compatibility. It may be symlinked under the 'resolvconf' name, in
which case it will take arguments and input compatible with the
Debian and FreeBSD resolvconf tool.
* Units gained a new load state "bad-setting", which is used when a
unit file was loaded, but contained fatal errors which prevent it
- from being started (for example, an ExecStart= path which references
- a non-existent executable).
+ from being started (for example, a service unit has been defined
+ lacking both ExecStart= and ExecStop= lines).
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
support alternative debuggers, for example lldb. The old name
system namespacing options. One such service is elogind-udevd.service
wher this is now used by default.
+ * A new unit "system-update-pre.target" is added, which defines an
+ optional synchronization point for offline system updates, as
+ implemented by the pre-existing "system-update.target" unit. It
+ allows ordering services before the service that executes the actual
+ update process in a generic way.
+
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
- Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud
- Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian
- Brauner, Christian Hesse, Daniel Dao, Daniel Lin, Danylo Korostil,
- Davide Cavalca, David Tardon, Dimitri John Ledkov, Dmitriy Geels,
- Douglas Christman, Elia Geretto, emelenas, Evegeny Vereshchagin, Evgeny
- Vereshchagin, Felipe Sateler, Feng Sun, Filipe Brandenburger, Franck
- Bui, futpib, Giuseppe Scrivano, Guillem Jover, guixxx, Hans de Goede,
- Henrique Dante de Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko,
- Ivan Shapovalov, James Cowgill, Jan Janssen, Jan Synacek, Jared
- Kazimir, João Paulo Rechi Vita, Joost Heitbrink, juergbi, Jui-Chi Ricky
- Liang, Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri
- Tirkkonen, Lennart Poettering, Leonard, Long Li, Luca Boccassi, Lucas
+ Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
+ J. Murrell, Bruno Vernay, Chris Lesiak, Christian Brauner, Christian
+ Hesse, Daniel Dao, Daniel Lin, Danylo Korostil, Davide Cavalca, David
+ Tardon, Dimitri John Ledkov, Dmitriy Geels, Douglas Christman, Elia
+ Geretto, emelenas, Emil Velikov, Evgeny Vereshchagin, Felipe Sateler,
+ Feng Sun, Filipe Brandenburger, Franck Bui, futpib, Giuseppe Scrivano,
+ Guillem Jover, guixxx, Hans de Goede, Henrique Dante de Almeida, Hiram
+ van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov, Iwan Timmer,
+ James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir, João Paulo
+ Rechi Vita, Joost Heitbrink, Jui-Chi Ricky Liang, Jürg Billeter,
+ Kai-Heng Feng, Karol Augustin, Krzysztof Nowicki, Lauri Tirkkonen,
+ Lennart Poettering, Leonard König, Long Li, Luca Boccassi, Lucas
Werkmeister, Marcel Hoppe, Marc Kleine-Budde, Mario Limonciello, Martin
- Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Michael
- Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal Sekletar,
- Mike Gilbert, Mikhail Kasimov, Milan, Milan Broz, mourikwa, Muhammet
- Kara, Nicolas Boichat, Omer Katz, Paride Legovini, Paul Menzel, Paul
- Milliken, Peter A. Bigot, Peter Hutterer, Peter Jones, Philip Sequeira,
- Philip Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de
- Araujo, Rosen Penev, rubensa, Ryan Gonzalez, Salvo 'LtWorf' Tomaselli,
+ Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Matthew
+ McGinn, Matthias-Christian Ott, Michael Biebl, Michael Olbrich, Michael
+ Prokop, Michal Koutný, Michal Sekletar, Mike Gilbert, Mikhail Kasimov,
+ Milan Broz, Milan Pässler, Muhammet Kara, Nicolas Boichat, Omer Katz,
+ Paride Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter
+ A. Bigot, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
+ Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
+ Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez, Salvo Tomaselli,
Sebastian Reichel, Sergio Lindo Mansilla, Stefan Schweter, Stephen
Hemminger, Stuart Hayes, Susant Sahani, Sylvain Plantefève, Thomas
H. P. Andersen, Tobias Jungel, Tomasz Torcz, Vito Caputo, Will Dietz,
- Will Thompson, xginn8, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
+ Will Thompson, Wim van Mourik, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2018-06-XX
~ianmdlvl / elogind.git / blobdiff