[systemd-devel] [ANNOUNCE] systemd v227
Lennart Poettering
lennart at poettering.net
Wed Oct 7 08:12:19 PDT 2015
Heya!
We just tagged a new release. Lot's of new awesomeness, and many
bugfixes!
CHANGES WITH 227:
* systemd now depends on util-linux v2.27. More specifically,
the newly added mount monitor feature in libmount now
replaces systemd's former own implementation.
* libmount mandates /etc/mtab not to be regular file, and
systemd now enforces this condition at early boot.
/etc/mtab has been deprecated and warned about for a very
long time, so systems running systemd should already have
stopped having this file around as anything else than a
symlink to /proc/self/mounts.
* Support for the "pids" cgroup controller has been added. It
allows accounting the number of tasks in a cgroup and
enforcing limits on it. This adds two new setting
TasksAccounting= and TasksMax= to each unit, as well as a
global option DefaultTasksAccounting=.
* Support for the "net_cls" cgroup controller has been added.
It allows assigning a net class ID to each task in the
cgroup, which can then be used in firewall rules and traffic
shaping configurations. Note that the kernel netfilter net
class code does not currently work reliably for ingress
packets on unestablished sockets.
This adds a new config directive called NetClass= to CGroup
enabled units. Allowed values are positive numbers for fixed
assignments and "auto" for picking a free value
automatically.
* 'systemctl is-system-running' now returns 'offline' if the
system is not booted with systemd. This command can now be
used as a substitute for 'systemd-notify --booted'.
* Watchdog timeouts have been increased to 3 minutes for all
in-tree service files. Apparently, disk IO issues are more
frequent than we hoped, and user reported >1 minute waiting
for disk IO.
* 'machine-id-commit' functionality has been merged into
'machine-id-setup --commit'. The separate binary has been
removed.
* The WorkingDirectory= directive in unit files may now be set
to the special value '~'. In this case, the working
directory is set to the home directory of the user
configured in User=.
* "machinectl shell" will now open the shell in the home
directory of the selected user by default.
* The CrashChVT= configuration file setting is renamed to
CrashChangeVT=, following our usual logic of not
abbreviating unnecessarily. The old directive is still
supported for compat reasons. Also, this directive now takes
an integer value between 1 and 63, or a boolean value. The
formerly supported '-1' value for disabling stays around for
compat reasons.
* The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
NoNewPrivileges=, TTYPath=, WorkingDirectory= and
RootDirectory= properties can now be set for transient
units.
* The systemd-analyze tool gained a new "set-log-target" verb
to change the logging target the system manager logs to
dynamically during runtime. This is similar to how
"systemd-analyze set-log-level" already changes the log
level.
* In nspawn /sys is now mounted as tmpfs, with only a selected
set of subdirectories mounted in from the real sysfs. This
enhances security slightly, and is useful for ensuring user
namespaces work correctly.
* Support for USB FunctionFS activation has been added. This
allows implementation of USB gadget services that are
activated as soon as they are requested, so that they don't
have to run continously, similar to classic socket
activation.
* The "systemctl exit" command now optionally takes an
additional parameter that sets the exit code to return from
the systemd manager when exiting. This is only relevant when
running the systemd user instance, or when running the
system instance in a container.
* sd-bus gained the new API calls sd_bus_path_encode_many()
and sd_bus_path_decode_many() that allow easy encoding and
decoding of multiple identifier strings inside a D-Bus
object path. Another new call sd_bus_default_flush_close()
has been added to flush and close per-thread default
connections.
* systemd-cgtop gained support for a -M/--machine= switch to
show the control groups within a certain container only.
* "systemctl kill" gained support for an optional --fail
switch. If specified the requested operation will fail of no
processes have been killed, because the unit had no
processes attached, or similar.
* A new systemd.crash_reboot=1 kernel command line option has
been added that triggers a reboot after crashing. This can
also be set through CrashReboot= in systemd.conf.
* The RuntimeDirectory= setting now understands unit
specifiers like %i or %f.
* A new (still internal) libary API sd-ipv4acd has been added,
that implements address conflict detection for IPv4. It's
based on code from sd-ipv4ll, and will be useful for
detecting DHCP address conflicts.
* File descriptors passed during socket activation may now be
named. A new API sd_listen_fds_with_names() is added to
access the names. The default names may be overriden,
either in the .socket file using the FileDescriptorName=
parameter, or by passing FDNAME= when storing the file
descriptors using sd_notify().
* systemd-networkd gained support for:
- Setting the IPv6 Router Advertisment settings via
IPv6AcceptRouterAdvertisements= in .network files.
- Configuring the HelloTimeSec=, MaxAgeSec= and
ForwardDelaySec= bridge parameters in .netdev files.
- Configuring PreferredSource= for static routes in
.network files.
* The "ask-password" framework used to query for LUKS harddisk
passwords or SSL passwords during boot gained support for
caching passwords in the kernel keyring, if it is
available. This makes sure that the user only has to type in
a passphrase once if there are multiple objects to unlock
with the same one. Previously, such password caching was
available only when Plymouth was used; this moves the
caching logic into the systemd codebase itself. The
"systemd-ask-password" utility gained a new --keyname=
switch to control which kernel keyring key to use for
caching a password in. This functionality is also useful for
enabling display managers such as gdm to automatically
unlock the user's GNOME keyring if its passphrase, the
user's password and the harddisk password are the same, if
gdm-autologin is used.
* When downloading tar or raw images using "machinectl
pull-tar" or "machinectl pull-raw", a matching ".nspawn"
file is now also downloaded, if it is available and stored
next to the image file.
* Units of type ".socket" gained a new boolean setting
Writable= which is only useful in conjunction with
ListenSpecial=. If true, enables opening the specified
special file in O_RDWR mode rather than O_RDONLY mode.
* systemd-rfkill has been reworked to become a singleton
service that is activated through /dev/rfkill on each rfkill
state change and saves the settings to disk. This way,
systemd-rfkill is now compatible with devices that exist
only intermittendly, and even restores state if the previous
system shutdown was abrupt rather than clean.
* The journal daemon gained support for vacuuming old journal
files controlled by the number of files that shall remain,
in addition to the already existing control by size and by
date. This is useful as journal interleaving performance
degrades with too many seperate journal files, and allows
putting an effective limit on them. The new setting defaults
to 100, but this may be changed by setting SystemMaxFiles=
and RuntimeMaxFiles= in journald.conf. Also, the
"journalctl" tool gained the new --vacuum-files= switch to
manually vacuum journal files to leave only the specified
number of files in place.
* udev will now create /dev/disk/by-path links for ATA devices
on kernels where that is supported.
* Galician, Serbian, Turkish and Korean translations were added.
Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
(Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
Zbigniew Jędrzejewski-Szmek, Марко М. Костић
-- Milina, 2015-10-07
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list