[systemd-devel] [ANNOUNCE] systemd v230
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Mon May 23 07:12:58 UTC 2016
On Mon, May 23, 2016 at 01:33:57AM -0400, Dave Reisner wrote:
> On Sat, May 21, 2016 at 10:51:13PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> > Hi,
> >
> > systemd v230 has been tagged. Enjoy!
> >
> > CHANGES WITH 230:
>
> Hi,
>
> One important change missing from this list is 7163e1ca1108d7 -- if you
> use systemd in your initramfs and do not add initrd-root-device.target,
> bootup may fail due to races.
Yeah, you're right. Care to submit a (retroactive) PR with addition to NEWS?
Zbyszek
>
> >
> > * DNSSEC is now turned on by default in systemd-resolved (in
> > "allow-downgrade" mode), but may be turned off during compile time by
> > passing "--with-default-dnssec=no" to "configure" (and of course,
> > during runtime with DNSSEC= in resolved.conf). We recommend
> > downstreams to leave this on at least during development cycles and
> > report any issues with the DNSSEC logic upstream. We are very
> > interested in collecting feedback about the DNSSEC validator and its
> > limitations in the wild. Note however, that DNSSEC support is
> > probably nothing downstreams should turn on in stable distros just
> > yet, as it might create incompatibilities with a few DNS servers and
> > networks. We tried hard to make sure we downgrade to non-DNSSEC mode
> > automatically whenever we detect such incompatible setups, but there
> > might be systems we do not cover yet. Hence: please help us testing
> > the DNSSEC code, leave this on where you can, report back, but then
> > again don't consider turning this on in your stable, LTS or
> > production release just yet. (Note that you have to enable
> > nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
> > and its DNSSEC mode for host name resolution from local
> > applications.)
> >
> > * systemd-resolve conveniently resolves DANE records with the --tlsa
> > option and OPENPGPKEY records with the --openpgp option. It also
> > supports dumping raw DNS record data via the new --raw= switch.
> >
> > * systemd-logind will now by default terminate user processes that are
> > part of the user session scope unit (session-XX.scope) when the user
> > logs out. This behavior is controlled by the KillUserProcesses=
> > setting in logind.conf, and the previous default of "no" is now
> > changed to "yes". This means that user sessions will be properly
> > cleaned up after, but additional steps are necessary to allow
> > intentionally long-running processes to survive logout.
> >
> > While the user is logged in at least once, user at .service is running,
> > and any service that should survive the end of any individual login
> > session can be started at a user service or scope using systemd-run.
> > systemd-run(1) man page has been extended with an example which shows
> > how to run screen in a scope unit underneath user at .service. The same
> > command works for tmux.
> >
> > After the user logs out of all sessions, user at .service will be
> > terminated too, by default, unless the user has "lingering" enabled.
> > To effectively allow users to run long-term tasks even if they are
> > logged out, lingering must be enabled for them. See loginctl(1) for
> > details. The default polkit policy was modified to allow users to
> > set lingering for themselves without authentication.
> >
> > Previous defaults can be restored at compile time by the
> > --without-kill-user-processes option to "configure".
> >
> > * systemd-logind gained new configuration settings SessionsMax= and
> > InhibitorsMax=, both with a default of 8192. It will not register new
> > user sessions or inhibitors above this limit.
> >
> > * systemd-logind will now reload configuration on SIGHUP.
> >
> > * The unified cgroup hierarchy added in Linux 4.5 is now supported.
> > Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
> > enable. Also, support for the "io" cgroup controller in the unified
> > hierarchy has been added, so that the "memory", "pids" and "io" are
> > now the controllers that are supported on the unified hierarchy.
> >
> > WARNING: it is not possible to use previous systemd versions with
> > systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
> > is necessary to also update systemd in the initramfs if using the
> > unified hierarchy. An updated SELinux policy is also required.
> >
> > * LLDP support has been extended, and both passive (receive-only) and
> > active (sender) modes are supported. Passive mode ("routers-only") is
> > enabled by default in systemd-networkd. Active LLDP mode is enabled
> > by default for containers on the internal network. The "networkctl
> > lldp" command may be used to list information gathered. "networkctl
> > status" will also show basic LLDP information on connected peers now.
> >
> > * The IAID and DUID unique identifier sent in DHCP requests may now be
> > configured for the system and each .network file managed by
> > systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
> >
> > * systemd-networkd gained support for configuring proxy ARP support for
> > each interface, via the ProxyArp= setting in .network files. It also
> > gained support for configuring the multicast querier feature of
> > bridge devices, via the new MulticastQuerier= setting in .netdev
> > files. Similarly, snooping on the IGMP traffic can be controlled
> > via the new setting MulticastSnooping=.
> >
> > A new setting PreferredLifetime= has been added for addresses
> > configured in .network file to configure the lifetime intended for an
> > address.
> >
> > The systemd-networkd DHCP server gained the option EmitRouter=, which
> > defaults to yes, to configure whether the DHCP Option 3 (Router)
> > should be emitted.
> >
> > * The testing tool /usr/lib/systemd/systemd-activate is renamed to
> > systemd-socket-activate and installed into /usr/bin. It is now fully
> > supported.
> >
> > * systemd-journald now uses separate threads to flush changes to disk
> > when closing journal files, thus reducing impact of slow disk I/O on
> > logging performance.
> >
> > * The sd-journal API gained two new calls
> > sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
> > can be used to open journal files using file descriptors instead of
> > file or directory paths. sd_journal_open_container() has been
> > deprecated, sd_journal_open_directory_fd() should be used instead
> > with the flag SD_JOURNAL_OS_ROOT.
> >
> > * journalctl learned a new output mode "-o short-unix" that outputs log
> > lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
> > UTC). It also gained support for a new --no-hostname setting to
> > suppress the hostname column in the family of "short" output modes.
> >
> > * systemd-ask-password now optionally skips printing of the password to
> > stdout with --no-output which can be useful in scripts.
> >
> > * Framebuffer devices (/dev/fb*) and 3D printers and scanners
> > (devices tagged with ID_MAKER_TOOL) are now tagged with
> > "uaccess" and are available to logged in users.
> >
> > * The DeviceAllow= unit setting now supports specifiers (with "%").
> >
> > * "systemctl show" gained a new --value switch, which allows print a
> > only the contents of a specific unit property, without also printing
> > the property's name. Similar support was added to "show*" verbs
> > of loginctl and machinectl that output "key=value" lists.
> >
> > * A new unit type "generated" was added for files dynamically generated
> > by generator tools. Similarly, a new unit type "transient" is used
> > for unit files created using the runtime API. "systemctl enable" will
> > refuse to operate on such files.
> >
> > * A new command "systemctl revert" has been added that may be used to
> > revert to the vendor version of a unit file, in case local changes
> > have been made by adding drop-ins or overriding the unit file.
> >
> > * "machinectl clean" gained a new verb to automatically remove all or
> > just hidden container images.
> >
> > * systemd-tmpfiles gained support for a new line type "e" for emptying
> > directories, if they exist, without creating them if they don't.
> >
> > * systemd-nspawn gained support for automatically patching the UID/GIDs
> > of the owners and the ACLs of all files and directories in a
> > container tree to match the UID/GID user namespacing range selected
> > for the container invocation. This mode is enabled via the new
> > --private-user-chown switch. It also gained support for automatically
> > choosing a free, previously unused UID/GID range when starting a
> > container, via the new --private-users=pick setting (which implies
> > --private-user-chown). Together, these options for the first time
> > make user namespacing for nspawn containers fully automatic and thus
> > deployable. The systemd-nspaw at .service template unit file has been
> > changed to use this functionality by default.
> >
> > * systemd-nspawn gained a new --network-zone= switch, that allows
> > creating ad-hoc virtual Ethernet links between multiple containers,
> > that only exist as long as at least one container referencing them is
> > running. This allows easy connecting of multiple containers with a
> > common link that implements an Ethernet broadcast domain. Each of
> > these network "zones" may be named relatively freely by the user, and
> > may be referenced by any number of containers, but each container may
> > only reference one of these "zones". On the lower level, this is
> > implemented by an automatically managed bridge network interface for
> > each zone, that is created when the first container referencing its
> > zone is created and removed when the last one referencing its zone
> > terminates.
> >
> > * The default start timeout may now be configured on the kernel command
> > line via systemd.default_timeout_start_sec=. It was already
> > configurable via the DefaultTimeoutStartSec= option in
> > /etc/systemd/system.conf.
> >
> > * Socket units gained a new TriggerLimitIntervalSec= and
> > TriggerLimitBurst= setting to configure a limit on the activation
> > rate of the socket unit.
> >
> > * The LimitNICE= setting now optionally takes normal UNIX nice values
> > in addition to the raw integer limit value. If the specified
> > parameter is prefixed with "+" or "-" and is in the range -20..19 the
> > value is understood as UNIX nice value. If not prefixed like this it
> > is understood as raw RLIMIT_NICE limit.
> >
> > * Note that the effect of the PrivateDevices= unit file setting changed
> > slightly with this release: the per-device /dev file system will be
> > mounted read-only from this version on, and will have "noexec"
> > set. This (minor) change of behavior might cause some (exceptional)
> > legacy software to break, when PrivateDevices=yes is set for its
> > service. Please leave PrivateDevices= off if you run into problems
> > with this.
> >
> > * systemd-bootchart has been split out to a separate repository:
> > https://github.com/systemd/systemd-bootchart
> >
> > * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
> > merged into the kernel in its current form.
> >
> > * The compatibility libraries libsystemd-daemon.so,
> > libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
> > which have been deprecated since systemd-209 have been removed along
> > with the corresponding pkg-config files. All symbols provided by
> > those libraries are provided by libsystemd.so.
> >
> > * The Capabilities= unit file setting has been removed (it is ignored
> > for backwards compatibility). AmbientCapabilities= and
> > CapabilityBoundingSet= should be used instead.
> >
> > Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
> > Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
> > Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
> > Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
> > Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
> > R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
> > Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
> > Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
> > Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
> > Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
> > John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
> > Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
> > Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
> > Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
> > Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
> > mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
> > Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
> > Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
> > Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
> > Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
> > Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
> > Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
> > Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
> > Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
> > Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
> > Jędrzejewski-Szmek
> >
> > — Fairfax, 2016-05-21
> >
> > Zbyszek
> > _______________________________________________
> > systemd-devel mailing list
> > systemd-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
More information about the systemd-devel
mailing list