[systemd-devel] [ANNOUNCE] systemd 208

Lennart Poettering lennart at poettering.net
Tue Oct 1 20:34:16 PDT 2013


Mostly clean-ups and fixes, but with David's logind Wayland magic we
actually have a major addition, too.



        * logind has gained support for facilitating privileged input
          and drm device access for unprivileged clients. This work is
          useful to allow Wayland display servers (and similar
          programs, such as kmscon) to run under the user's ID and
          access input and drm devices which are normally
          protected. When this is used (and the kernel is new enough)
          logind will "mute" IO on the file descriptors passed to
          Wayland as long as it is in the background and "unmute" it
          if it returns into the foreground. This allows secure
          session switching without allowing background sessions to
          eavesdrop on input and display data. This also introduces
          session switching support if VT support is turned off in the
          kernel, and on seats that are not seat0.

        * A new kernel command line option luks.options= is understood
          now which allows specifiying LUKS options for usage for LUKS
          encrypted partitions specified with luks.uuid=.

        * tmpfiles.d(5) snippets may now use specifier expansion in
          path names. More specifically %m, %b, %H, %v, are now
          replaced by the local machine id, boot id, hostname, and
          kernel version number.

        * A new tmpfiles.d(5) command "m" has been introduced which
          may be used to change the owner/group/access mode of a file
          or directory if it exists, but do nothing if it doesn't.

        * This release removes high-level support for the
          MemorySoftLimit= cgroup setting. The underlying kernel
          cgroup attribute memory.soft_limit= is currently badly
          designed and likely to be removed from the kernel API in its
          current form, hence we shouldn't expose it for now.

        * The memory.use_hierarchy cgroup attribute is now enabled for
          all cgroups systemd creates in the memory cgroup
          hierarchy. This option is likely to be come the built-in
          default in the kernel anyway, and the non-hierarchial mode
          never made much sense in the intrinsically hierarchial
          cgroup system.

        * A new field _SYSTEMD_SLICE= is logged along with all journal
          messages containing the slice a message was generated
          from. This is useful to allow easy per-customer filtering of
          logs among other things.

        * systemd-journald will no longer adjust the group of journal
          files it creates to the "systemd-journal" group. Instead we
          rely on the journal directory to be owned by the
          "systemd-journal" group, and its setgid bit set, so that the
          kernel file system layer will automatically enforce that
          journal files inherit this group assignment. The reason for
          this change is that we cannot allow NSS look-ups from
          journald which would be necessary to resolve
          "systemd-journal" to a numeric GID, because this might
          create deadlocks if NSS involves synchronous queries to
          other daemons (such as nscd, or sssd) which in turn are
          logging clients of journald and might block on it, which
          would then dead lock. A tmpfiles.d(5) snippet included in
          systemd will make sure the setgid bit and group are
          properly set on the journal directory if it exists on every
          boot. However, we recommend adjusting it manually after
          upgrades too (or from RPM scriptlets), so that the change is
          not delayed until next reboot.

        * Backlight and random seed files in /var/lib/ have moved into
          the /var/lib/systemd/ directory, in order to centralize all
          systemd generated files in one directory.

        * Boot time performance measurements (as displayed by
          "systemd-analyze" for example) will now read ACPI 5.0 FPDT
          performance information if that's available to determine how
          much time BIOS and boot loader initialization required. With
          a sufficiently new BIOS you hence no longer need to boot
          with Gummiboot to get access to such information.

        Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
        Cristian Rodríguez, Dave Reisner, David Herrmann, David
        Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
        feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
        Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
        Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek

        -- Berlin, 2013-10-02


Lennart Poettering - Red Hat, Inc.

More information about the systemd-devel mailing list