X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=71017fa32477a07db9d87613dd3f98cdc151c36c;hp=f90d7f840c5f58645a7fc0efec93e3cd740592da;hb=d12b8cad40aa78fc948362340204c3fde778082d;hpb=b8bde11658366290521e3d03316378b482600323 diff --git a/NEWS b/NEWS index f90d7f840..71017fa32 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,572 @@ systemd System and Service Manager +CHANGES WITH 216: + * timedated does no longer read NTP unit names from + /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP + implementations should add a: + Conflicts=systemd-timesyncd.service + to take over and replace systemd's NTP functionality. + +CHANGES WITH 215: + + * A new tool systemd-sysusers has been added. This tool + creates system users and groups in /etc/passwd and + /etc/group, based on static declarative system user/group + definitions in /usr/lib/sysusers.d/. This is useful to + enable factory resets and volatile systems that boot up with + an empty /etc directory, and thus need system users and + groups created during early boot. systemd now also ships + with two default sysusers.d/ files for the most basic + users and groups systemd and the core operating system + require. + + * A new tmpfiles snippet has been added that rebuilds the + essential files in /etc on boot, should they be missing. + + * A directive for ensuring automatic clean-up of + /var/cache/man/ has been removed from the default + configuration. This line should now be shipped by the man + implementation. The necessary change has been made to the + man-db implementation. Note that you need to update your man + implementation to one that ships this line, otherwise no + automatic clean-up of /var/cache/man will take place. + + * A new condition ConditionNeedsUpdate= has been added that + may conditionalize services to only run when /etc or /var + are "older" than the vendor operating system resources in + /usr. This is useful for reconstructing or updating /etc + after an offline update of /usr or a factory reset, on the + next reboot. Services that want to run once after such an + update or reset should use this condition and order + themselves before the new systemd-update-done.service, which + will mark the two directories as fully updated. A number of + service files have been added making use of this, to rebuild + the udev hardware database, the journald message catalog and + dynamic loader cache (ldconfig). The systemd-sysusers tool + described above also makes use of this now. With this in + place it is now possible to start up a minimal operating + system with /etc empty cleanly. For more information on the + concepts involved see this recent blog story: + + http://0pointer.de/blog/projects/stateless.html + + * A new system group "input" has been introduced, and all + input device nodes get this group assigned. This is useful + for system-level software to get access to input devices. It + complements what is already done for "audio" and "video". + + * systemd-networkd learnt minimal DHCPv4 server support in + addition to the existing DHCPv4 client support. It also + learnt DHCPv6 client and IPv6 Router Solicitation client + support. The DHCPv4 client gained support for static routes + passed in from the server. Note that the [DHCPv4] section + known in older systemd-networkd versions has been renamed to + [DHCP] and is now also used by the DHCPv6 client. Existing + .network files using settings of this section should be + updated, though compatibility is maintained. Optionally, the + client hostname may now be sent to the DHCP server. + + * networkd gained support for vxlan virtual networks as well + as tun/tap and dummy devices. + + * networkd gained support for automatic allocation of address + ranges for interfaces from a system-wide pool of + addresses. This is useful for dynamically managing a large + number of interfaces with a single network configuration + file. In particular this is useful to easily assign + appropriate IP addresses to the veth links of a large number + of nspawn instances. + + * RPM macros for processing sysusers, sysctl and binfmt + drop-in snippets at package installation time have been + added. + + * The /etc/os-release file should now be placed in + /usr/lib/os-release. The old location is automatically + created as symlink. /usr/lib is the more appropriate + location of this file, since it shall actually describe the + vendor operating system shipped in /usr, and not the + configuration stored in /etc. + + * .mount units gained a new boolean SloppyOptions= setting + that maps to mount(8)'s -s option which enables permissive + parsing of unknown mount options. + + * tmpfiles learnt a new "L+" directive which creates a symlink + but (unlike "L") deletes a pre-existing file first, should + it already exist and not already be the correct + symlink. Similar, "b+", "c+" and "p+" directives have been + added as well, which create block and character devices, as + well as fifos in the filesystem, possibly removing any + pre-existing files of different types. + + * For tmpfiles' "L", "L+", "C" and "C+" directives the final + 'argument' field (which so far specified the source to + symlink/copy the files from) is now optional. If omitted the + same file os copied from /usr/share/factory/ suffixed by the + full destination path. This is useful for populating /etc + with essential files, by copying them from vendor defaults + shipped in /usr/share/factory/etc. + + * A new command "systemctl preset-all" has been added that + applies the service preset settings to all installed unit + files. A new switch --preset-mode= has been added that + controls whether only enable or only disable operations + shall be executed. + + * A new command "systemctl is-system-running" has been added + that allows checking the overall state of the system, for + example whether it is fully up and running. + + * When the system boots up with an empty /etc, the equivalent + to "systemctl preset-all" is executed during early boot, to + make sure all default services are enabled after a factory + reset. + + * systemd now contains a minimal preset file that enables the + most basic services systemd ships by default. + + * Unit files' [Install] section gained a new DefaultInstance= + field for defining the default instance to create if a + template unit is enabled with no instance specified. + + * A new passive target cryptsetup-pre.target has been added + that may be used by services that need to make they run and + finish before the first LUKS cryptographic device is set up. + + * The /dev/loop-control and /dev/btrfs-control device nodes + are now owned by the "disk" group by default, opening up + access to this group. + + * systemd-coredump will now automatically generate a + stack trace of all core dumps taking place on the system, + based on elfutils' libdw library. This stack trace is logged + to the journal. + + * systemd-coredump may now optionally store coredumps directly + on disk (in /var/lib/systemd/coredump, possibly compressed), + instead of storing them unconditionally in the journal. This + mode is the new default. A new configuration file + /etc/systemd/coredump.conf has been added to configure this + and other parameters of systemd-coredump. + + * coredumpctl gained a new "info" verb to show details about a + specific coredump. A new switch "-1" has also been added + that makes sure to only show information about the most + recent entry instead of all entries. Also, as the tool is + generally useful now the "systemd-" prefix of the binary + name has been removed. Distributions that want to maintain + compatibility with the old name should add a symlink from + the old name to the new name. + + * journald's SplitMode= now defaults to "uid". This makes sure + that unprivileged users can access their own coredumps with + coredumpctl without restrictions. + + * New kernel command line options "systemd.wants=" (for + pulling an additional unit during boot), "systemd.mask=" + (for masking a specific unit for the boot), and + "systemd.debug-shell" (for enabling the debug shell on tty9) + have been added. This is implemented in the new generator + "systemd-debug-generator". + + * systemd-nspawn will now by default filter a couple of + syscalls for containers, among them those required for + kernel module loading, direct x86 IO port access, swap + management, and kexec. Most importantly though + open_by_handle_at() is now prohibited for containers, + closing a hole similar to a recently discussed vulnerability + in docker regarding access to files on file hierarchies the + container should normally not have access to. Note that for + nspawn we generally make no security claims anyway (and + this is explicitly documented in the man page), so this is + just a fix for one of the most obvious problems. + + * A new man page file-hierarchy(7) has been added that + contains a minimized, modernized version of the file system + layout systemd expects, similar in style to the FHS + specification or hier(5). A new tool systemd-path(1) has + been added to query many of these paths for the local + machine and user. + + * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no + longer done. Since the directory now has a per-user size + limit, and is cleaned on logout this appears unnecessary, + in particular since this now brings the lifecycle of this + directory closer in line with how IPC objects are handled. + + * systemd.pc now exports a number of additional directories, + including $libdir (which is useful to identify the library + path for the primary architecture of the system), and a + couple of drop-in directories. + + * udev's predictable network interface names now use the dev_port + sysfs attribute, introduced in linux 3.15 instead of dev_id to + distinguish between ports of the same PCI function. dev_id should + only be used for ports using the same HW address, hence the need + for dev_port. + + * machined has been updated to export the OS version of a + container (read from /etc/os-release and + /usr/lib/os-release) on the bus. This is now shown in + "machinectl status" for a machine. + + * A new service setting RestartForceExitStatus= has been + added. If configured to a set of exit signals or process + return values, the service will be restarted when the main + daemon process exits with any of them, regardless of the + Restart= setting. + + * systemctl's -H switch for connecting to remote systemd + machines has been extended so that it may be used to + directly connect to a specific container on the + host. "systemctl -H root@foobar:waldi" will now connect as + user "root" to host "foobar", and then proceed directly to + the container named "waldi". Note that currently you have to + authenticate as user "root" for this to work, as entering + containers is a privileged operation. + + Contributions from: Andreas Henriksson, Benjamin Steinwender, + Carl Schaefer, Christian Hesse, Colin Ian King, Cristian + Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene + Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo + Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart + Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine + Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, + Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le + Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, + Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe + Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar + Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-07-03 + +CHANGES WITH 214: + + * As an experimental feature, udev now tries to lock the + disk device node (flock(LOCK_SH|LOCK_NB)) while it + executes events for the disk or any of its partitions. + Applications like partitioning programs can lock the + disk device node (flock(LOCK_EX)) and claim temporary + device ownership that way; udev will entirely skip all event + handling for this disk and its partitions. If the disk + was opened for writing, the close will trigger a partition + table rescan in udev's "watch" facility, and if needed + synthesize "change" events for the disk and all its partitions. + This is now unconditionally enabled, and if it turns out to + cause major problems, we might turn it on only for specific + devices, or might need to disable it entirely. Device Mapper + devices are excluded from this logic. + + * We temporarily dropped the "-l" switch for fsck invocations, + since they collide with the flock() logic above. util-linux + upstream has been changed already to avoid this conflict, + and we will readd "-l" as soon as util-linux with this + change has been released. + + * The dependency on libattr has been removed. Since a long + time, the extended attribute calls have moved to glibc, and + libattr is thus unnecessary. + + * Virtualization detection works without priviliges now. This + means the systemd-detect-virt binary no longer requires + CAP_SYS_PTRACE file capabilities, and our daemons can run + with fewer privileges. + + * systemd-networkd now runs under its own "systemd-network" + user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, + CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but + loses the ability to write to files owned by root this way. + + * Similar, systemd-resolved now runs under its own + "systemd-resolve" user with no capabilities remaining. + + * Similar, systemd-bus-proxyd now runs under its own + "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining. + + * systemd-networkd gained support for setting up "veth" + virtual ethernet devices for container connectivity, as well + as GRE and VTI tunnels. + + * systemd-networkd will no longer automatically attempt to + manually load kernel modules necessary for certain tunnel + transports. Instead, it is assumed the kernel loads them + automatically when required. This only works correctly on + very new kernels. On older kernels, please consider adding + the kernel modules to /etc/modules-load.d/ as a work-around. + + * The resolv.conf file systemd-resolved generates has been + moved to /run/systemd/resolve/. If you have a symlink from + /etc/resolv.conf, it might be necessary to correct it. + + * Two new service settings, ProtectedHome= and ProtectedSystem=, + have been added. When enabled, they will make the user data + (such as /home) inaccessible or read-only and the system + (such as /usr) read-only, for specific services. This allows + very light-weight per-service sandboxing to avoid + modifications of user data or system files from + services. These two new switches have been enabled for all + of systemd's long-running services, where appropriate. + + * Socket units gained new SocketUser= and SocketGroup= + settings to set the owner user and group of AF_UNIX sockets + and FIFOs in the file system. + + * Socket units gained a new RemoveOnStop= setting. If enabled, + all FIFOS and sockets in the file system will be removed + when the specific socket unit is stopped. + + * Socket units gained a new Symlinks= setting. It takes a list + of symlinks to create to file system sockets or FIFOs + created by the specific Unix sockets. This is useful to + manage symlinks to socket nodes with the same life-cycle as + the socket itself. + + * The /dev/log socket and /dev/initctl FIFO have been moved to + /run, and have been replaced by symlinks. This allows + connecting to these facilities even if PrivateDevices=yes is + used for a service (which makes /dev/log itself unavailable, + but /run is left). This also has the benefit of ensuring + that /dev only contains device nodes, directories and + symlinks, and nothing else. + + * sd-daemon gained two new calls sd_pid_notify() and + sd_pid_notifyf(). They are similar to sd_notify() and + sd_notifyf(), but allow overriding of the source PID of + notification messages if permissions permit this. This is + useful to send notify messages on behalf of a different + process (for example, the parent process). The + systemd-notify tool has been updated to make use of this + when sending messages (so that notification messages now + originate from the shell script invoking systemd-notify and + not the systemd-notify process itself. This should minimize + a race where systemd fails to associate notification + messages to services when the originating process already + vanished. + + * A new "on-abnormal" setting for Restart= has been added. If + set, it will result in automatic restarts on all "abnormal" + reasons for a process to exit, which includes unclean + signals, core dumps, timeouts and watchdog timeouts, but + does not include clean and unclean exit codes or clean + signals. Restart=on-abnormal is an alternative for + Restart=on-failure for services that shall be able to + terminate and avoid restarts on certain errors, by + indicating so with an unclean exit code. Restart=on-failure + or Restart=on-abnormal is now the recommended setting for + all long-running services. + + * If the InaccessibleDirectories= service setting points to a + mount point (or if there are any submounts contained within + it), it is now attempted to completely unmount it, to make + the file systems truly unavailable for the respective + service. + + * The ReadOnlyDirectories= service setting and + systemd-nspawn's --read-only parameter are now recursively + applied to all submounts, too. + + * Mount units may now be created transiently via the bus APIs. + + * The support for SysV and LSB init scripts has been removed + from the systemd daemon itself. Instead, it is now + implemented as a generator that creates native systemd units + from these scripts when needed. This enables us to remove a + substantial amount of legacy code from PID 1, following the + fact that many distributions only ship a very small number + of LSB/SysV init scripts nowadays. + + * Priviliged Xen (dom0) domains are not considered + virtualization anymore by the virtualization detection + logic. After all, they generally have unrestricted access to + the hardware and usually are used to manage the unprivileged + (domU) domains. + + * systemd-tmpfiles gained a new "C" line type, for copying + files or entire directories. + + * systemd-tmpfiles "m" lines are now fully equivalent to "z" + lines. So far, they have been non-globbing versions of the + latter, and have thus been redundant. In future, it is + recommended to only use "z". "m" has hence been removed + from the documentation, even though it stays supported. + + * A tmpfiles snippet to recreate the most basic structure in + /var has been added. This is enough to create the /var/run → + /run symlink and create a couple of structural + directories. This allows systems to boot up with an empty or + volatile /var. Of course, while with this change, the core OS + now is capable with dealing with a volatile /var, not all + user services are ready for it. However, we hope that sooner + or later, many service daemons will be changed upstream so + that they are able to automatically create their necessary + directories in /var at boot, should they be missing. This is + the first step to allow state-less systems that only require + the vendor image for /usr to boot. + + * systemd-nspawn has gained a new --tmpfs= switch to mount an + empty tmpfs instance to a specific directory. This is + particularly useful for making use of the automatic + reconstruction of /var (see above), by passing --tmpfs=/var. + + * Access modes specified in tmpfiles snippets may now be + prefixed with "~", which indicates that they shall be masked + by whether the existing file or directly is currently + writable, readable or executable at all. Also, if specified, + the sgid/suid/sticky bits will be masked for all + non-directories. + + * A new passive target unit "network-pre.target" has been + added which is useful for services that shall run before any + network is configured, for example firewall scripts. + + * The "floppy" group that previously owned the /dev/fd* + devices is no longer used. The "disk" group is now used + instead. Distributions should probably deprecate usage of + this group. + + Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian + King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David + Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers, + Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny + Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel + Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew + Jędrzejewski-Szmek + + -- Berlin, 2014-06-11 + +CHANGES WITH 213: + + * A new "systemd-timesyncd" daemon has been added for + synchronizing the system clock across the network. It + implements an SNTP client. In contrast to NTP + implementations such as chrony or the NTP reference server, + this only implements a client side, and does not bother with + the full NTP complexity, focusing only on querying time from + one remote server and synchronizing the local clock to + it. Unless you intend to serve NTP to networked clients or + want to connect to local hardware clocks, this simple NTP + client should be more than appropriate for most + installations. The daemon runs with minimal privileges, and + has been hooked up with networkd to only operate when + network connectivity is available. The daemon saves the + current clock to disk every time a new NTP sync has been + acquired, and uses this to possibly correct the system clock + early at bootup, in order to accommodate for systems that + lack an RTC such as the Raspberry Pi and embedded devices, + and to make sure that time monotonically progresses on these + systems, even if it is not always correct. To make use of + this daemon, a new system user and group "systemd-timesync" + needs to be created on installation of systemd. + + * The queue "seqnum" interface of libudev has been disabled, as + it was generally incompatible with device namespacing as + sequence numbers of devices go "missing" if the devices are + part of a different namespace. + + * "systemctl list-timers" and "systemctl list-sockets" gained + a --recursive switch for showing units of these types also + for all local containers, similar in style to the already + supported --recursive switch for "systemctl list-units". + + * A new RebootArgument= setting has been added for service + units, which may be used to specify a kernel reboot argument + to use when triggering reboots with StartLimitAction=. + + * A new FailureAction= setting has been added for service + units which may be used to specify an operation to trigger + when a service fails. This works similarly to + StartLimitAction=, but unlike it, controls what is done + immediately rather than only after several attempts to + restart the service in question. + + * hostnamed got updated to also expose the kernel name, + release, and version on the bus. This is useful for + executing commands like hostnamectl with the -H switch. + systemd-analyze makes use of this to properly display + details when running non-locally. + + * The bootchart tool can now show cgroup information in the + graphs it generates. + + * The CFS CPU quota cgroup attribute is now exposed for + services. The new CPUQuota= switch has been added for this + which takes a percentage value. Setting this will have the + result that a service may never get more CPU time than the + specified percentage, even if the machine is otherwise idle. + + * systemd-networkd learned IPIP and SIT tunnel support. + + * LSB init scripts exposing a dependency on $network will now + get a dependency on network-online.target rather than simply + network.target. This should bring LSB handling closer to + what it was on SysV systems. + + * A new fsck.repair= kernel option has been added to control + how fsck shall deal with unclean file systems at boot. + + * The (.ini) configuration file parser will now silently + ignore sections whose name begins with "X-". This may be + used to maintain application-specific extension sections in unit + files. + + * machined gained a new API to query the IP addresses of + registered containers. "machinectl status" has been updated + to show these addresses in its output. + + * A new call sd_uid_get_display() has been added to the + sd-login APIs for querying the "primary" session of a + user. The "primary" session of the user is elected from the + user's sessions and generally a graphical session is + preferred over a text one. + + * A minimal systemd-resolved daemon has been added. It + currently simply acts as a companion to systemd-networkd and + manages resolv.conf based on per-interface DNS + configuration, possibly supplied via DHCP. In the long run + we hope to extend this into a local DNSSEC enabled DNS and + mDNS cache. + + * The systemd-networkd-wait-online tool is now enabled by + default. It will delay network-online.target until a network + connection has been configured. The tool primarily integrates + with networkd, but will also make a best effort to make sense + of network configuration performed in some other way. + + * Two new service options StartupCPUShares= and + StartupBlockIOWeight= have been added that work similarly to + CPUShares= and BlockIOWeight= however only apply during + system startup. This is useful to prioritize certain services + differently during bootup than during normal runtime. + + * hostnamed has been changed to prefer the statically + configured hostname in /etc/hostname (unless set to + 'localhost' or empty) over any dynamic one supplied by + dhcp. With this change, the rules for picking the hostname + match more closely the rules of other configuration settings + where the local administrator's configuration in /etc always + overrides any other settings. + + Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van + den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch, + Dan Kilman, Dave Reisner, David Härdeman, David Herrmann, + David Strauss, Dimitris Spingos, Djalal Harouni, Eelco + Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg + Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan + Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark, + Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas + Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas, + Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael + Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis + Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode, + Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter, + Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler, + Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar + Lindskog, WaLyong Cho, Will Woods, Zbigniew + Jędrzejewski-Szmek + + -- Beijing, 2014-05-28 + CHANGES WITH 212: * When restoring the screen brightness at boot, stay away from @@ -16,7 +583,7 @@ CHANGES WITH 212: * sd-login gained new calls sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(), to query the identity of the peer of a local AF_UNIX - connection. They operate similar to their sd_pid_get_xyz() + connection. They operate similarly to their sd_pid_get_xyz() counterparts. * PID 1 will now maintain a system-wide system state engine @@ -166,7 +733,7 @@ CHANGES WITH 211: directory's lifetime is bound to the daemon runtime and that the daemon starts up with an empty directory each time. This is particularly useful when writing services that drop - priviliges using the User= or Group= setting. + privileges using the User= or Group= setting. * The DeviceAllow= unit setting now supports globbing for matching against device group names. @@ -199,7 +766,7 @@ CHANGES WITH 211: * systemd-nspawn gained a new --network-macvlan= setting to set up a private macvlan interface for the - container. Similar, systemd-networkd gained a new + container. Similarly, systemd-networkd gained a new Kind=macvlan setting in .netdev files. * systemd-networkd now supports configuring local addresses @@ -1213,7 +1780,7 @@ CHANGES WITH 205: not available as public API. * systemd will now look for the "debug" argument on the kernel - command line and enable debug logging, similar to + command line and enable debug logging, similar to what "systemd.log_level=debug" already did before. * "systemctl set-default", "systemctl get-default" has been @@ -1652,7 +2219,7 @@ CHANGES WITH 198: * The various "environment" files, such as /etc/locale.conf now support continuation lines with a backslash ("\") as - last character in the line, similar in style (but different) + last character in the line, similarly in style (but different) to how this is supported in shells. * For normal user processes the _SYSTEMD_USER_UNIT= field is @@ -1699,7 +2266,7 @@ CHANGES WITH 198: * "systemctl unlock-sessions" has been added, that allows unlocking the screens of all user sessions at once, similar - how "systemctl lock-sessions" already locked all users + to how "systemctl lock-sessions" already locked all users sessions. This is backed by a new D-Bus call UnlockSessions(). * "loginctl seat-status" will now show the master device of a @@ -1779,7 +2346,7 @@ CHANGES WITH 198: pager. This is only supported in conjunction with "less". * journalctl gained a new "--user-unit=" option, that works - similar to "--unit=" but filters for user units rather than + similarly to "--unit=" but filters for user units rather than system units. * A number of unit files to ease adoption of systemd in