[systemd-devel] [ANNOUNCE] systemd 215
Umut Tezduyar Lindskog
umut at tezduyar.com
Tue Jul 8 07:41:59 PDT 2014
On Thu, Jul 3, 2014 at 10:59 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> Heya!
>
> A lot of work to make factory reset, stateless systems and disconnected
> updates working. A lot of networkd love (dhcp4 server!) and coredumpctl
> is now finally really really useful.
>
> http://www.freedesktop.org/software/systemd/systemd-215.tar.xz
>
> Enjoy!
>
> CHANGES WITH 215:
>
> * A new tool systemd-sysusers has been added. This tool
> creates system users and groups in /etc/passwd and
> /etc/group, based on static declarative system user/group
> definitions in /usr/lib/sysusers.d/. This is useful to
> enable factory resets and volatile systems that boot up with
> an empty /etc directory, and thus need system users and
> groups created during early boot. systemd now also ships
> with two default sysusers.d/ files for the most basic
> users and groups systemd and the core operating system
> require.
>
> * A new tmpfiles snippet has been added that rebuilds the
> essential files in /etc on boot, should they be missing.
>
> * A directive for ensuring automatic clean-up of
> /var/cache/man/ has been removed from the default
> configuration. This line should now be shipped by the man
> implementation. The necessary change has been made to the
> man-db implementation. Note that you need to update your man
> implementation to one that ships this line, otherwise no
> automatic clean-up of /var/cache/man will take place.
>
> * A new condition ConditionNeedsUpdate= has been added that
> may conditionalize services to only run when /etc or /var
> are "older" than the vendor operating system resources in
> /usr. This is useful for reconstructing or updating /etc
> after an offline update of /usr or a factory reset, on the
> next reboot. Services that want to run once after such an
> update or reset should use this condition and order
> themselves before the new systemd-update-done.service, which
> will mark the two directories as fully updated. A number of
> service files have been added making use of this, to rebuild
> the udev hardware database, the journald message catalog and
> dynamic loader cache (ldconfig). The systemd-sysusers tool
> described above also makes use of this now. With this in
> place it is now possible to start up a minimal operating
> system with /etc empty cleanly. For more information on the
> concepts involved see this recent blog story:
>
> http://0pointer.de/blog/projects/stateless.html
>
> * A new system group "input" has been introduced, and all
> input device nodes get this group assigned. This is useful
> for system-level software to get access to input devices. It
> complements what is already done for "audio" and "video".
>
> * systemd-networkd learnt minimal DHCPv4 server support in
> addition to the existing DHCPv4 client support. It also
> learnt DHCPv6 client and IPv6 Router Solicitation client
> support. The DHCPv4 client gained support for static routes
> passed in from the server. Note that the [DHCPv4] section
> known in older systemd-networkd versions has been renamed to
> [DHCP] and is now also used by the DHCPv6 client. Existing
> .network files using settings of this section should be
> updated, though compatibility is maintained. Optionally, the
> client hostname may now be sent to the DHCP server.
>
> * networkd gained support for vxlan virtual networks as well
> as tun/tap and dummy devices.
>
> * networkd gained support for automatic allocation of address
> ranges for interfaces from a system-wide pool of
> addresses. This is useful for dynamically managing a large
> number of interfaces with a single network configuration
> file. In particular this is useful to easily assign
> appropriate IP addresses to the veth links of a large number
> of nspawn instances.
>
> * RPM macros for processing sysusers, sysctl and binfmt
> drop-in snippets at package installation time have been
> added.
>
> * The /etc/os-release file should now be placed in
> /usr/lib/os-release. The old location is automatically
> created as symlink. /usr/lib is the more appropriate
> location of this file, since it shall actually describe the
> vendor operating system shipped in /usr, and not the
> configuration stored in /etc.
>
> * .mount units gained a new boolean SloppyOptions= setting
> that maps to mount(8)'s -s option which enables permissive
> parsing of unknown mount options.
>
> * tmpfiles learnt a new "L+" directive which creates a symlink
> but (unlike "L") deletes a pre-existing file first, should
> it already exist and not already be the correct
> symlink. Similar, "b+", "c+" and "p+" directives have been
> added as well, which create block and character devices, as
> well as fifos in the filesystem, possibly removing any
> pre-existing files of different types.
>
> * For tmpfiles' "L", "L+", "C" and "C+" directives the final
> 'argument' field (which so far specified the source to
> symlink/copy the files from) is now optional. If omitted the
> same file os copied from /usr/share/factory/ suffixed by the
> full destination path. This is useful for populating /etc
> with essential files, by copying them from vendor defaults
> shipped in /usr/share/factory/etc.
>
> * A new command "systemctl preset-all" has been added that
> applies the service preset settings to all installed unit
> files. A new switch --preset-mode= has been added that
> controls whether only enable or only disable operations
> shall be executed.
>
> * A new command "systemctl is-system-running" has been added
> that allows checking the overall state of the system, for
> example whether it is fully up and running.
>
> * When the system boots up with an empty /etc, the equivalent
> to "systemctl preset-all" is executed during early boot, to
> make sure all default services are enabled after a factory
> reset.
>
> * systemd now contains a minimal preset file that enables the
> most basic services systemd ships by default.
>
> * Unit files' [Install] section gained a new DefaultInstance=
> field for defining the default instance to create if a
> template unit is enabled with no instance specified.
>
> * A new passive target cryptsetup-pre.target has been added
> that may be used by services that need to make they run and
> finish before the first LUKS cryptographic device is set up.
>
> * The /dev/loop-control and /dev/btrfs-control device nodes
> are now owned by the "disk" group by default, opening up
> access to this group.
>
> * systemd-coredump will now automatically generate a
> stack trace of all core dumps taking place on the system,
> based on elfutils' libdw library. This stack trace is logged
> to the journal.
>
> * systemd-coredump may now optionally store coredumps directly
> on disk (in /var/lib/systemd/coredump, possibly compressed),
> instead of storing them unconditionally in the journal. This
> mode is the new default. A new configuration file
> /etc/systemd/coredump.conf has been added to configure this
> and other parameters of systemd-coredump.
Are there any thoughts about natively sending coredumps over network?
I guess it is possible now by mounting /var/lib/systemd/coredump to a
network drive but dumps occuring before network is up need to be
transferred too.
Capacity of an embedded product might not be enough to store multiple dumps.
Umut
>
> * coredumpctl gained a new "info" verb to show details about a
> specific coredump. A new switch "-1" has also been added
> that makes sure to only show information about the most
> recent entry instead of all entries. Also, as the tool is
> generally useful now the "systemd-" prefix of the binary
> name has been removed. Distributions that want to maintain
> compatibility with the old name should add a symlink from
> the old name to the new name.
>
> * journald's SplitMode= now defaults to "uid". This makes sure
> that unprivileged users can access their own coredumps with
> coredumpctl without restrictions.
>
> * New kernel command line options "systemd.wants=" (for
> pulling an additional unit during boot), "systemd.mask="
> (for masking a specific unit for the boot), and
> "systemd.debug-shell" (for enabling the debug shell on tty9)
> have been added. This is implemented in the new generator
> "systemd-debug-generator".
>
> * systemd-nspawn will now by default filter a couple of
> syscalls for containers, among them those required for
> kernel module loading, direct x86 IO port access, swap
> management, and kexec. Most importantly though
> open_by_handle_at() is now prohibited for containers,
> closing a hole similar to a recently discussed vulnerability
> in docker regarding access to files on file hierarchies the
> container should normally not have access to. Note that for
> nspawn we generally make no security claims anyway (and
> this is explicitly documented in the man page), so this is
> just a fix for one of the most obvious problems.
>
> * A new man page file-hierarchy(7) has been added that
> contains a minimized, modernized version of the file system
> layout systemd expects, similar in style to the FHS
> specification or hier(5). A new tool systemd-path(1) has
> been added to query many of these paths for the local
> machine and user.
>
> * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
> longer done. Since the directory now has a per-user size
> limit, and is cleaned on logout this appears unnecessary,
> in particular since this now brings the lifecycle of this
> directory closer in line with how IPC objects are handled.
>
> * systemd.pc now exports a number of additional directories,
> including $libdir (which is useful to identify the library
> path for the primary architecture of the system), and a
> couple of drop-in directories.
>
> * udev's predictable network interface names now use the dev_port
> sysfs attribute, introduced in linux 3.15 instead of dev_id to
> distinguish between ports of the same PCI function. dev_id should
> only be used for ports using the same HW address, hence the need
> for dev_port.
>
> * machined has been updated to export the OS version of a
> container (read from /etc/os-release and
> /usr/lib/os-release) on the bus. This is now shown in
> "machinectl status" for a machine.
>
> * A new service setting RestartForceExitStatus= has been
> added. If configured to a set of exit signals or process
> return values, the service will be restarted when the main
> daemon process exits with any of them, regardless of the
> Restart= setting.
>
> * systemctl's -H switch for connecting to remote systemd
> machines has been extended so that it may be used to
> directly connect to a specific container on the
> host. "systemctl -H root at foobar:waldi" will now connect as
> user "root" to host "foobar", and then proceed directly to
> the container named "waldi". Note that currently you have to
> authenticate as user "root" for this to work, as entering
> containers is a privileged operation.
>
> Contributions from: Andreas Henriksson, Benjamin Steinwender,
> Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
> Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
> Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
> Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
> Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
> Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
> Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
> Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
> Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
> Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
> Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
>
> -- Berlin, 2014-07-03
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list