[systemd-devel] [ANNOUNCE] systemd 232
lennart at poettering.net
Thu Nov 3 18:20:56 UTC 2016
Here's a new release with many new features and even more fixes:
CHANGES WITH 232:
* The new RemoveIPC= option can be used to remove IPC objects owned by
the user or group of a service when that service exits.
* The new ProtectKernelModules= option can be used to disable explicit
load and unload operations of kernel modules by a service. In
addition access to /usr/lib/modules is removed if this option is set.
* ProtectSystem= option gained a new value "strict", which causes the
whole file system tree with the exception of /dev, /proc, and /sys,
to be remounted read-only for a service.
* The new ProtectKernelTunables= option can be used to disable
modification of configuration files in /sys and /proc by a service.
Various directories and files are remounted read-only, so access is
restricted even if the file permissions would allow it.
* The new ProtectControlGroups= option can be used to disable write
access by a service to /sys/fs/cgroup.
* Various systemd services have been hardened with
* Support for dynamically creating users for the lifetime of a service
has been added. If DynamicUser=yes is specified, user and group IDs
will be allocated from the range 61184..65519 for the lifetime of the
service. They can be resolved using the new nss-systemd.so NSS
module. The module must be enabled in /etc/nsswitch.conf. Services
started in this way have PrivateTmp= and RemoveIPC= enabled, so that
any resources allocated by the service will be cleaned up when the
service exits. They also have ProtectHome=read-only and
ProtectSystem=strict enabled, so they are not able to make any
permanent modifications to the system.
* The nss-systemd module also always resolves root and nobody, making
it possible to have no /etc/passwd or /etc/group files in minimal
container or chroot environments.
* Services may be started with their own user namespace using the new
boolean PrivateUsers= option. Only root, nobody, and the uid/gid
under which the service is running are mapped. All other users are
mapped to nobody.
* Support for the cgroup namespace has been added to systemd-nspawn. If
supported by kernel, the container system started by systemd-nspawn
will have its own view of the cgroup hierarchy. This new behaviour
can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
* The new MemorySwapMax= option can be used to limit the maximum swap
usage under the unified cgroup hierarchy.
* Support for the CPU controller in the unified cgroup hierarchy has
been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
options. This controller requires out-of-tree patches for the kernel
and the support is provisional.
* Mount and automount units may now be created transiently
(i.e. dynamically at runtime via the bus API, instead of requiring
unit files in the file system).
* systemd-mount is a new tool which may mount file systems – much like
mount(8), optionally pulling in additional dependencies through
transient .mount and .automount units. For example, this tool
automatically runs fsck on a backing block device before mounting,
and allows the automount logic to be used dynamically from the
command line for establishing mount points. This tool is particularly
useful when dealing with removable media, as it will ensure fsck is
run – if necessary – before the first access and that the file system
is quickly unmounted after each access by utilizing the automount
logic. This maximizes the chance that the file system on the
removable media stays in a clean state, and if it isn't in a clean
state is fixed automatically.
* LazyUnmount=yes option for mount units has been added to expose the
umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
* /efi will be used as the mount point of the EFI boot partition, if
the directory is present, and the mount point was not configured
through other means (e.g. fstab). If /efi directory does not exist,
/boot will be used as before. This makes it easier to automatically
mount the EFI partition on systems where /boot is used for something
* When operating on GPT disk images for containers, systemd-nspawn will
now mount the ESP to /boot or /efi according to the same rules as PID
1 running on a host. This allows tools like "bootctl" to operate
correctly within such containers, in order to make container images
bootable on physical systems.
* disk/by-id and disk/by-path symlinks are now created for NVMe drives.
* Two new user session targets have been added to support running
graphical sessions under the systemd --user instance:
graphical-session.target and graphical-session-pre.target. See
systemd.special(7) for a description of how those targets should be
* The vconsole initialization code has been significantly reworked to
use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
support unicode keymaps. Font and keymap configuration will now be
copied to all allocated virtual consoles.
* FreeBSD's bhyve virtualization is now detected.
* Information recorded in the journal for core dumps now includes the
contents of /proc/mountinfo and the command line of the process at
the top of the process hierarchy (which is usually the init process
of the container).
* systemd-journal-gatewayd learned the --directory= option to serve
files from the specified location.
* journalctl --root=… can be used to peruse the journal in the
/var/log/ directories inside of a container tree. This is similar to
the existing --machine= option, but does not require the container to
* The hardware database has been extended to support
ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
specify the click rate for mice which include a horizontal wheel with
a click rate that is different than the one for the vertical wheel.
* systemd-run gained a new --wait option that makes service execution
synchronous. (Specifically, the command will not return until the
specified service binary exited.)
* systemctl gained a new --wait option that causes the start command to
wait until the units being started have terminated again.
* A new journal output mode "short-full" has been added which displays
timestamps with abbreviated English day names and adds a timezone
suffix. Those timestamps include more information than the default
"short" output mode, and can be passed directly to journalctl's
--since= and --until= options.
* /etc/resolv.conf will be bind-mounted into containers started by
systemd-nspawn, if possible, so any changes to resolv.conf contents
are automatically propagated to the container.
* The number of instances for socket-activated services originating
from a single IP address can be limited with
MaxConnectionsPerSource=, extending the existing setting of
* systemd-networkd gained support for vcan ("Virtual CAN") interface
* .netdev and .network configuration can now be extended through
* UDP Segmentation Offload, TCP Segmentation Offload, Generic
Segmentation Offload, Generic Receive Offload, Large Receive Offload
can be enabled and disabled using the new UDPSegmentationOffload=,
GenericReceiveOffload=, LargeReceiveOffload= options in the
[Link] section of .link files.
* The Spanning Tree Protocol, Priority, Aging Time, and the Default
Port VLAN ID can be configured for bridge devices using the new STP=,
Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
section of .netdev files.
* The route table to which routes received over DHCP or RA should be
added can be configured with the new RouteTable= option in the [DHCP]
and [IPv6AcceptRA] sections of .network files.
* The Address Resolution Protocol can be disabled on links managed by
systemd-networkd using the ARP=no setting in the [Link] section of
* New environment variables $SERVICE_RESULT, $EXIT_CODE and
$EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
encode information about the result and exit codes of the current
service runtime cycle.
* systemd-sysctl will now configure kernel parameters in the order
they occur in the configuration files. This matches what sysctl
has been traditionally doing.
* kernel-install "plugins" that are executed to perform various
tasks after a new kernel is added and before an old one is removed
can now return a special value to terminate the procedure and
prevent any later plugins from running.
* Journald's SplitMode=login setting has been deprecated. It has been
removed from documentation, and its use is discouraged. In a future
release it will be completely removed, and made equivalent to current
default of SplitMode=uid.
* Storage=both option setting in /etc/systemd/coredump.conf has been
removed. With fast LZ4 compression storing the core dump twice is not
* The --share-system systemd-nspawn option has been replaced with an
(undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
this functionality is discouraged. In addition the variables
$SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
* "machinectl list" now shows the IP address of running containers in
the output, as well as OS release information.
* "loginctl list" now shows the TTY of each session in the output.
* sd-bus gained new API calls sd_bus_track_set_recursive(),
sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
tracking objects in a "recursive" mode, where a single client can be
counted multiple times, if it takes multiple references.
* sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
sd_bus_get_exit_on_disconnect(). They may be used to to make a
process using sd-bus automatically exit if the bus connection is
* Bus clients of the service manager may now "pin" loaded units into
memory, by taking an explicit reference on them. This is useful to
ensure the client can retrieve runtime data about the service even
after the service completed execution. Taking such a reference is
available only for privileged clients and should be helpful to watch
running services in a race-free manner, and in particular collect
information about exit statuses and results.
* The nss-resolve module has been changed to strictly return UNAVAIL
when communication via D-Bus with resolved failed, and NOTFOUND when
a lookup completed but was negative. This means it is now possible to
neatly configure fallbacks using nsswitch.conf result checking
expressions. Taking benefit of this, the new recommended
configuration line for the "hosts" entry in /etc/nsswitch.conf is:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
* A new setting CtrlAltDelBurstAction= has been added to
/etc/systemd/system.conf which may be used to configure the precise
behaviour if the user on the console presses Ctrl-Alt-Del more often
than 7 times in 2s. Previously this would unconditionally result in
an expedited, immediate reboot. With this new setting the precise
operation may be configured in more detail, and also turned off
* In .netdev files two new settings RemoteChecksumTx= and
RemoteChecksumRx= are now understood that permit configuring the
remote checksumming logic for VXLAN networks.
* The service manager learnt a new "invocation ID" concept for invoked
services. Each runtime cycle of a service will get a new invocation
ID (a 128bit random UUID) assigned that identifies the current
run of the service uniquely and globally. A new invocation ID
is generated each time a service starts up. The journal will store
the invocation ID of a service along with any logged messages, thus
making the invocation ID useful for matching the online runtime of a
service with the offline log data it generated in a safe way without
relying on synchronized timestamps. In many ways this new service
invocation ID concept is similar to the kernel's boot ID concept that
uniquely and globally identifies the runtime of each boot. The
invocation ID of a service is passed to the service itself via an
environment variable ($INVOCATION_ID). A new bus call
GetUnitByInvocationID() has been added that is similar to GetUnit()
but instead of retrieving the bus path for a unit by its name
retrieves it by its invocation ID. The returned path is valid only as
long as the passed invocation ID is current.
* systemd-resolved gained a new "DNSStubListener" setting in
resolved.conf. It either takes a boolean value or the special values
"udp" and "tcp", and configures whether to enable the stub DNS
listener on 127.0.0.53:53.
* IP addresses configured via networkd may now carry additional
configuration settings supported by the kernel. New options include:
HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
* The PAM configuration fragment file for "user at .service" shipped with
systemd (i.e. the --user instance of systemd) has been stripped to
the minimum necessary to make the system boot. Previously, it
contained Fedora-specific stanzas that did not apply to other
distributions. It is expected that downstream distributions add
additional configuration lines, matching their needs to this file,
using it only as rough template of what systemd itself needs. Note
that this reduced fragment does not even include an invocation of
pam_limits which most distributions probably want to add, even though
systemd itself does not need it. (There's also the new build time
option --with-pamconfdir=no to disable installation of the PAM
* If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
capability is now also dropped from its set (in addition to
CAP_SYS_MKNOD as before).
* In service unit files it is now possible to connect a specific named
file descriptor with stdin/stdout/stdout of an executed service. The
name may be specified in matching .socket units using the
* A number of journal settings may now be configured on the kernel
command line. Specifically, the following options are now understood:
* "systemctl is-enabled --full" will now show by which symlinks a unit
file is enabled in the unit dependency tree.
* Support for VeraCrypt encrypted partitions has been added to the
"cryptsetup" logic and /etc/crypttab.
* systemd-detect-virt gained support for a new --private-users switch
that checks whether the invoking processes are running inside a user
namespace. Similar, a new special value "private-users" for the
existing ConditionVirtualization= setting has been added, permitting
skipping of specific units in user namespace environments.
Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek, Zeal Jagannatha
— Santa Fe, 2016-11-03
Lennart Poettering, Red Hat
More information about the systemd-devel