[systemd-devel] [ANNOUNCE] systemd v228
Umut Tezduyar Lindskog
umut at tezduyar.com
Thu Nov 19 02:17:13 PST 2015
On Wed, Nov 18, 2015 at 10:13 AM, David Herrmann <dh.herrmann at gmail.com> wrote:
> Hey!
>
> We just tagged a new release, slightly delayed due to the conference.
> It includes several new features, some old cruft removed, and many
> bugfixes!
>
> CHANGES WITH 228:
>
> * A number of properties previously only settable in unit
> files are now also available as properties to set when
> creating transient units programmatically via the bus, as it
> is exposed with systemd-run's --property=
> setting. Specifically, these are: SyslogIdentifier=,
> SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
> EnvironmentFile=, ReadWriteDirectories=,
> ReadOnlyDirectories=, InaccessibleDirectories=,
> ProtectSystem=, ProtectHome=, RuntimeDirectory=.
>
> * When creating transient services via the bus API it is now
> possible to pass in a set of file descriptors to use as
> STDIN/STDOUT/STDERR for the invoked process.
>
> * Slice units may now be created transiently via the bus APIs,
> similar to the way service and scope units may already be
> created transiently.
>
> * Wherever systemd expects a calendar timestamp specification
> (like in journalctl's --since= and --until= switches) UTC
> timestamps are now supported. Timestamps suffixed with "UTC"
> are now considered to be in Universal Time Coordinated
> instead of the local timezone. Also, timestamps may now
> optionally be specified with sub-second accuracy. Both of
> these additions also apply to recurring calendar event
> specification, such as OnCalendar= in timer units.
>
> * journalctl gained a new "--sync" switch that asks the
> journal daemon to write all so far unwritten log messages to
> disk and sync the files, before returning.
>
> * systemd-tmpfiles learned two new line types "q" and "Q" that
> operate like "v", but also set up a basic btrfs quota
> hierarchy when used on a btrfs file system with quota
> enabled.
>
> * tmpfiles' "v", "q" and "Q" will now create a plain directory
> instead of a subvolume (even on a btrfs file system) if the
> root directory is a plain directory, and not a
> subvolume. This should simplify things with certain chroot()
> environments which are not aware of the concept of btrfs
> subvolumes.
>
> * systemd-detect-virt gained a new --chroot switch to detect
> whether execution takes place in a chroot() environment.
>
> * CPUAffinity= now takes CPU index ranges in addition to
> individual indexes.
>
> * The various memory-related resource limit settings (such as
> LimitAS=) now understand the usual K, M, G, ... suffixes to
> the base of 1024 (IEC). Similar, the time-related resource
> limit settings understand the usual min, h, day, ...
> suffixes now.
>
> * There's a new system.conf setting DefaultTasksMax= to
> control the default TasksMax= setting for services and
> scopes running on the system. (TasksMax= is the primary
> setting that exposes the "pids" cgroup controller on systemd
> and was introduced in the previous systemd release.) The
> setting now defaults to 512, which means services that are
> not explicitly configured otherwise will only be able to
> create 512 processes or threads at maximum, from this
> version on. Note that this means that thread- or
> process-heavy services might need to be reconfigured to set
> TasksMax= to a higher value. It is sufficient to set
> TasksMax= in these specific unit files to a higher value, or
> even "infinity". Similar, there's now a logind.conf setting
> UserTasksMax= that defaults to 4096 and limits the total
> number of processes or tasks each user may own
> concurrently. nspawn containers also have the TasksMax=
> value set by default now, to 8192. Note that all of this
> only has an effect if the "pids" cgroup controller is
> enabled in the kernel. The general benefit of these changes
> should be a more robust and safer system, that provides a
> certain amount of per-service fork() bomb protection.
>
> * systemd-nspawn gained the new --network-veth-extra= switch
> to define additional and arbitrarily-named virtual Ethernet
> links between the host and the container.
>
> * A new service execution setting PassEnvironment= has been
> added that allows importing select environment variables
> from PID1's environment block into the environment block of
> the service.
>
> * systemd will now bump the net.unix.max_dgram_qlen to 512 by
> default now (the kernel default is 16). This is beneficial
AFAIK default is 10 which means you can queue 11 messages before
blocking on the socket.
cat /proc/sys/net/unix/max_dgram_qlen
> for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
> allows substantially larger numbers of queued
> datagrams. This should increase the capability of systemd to
> parallelize boot-up, as logging and sd_notify() are unlikely
> to stall execution anymore. If you need to change the value
> from the new defaults, use the usual sysctl.d/ snippets.
>
> * The compression framing format used by the journal or
> coredump processing has changed to be in line with what the
> official LZ4 tools generate. LZ4 compression support in
> systemd was considered unsupported previously, as the format
> was not compatible with the normal tools. With this release
> this has changed now, and it is hence safe for downstream
> distributions to turn it on. While not compressing as well
> as the XZ, LZ4 is substantially faster, which makes
> it a good default choice for the compression logic in the
> journal and in coredump handling.
>
> * Any reference to /etc/mtab has been dropped from
> systemd. The file has been obsolete since a while, but
> systemd refused to work on systems where it was incorrectly
> set up (it should be a symlink or non-existent). Please make
> sure to update to util-linux 2.27.1 or newer in conjunction
> with this systemd release, which also drops any reference to
> /etc/mtab. If you maintain a distribution make sure that no
> software you package still references it, as this is a
> likely source of bugs. There's also a glibc bug pending,
> asking for removal of any reference to this obsolete file:
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=19108
>
> * Support for the ".snapshot" unit type has been removed. This
> feature turned out to be little useful and little used, and
> has now been removed from the core and from systemctl.
>
> * The dependency types RequiresOverridable= and
> RequisiteOverridable= have been removed from systemd. They
> have been used only very sparingly to our knowledge and
> other options that provide a similar effect (such as
> systemctl --mode=ignore-dependencies) are much more useful
> and commonly used. Moreover, they were only half-way
> implemented as the option to control behaviour regarding
> these dependencies was never added to systemctl. By removing
> these dependency types the execution engine becomes a bit
> simpler. Unit files that use these dependencies should be
> changed to use the non-Overridable dependency types
> instead. In fact, when parsing unit files with these
> options, that's what systemd will automatically convert them
> too, but it will also warn, asking users to fix the unit
> files accordingly. Removal of these dependency types should
> only affect a negligible number of unit files in the wild.
>
> * Behaviour of networkd's IPForward= option changed
> (again). It will no longer maintain a per-interface setting,
> but propagate one way from interfaces where this is enabled
> to the global kernel setting. The global setting will be
> enabled when requested by a network that is set up, but
> never be disabled again. This change was made to make sure
> IPv4 and IPv6 behaviour regarding packet forwarding is
> similar (as the Linux IPv6 stack does not support
> per-interface control of this setting) and to minimize
> surprises.
>
> * In unit files the behaviour of %u, %U, %h, %s has
> changed. These specifiers will now unconditionally resolve
> to the various user database fields of the user that the
> systemd instance is running as, instead of the user
> configured in the specific unit via User=. Note that this
> effectively doesn't change much, as resolving of these
> specifiers was already turned off in the --system instance
> of systemd, as we cannot do NSS lookups from PID 1. In the
> --user instance of systemd these specifiers where correctly
> resolved, but hardly made any sense, since the user instance
> lacks privileges to do user switches anyway, and User= is
> hence useless. Morever, even in the --user instance of
> systemd behaviour was awkward as it would only take settings
> from User= assignment placed before the specifier into
> account. In order to unify and simplify the logic around
> this the specifiers will now always resolve to the
> credentials of the user invoking the manager (which in case
> of PID 1 is the root user).
>
> Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
> Yang, Daniel Machon, Daniel Mack, David Herrmann, David
> Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
> Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
> Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
> Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
> Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
> Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
> Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
> Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
> Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
> Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
> Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
> Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
> Jędrzejewski-Szmek
>
> -- Berlin, 2015-11-18
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list