[systemd-devel] [ANNOUNCE] systemd 215

Umut Tezduyar Lindskog umut at tezduyar.com
Tue Jul 8 07:41:59 PDT 2014


On Thu, Jul 3, 2014 at 10:59 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> Heya!
>
> A lot of work to make factory reset, stateless systems and disconnected
> updates working. A lot of networkd love (dhcp4 server!) and coredumpctl
> is now finally really really useful.
>
> http://www.freedesktop.org/software/systemd/systemd-215.tar.xz
>
> Enjoy!
>
> CHANGES WITH 215:
>
>         * A new tool systemd-sysusers has been added. This tool
>           creates system users and groups in /etc/passwd and
>           /etc/group, based on static declarative system user/group
>           definitions in /usr/lib/sysusers.d/. This is useful to
>           enable factory resets and volatile systems that boot up with
>           an empty /etc directory, and thus need system users and
>           groups created during early boot. systemd now also ships
>           with two default sysusers.d/ files for the most basic
>           users and groups systemd and the core operating system
>           require.
>
>         * A new tmpfiles snippet has been added that rebuilds the
>           essential files in /etc on boot, should they be missing.
>
>         * A directive for ensuring automatic clean-up of
>           /var/cache/man/ has been removed from the default
>           configuration. This line should now be shipped by the man
>           implementation. The necessary change has been made to the
>           man-db implementation. Note that you need to update your man
>           implementation to one that ships this line, otherwise no
>           automatic clean-up of /var/cache/man will take place.
>
>         * A new condition ConditionNeedsUpdate= has been added that
>           may conditionalize services to only run when /etc or /var
>           are "older" than the vendor operating system resources in
>           /usr. This is useful for reconstructing or updating /etc
>           after an offline update of /usr or a factory reset, on the
>           next reboot. Services that want to run once after such an
>           update or reset should use this condition and order
>           themselves before the new systemd-update-done.service, which
>           will mark the two directories as fully updated. A number of
>           service files have been added making use of this, to rebuild
>           the udev hardware database, the journald message catalog and
>           dynamic loader cache (ldconfig). The systemd-sysusers tool
>           described above also makes use of this now. With this in
>           place it is now possible to start up a minimal operating
>           system with /etc empty cleanly. For more information on the
>           concepts involved see this recent blog story:
>
>           http://0pointer.de/blog/projects/stateless.html
>
>         * A new system group "input" has been introduced, and all
>           input device nodes get this group assigned. This is useful
>           for system-level software to get access to input devices. It
>           complements what is already done for "audio" and "video".
>
>         * systemd-networkd learnt minimal DHCPv4 server support in
>           addition to the existing DHCPv4 client support. It also
>           learnt DHCPv6 client and IPv6 Router Solicitation client
>           support. The DHCPv4 client gained support for static routes
>           passed in from the server. Note that the [DHCPv4] section
>           known in older systemd-networkd versions has been renamed to
>           [DHCP] and is now also used by the DHCPv6 client. Existing
>           .network files using settings of this section should be
>           updated, though compatibility is maintained. Optionally, the
>           client hostname may now be sent to the DHCP server.
>
>         * networkd gained support for vxlan virtual networks as well
>           as tun/tap and dummy devices.
>
>         * networkd gained support for automatic allocation of address
>           ranges for interfaces from a system-wide pool of
>           addresses. This is useful for dynamically managing a large
>           number of interfaces with a single network configuration
>           file. In particular this is useful to easily assign
>           appropriate IP addresses to the veth links of a large number
>           of nspawn instances.
>
>         * RPM macros for processing sysusers, sysctl and binfmt
>           drop-in snippets at package installation time have been
>           added.
>
>         * The /etc/os-release file should now be placed in
>           /usr/lib/os-release. The old location is automatically
>           created as symlink. /usr/lib is the more appropriate
>           location of this file, since it shall actually describe the
>           vendor operating system shipped in /usr, and not the
>           configuration stored in /etc.
>
>         * .mount units gained a new boolean SloppyOptions= setting
>           that maps to mount(8)'s -s option which enables permissive
>           parsing of unknown mount options.
>
>         * tmpfiles learnt a new "L+" directive which creates a symlink
>           but (unlike "L") deletes a pre-existing file first, should
>           it already exist and not already be the correct
>           symlink. Similar, "b+", "c+" and "p+" directives have been
>           added as well, which create block and character devices, as
>           well as fifos in the filesystem, possibly removing any
>           pre-existing files of different types.
>
>         * For tmpfiles' "L", "L+", "C" and "C+" directives the final
>           'argument' field (which so far specified the source to
>           symlink/copy the files from) is now optional. If omitted the
>           same file os copied from /usr/share/factory/ suffixed by the
>           full destination path. This is useful for populating /etc
>           with essential files, by copying them from vendor defaults
>           shipped in /usr/share/factory/etc.
>
>         * A new command "systemctl preset-all" has been added that
>           applies the service preset settings to all installed unit
>           files. A new switch --preset-mode= has been added that
>           controls whether only enable or only disable operations
>           shall be executed.
>
>         * A new command "systemctl is-system-running" has been added
>           that allows checking the overall state of the system, for
>           example whether it is fully up and running.
>
>         * When the system boots up with an empty /etc, the equivalent
>           to "systemctl preset-all" is executed during early boot, to
>           make sure all default services are enabled after a factory
>           reset.
>
>         * systemd now contains a minimal preset file that enables the
>           most basic services systemd ships by default.
>
>         * Unit files' [Install] section gained a new DefaultInstance=
>           field for defining the default instance to create if a
>           template unit is enabled with no instance specified.
>
>         * A new passive target cryptsetup-pre.target has been added
>           that may be used by services that need to make they run and
>           finish before the first LUKS cryptographic device is set up.
>
>         * The /dev/loop-control and /dev/btrfs-control device nodes
>           are now owned by the "disk" group by default, opening up
>           access to this group.
>
>         * systemd-coredump will now automatically generate a
>           stack trace of all core dumps taking place on the system,
>           based on elfutils' libdw library. This stack trace is logged
>           to the journal.
>
>         * systemd-coredump may now optionally store coredumps directly
>           on disk (in /var/lib/systemd/coredump, possibly compressed),
>           instead of storing them unconditionally in the journal. This
>           mode is the new default. A new configuration file
>           /etc/systemd/coredump.conf has been added to configure this
>           and other parameters of systemd-coredump.

Are there any thoughts about natively sending coredumps over network?
I guess it is possible now by mounting /var/lib/systemd/coredump to a
network drive but dumps occuring before network is up need to be
transferred too.

Capacity of an embedded product might not be enough to store multiple dumps.

Umut

>
>         * coredumpctl gained a new "info" verb to show details about a
>           specific coredump. A new switch "-1" has also been added
>           that makes sure to only show information about the most
>           recent entry instead of all entries. Also, as the tool is
>           generally useful now the "systemd-" prefix of the binary
>           name has been removed. Distributions that want to maintain
>           compatibility with the old name should add a symlink from
>           the old name to the new name.
>
>         * journald's SplitMode= now defaults to "uid". This makes sure
>           that unprivileged users can access their own coredumps with
>           coredumpctl without restrictions.
>
>         * New kernel command line options "systemd.wants=" (for
>           pulling an additional unit during boot), "systemd.mask="
>           (for masking a specific unit for the boot), and
>           "systemd.debug-shell" (for enabling the debug shell on tty9)
>           have been added. This is implemented in the new generator
>           "systemd-debug-generator".
>
>         * systemd-nspawn will now by default filter a couple of
>           syscalls for containers, among them those required for
>           kernel module loading, direct x86 IO port access, swap
>           management, and kexec. Most importantly though
>           open_by_handle_at() is now prohibited for containers,
>           closing a hole similar to a recently discussed vulnerability
>           in docker regarding access to files on file hierarchies the
>           container should normally not have access to. Note that for
>           nspawn we generally make no security claims anyway (and
>           this is explicitly documented in the man page), so this is
>           just a fix for one of the most obvious problems.
>
>         * A new man page file-hierarchy(7) has been added that
>           contains a minimized, modernized version of the file system
>           layout systemd expects, similar in style to the FHS
>           specification or hier(5). A new tool systemd-path(1) has
>           been added to query many of these paths for the local
>           machine and user.
>
>         * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
>           longer done. Since the directory now has a per-user size
>           limit, and is cleaned on logout this appears unnecessary,
>           in particular since this now brings the lifecycle of this
>           directory closer in line with how IPC objects are handled.
>
>         * systemd.pc now exports a number of additional directories,
>           including $libdir (which is useful to identify the library
>           path for the primary architecture of the system), and a
>           couple of drop-in directories.
>
>         * udev's predictable network interface names now use the dev_port
>           sysfs attribute, introduced in linux 3.15 instead of dev_id to
>           distinguish between ports of the same PCI function. dev_id should
>           only be used for ports using the same HW address, hence the need
>           for dev_port.
>
>         * machined has been updated to export the OS version of a
>           container (read from /etc/os-release and
>           /usr/lib/os-release) on the bus. This is now shown in
>           "machinectl status" for a machine.
>
>         * A new service setting RestartForceExitStatus= has been
>           added. If configured to a set of exit signals or process
>           return values, the service will be restarted when the main
>           daemon process exits with any of them, regardless of the
>           Restart= setting.
>
>         * systemctl's -H switch for connecting to remote systemd
>           machines has been extended so that it may be used to
>           directly connect to a specific container on the
>           host. "systemctl -H root at foobar:waldi" will now connect as
>           user "root" to host "foobar", and then proceed directly to
>           the container named "waldi". Note that currently you have to
>           authenticate as user "root" for this to work, as entering
>           containers is a privileged operation.
>
>         Contributions from: Andreas Henriksson, Benjamin Steinwender,
>         Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
>         Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
>         Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
>         Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
>         Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
>         Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
>         Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
>         Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
>         Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
>         Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
>         Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
>
>         -- Berlin, 2014-07-03
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel


More information about the systemd-devel mailing list