[systemd-devel] [ANNOUNCE] systemd v239
lennart at poettering.net
Fri Jun 22 11:19:51 UTC 2018
I am happy to announce systemd v239:
CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
builtin will name network interfaces differently than in previous
versions for virtual network interfaces created with SR-IOV and NPAR
and for devices where the PCI network controller device does not have
a slot number associated.
SR-IOV virtual devices are now named based on the name of the parent
interface, with a suffix of "v<N>", where <N> is the virtual device
number. Previously those virtual devices were named as if completely
The ninth and later NPAR virtual devices will be named following the
scheme used for the first eight NPAR partitions. Previously those
devices were not renamed and the kernel default (eth<n>) was used.
"net_id" will also generate names for PCI devices where the PCI
network controller device does not have an associated slot number
itself, but one of its parents does. Previously those devices were
not renamed and the kernel default (eth<n>) was used.
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
systemd-logind.service. Since v235, IPAddressDeny=any has been set to
the unit. So, it is expected that the default behavior of
systemd-logind is not changed. However, if distribution packagers or
administrators disabled or modified IPAddressDeny= setting by a
drop-in config file, then it may be necessary to update the file to
re-enable AF_INET and AF_INET6 to support network user name services,
* When the RestrictNamespaces= unit property is specified multiple
times, then the specified types are merged now. Previously, only the
last assignment was used. So, if distribution packagers or
administrators modified the setting by a drop-in config file, then it
may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
failures that result in restarting. Previously, the specified units
would be activated each time the unit failed, even when the unit was
going to be restarted automatically. This behaviour contradicted the
documentation. With this release the code is adjusted to match the
* systemd-tmpfiles will now print a notice whenever it encounters
tmpfiles.d/ lines referencing the /var/run/ directory. It will
recommend reworking them to use the /run/ directory instead (for
which /var/run/ is simply a symlinked compatibility alias). This way
systemd-tmpfiles can properly detect line conflicts and merge lines
referencing the same file by two paths, without having to access
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
behaviour that wasn't useful. systemctl disable/unmask will now undo
both runtime and persistent enablement/masking, i.e. it will remove
any relevant symlinks both in /run and /etc.
* Note that all long-running system services shipped with systemd will
now default to a system call whitelist (rather than a blacklist, as
before). In particular, systemd-udevd will now enforce one too. For
most cases this should be safe, however downstream distributions
which disabled sandboxing of systemd-udevd (specifically the
MountFlags= setting), might want to disable this security feature
too, as the default whitelisting will prohibit all mount, swap,
reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
reboot-into-firmware menu items. It is also able to pick a better
screen resolution for HiDPI systems, and now provides loader
configuration settings to change the resolution explicitly.
* systemd-resolved now supports DNS-over-TLS. It's still
turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.
* systemd-resolved.service and systemd-networkd.service now set
DynamicUser=yes. The users systemd-resolve and systemd-network are
not created by systemd-sysusers.
* The systemd-resolve tool has been renamed to resolvectl (it also
remains available under the old name, for compatibility), and its
interface is now verb-based, similar in style to the other <xyz>ctl
tools, such as systemctl or loginctl.
* The resolvectl/systemd-resolve tool also provides 'resolvconf'
compatibility. It may be symlinked under the 'resolvconf' name, in
which case it will take arguments and input compatible with the
Debian and FreeBSD resolvconf tool.
* Support for suspend-then-hibernate has been added, i.e. a sleep mode
where the system initially suspends, and after a time-out resumes and
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
set the client will only send a DUID as client identifier.
* The nss-systemd glibc NSS module will now enumerate dynamic users and
groups in effect. Previously, it could resolve UIDs/GIDs to user
names/groups and vice versa, but did not support enumeration.
* journald's Compress= configuration setting now optionally accepts a
byte threshold value. All journal objects larger than this threshold
will be compressed, smaller ones will not. Previously this threshold
was not configurable and set to 512.
* A new system.conf setting NoNewPrivileges= is now available which may
be used to turn off acquisition of new privileges system-wide
(i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
for all its children). Note that turning this option on means setuid
binaries and file system capabilities lose their special powers.
While turning on this option is a big step towards a more secure
system, doing so is likely to break numerous pre-existing UNIX tools,
in particular su and sudo.
* A new service systemd-time-sync-wait.service has been added. If
enabled it will delay the time-sync.target unit at boot until time
synchronization has been received from the network. This
functionality is useful on systems lacking a local RTC or where it is
acceptable that the boot process shall be delayed by external network
* When hibernating, systemd will now inform the kernel of the image
write offset, on kernels new enough to support this. This means swap
files should work for hibernation now.
* When loading unit files, systemd will now look for drop-in unit files
extensions in additional places. Previously, for a unit file name
"foo-bar-baz.service" it would look for dropin files in
"foo-bar-baz.service.d/*.conf". Now, it will also look in
"foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
service name truncated after all inner dashes. This scheme allows
writing drop-ins easily that apply to a whole set of unit files at
once. It's particularly useful for mount and slice units (as their
naming is prefix based), but is also useful for service and other
units, for packages that install multiple unit files at once,
following a strict naming regime of beginning the unit file name with
the package's name. Two new specifiers are now supported in unit
files to match this: %j and %J are replaced by the part of the unit
name following the last dash.
* Unit files and other configuration files that support specifier
expansion now understand another three new specifiers: %T and %V will
resolve to /tmp and /var/tmp respectively, or whatever temporary
directory has been set for the calling user. %E will expand to either
/etc (for system units) or $XDG_CONFIG_HOME (for user units).
* The ExecStart= lines of unit files are no longer required to
reference absolute paths. If non-absolute paths are specified the
specified binary name is searched within the service manager's
built-in $PATH, which may be queried with 'systemd-path
search-binaries-default'. It's generally recommended to continue to
use absolute paths for all binaries specified in unit files.
* Units gained a new load state "bad-setting", which is used when a
unit file was loaded, but contained fatal errors which prevent it
from being started (for example, a service unit has been defined
lacking both ExecStart= and ExecStop= lines).
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
support alternative debuggers, for example lldb. The old name
continues to be available however, for compatibility reasons. Use the
new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
to pick an alternative debugger instead of the default gdb.
* systemctl and the other tools will now output escape sequences that
generate proper clickable hyperlinks in various terminal emulators
where useful (for example, in the "systemctl status" output you can
now click on the unit file name to quickly open it in the
editor/viewer of your choice). Note that not all terminal emulators
support this functionality yet, but many do. Unfortunately, the
"less" pager doesn't support this yet, hence this functionality is
currently automatically turned off when a pager is started (which
happens quite often due to auto-paging). We hope to remove this
limitation as soon as "less" learns these escape sequences. This new
behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
environment variable. For details on these escape sequences see:
* networkd's .network files now support a new IPv6MTUBytes= option for
setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
option in the [Route] section to configure the MTU to use for
specific routes. It also gained support for configuration of the DHCP
"UserClass" option through the new UserClass= setting. It gained
three new options in the new [CAN] section for configuring CAN
networks. The MULTICAST and ALLMULTI interface flags may now be
controlled explicitly with the new Multicast= and AllMulticast=
* networkd will now automatically make use of the kernel's route
expiration feature, if it is available.
* udevd's .link files now support setting the number of receive and
transmit channels, using the RxChannels=, TxChannels=,
OtherChannels=, CombinedChannels= settings.
* Support for UDPSegmentationOffload= has been removed, given its
limited support in hardware, and waning software support.
* networkd's .netdev files now support creating "netdevsim" interfaces.
* PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
to query the unit belonging to a specific kernel control group.
* systemd-analyze gained a new verb "cat-config", which may be used to
dump the contents of any configuration file, with all its matching
drop-in files added in, and honouring the usual search and masking
logic applied to systemd configuration files. For example use
"systemd-analyze cat-config systemd/system.conf" to get the complete
system configuration file of systemd how it would be loaded by PID 1
itself. Similar to this, various tools such as systemd-tmpfiles or
systemd-sysusers, gained a new option "--cat-config", which does the
corresponding operation for their own configuration settings. For
example, "systemd-tmpfiles --cat-config" will now output the full
list of tmpfiles.d/ lines in place.
* timedatectl gained three new verbs: "show" shows bus properties of
systemd-timedated, "timesync-status" shows the current NTP
synchronization state of systemd-timesyncd, and "show-timesync"
shows bus properties of systemd-timesyncd.
* systemd-timesyncd gained a bus interface on which it exposes details
about its state.
* A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
understood by systemd-timedated. It takes a colon-separated list of
unit names of NTP client services. The list is used by
* systemd-nspawn gained a new --rlimit= switch for setting initial
resource limits for the container payload. There's a new switch
--hostname= to explicitly override the container's hostname. A new
--no-new-privileges= switch may be used to control the
PR_SET_NO_NEW_PRIVS flag for the container payload. A new
--oom-score-adjust= switch controls the OOM scoring adjustment value
for the payload. The new --cpu-affinity= switch controls the CPU
affinity of the container payload. The new --resolv-conf= switch
allows more detailed control of /etc/resolv.conf handling of the
container. Similarly, the new --timezone= switch allows more detailed
control of /etc/localtime handling of the container.
* systemd-detect-virt gained a new --list switch, which will print a
list of all currently known VM and container environments.
* Support for "Portable Services" has been added, see
doc/PORTABLE_SERVICES.md for details. Currently, the support is still
experimental, but this is expected to change soon. Reflecting this
experimental state, the "portablectl" binary is not installed into
/usr/bin yet. The binary has to be called with the full path
* journalctl's and systemctl's -o switch now knows a new log output
mode "with-unit". The output it generates is very similar to the
regular "short" mode, but displays the unit name instead of the
syslog tag for each log line. Also, the date is shown with timezone
information. This mode is probably more useful than the classic
"short" output mode for most purposes, except where pixel-perfect
compatibility with classic /var/log/messages formatting is required.
* A new --dump-bus-properties switch has been added to the systemd
binary, which may be used to dump all supported D-Bus properties.
(Options which are still supported, but are deprecated, are *not*
* sd-bus gained a set of new calls:
sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
enable/disable the "floating" state of a bus slot object,
i.e. whether the slot object pins the bus it is allocated for into
memory or if the bus slot object gets disconnected when the bus goes
sd_bus_open_system_with_description() may be used to allocate bus
objects and set their description string already during allocation.
* sd-event gained support for watching inotify events from the event
loop, in an efficient way, sharing inotify handles between multiple
users. For this a new function sd_event_add_inotify() has been added.
* sd-event and sd-bus gained support for calling special user-supplied
destructor functions for userdata pointers associated with
sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
sd_event_source_get_destroy_callback have been added.
* The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
* PID 1 will now automatically reschedule .timer units whenever the
local timezone changes. (They previously got rescheduled
automatically when the system clock changed.)
* New documentation has been added to document cgroups delegation,
portable services and the various code quality tools we have set up:
* The Boot Loader Specification has been added to the source tree.
While moving it into our source tree we have updated it and further
changes are now accepted through the usual github PR workflow.
* pam_systemd will now look for PAM userdata fields systemd.memory_max,
systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
earlier PAM modules. The data in these fields is used to initialize
the session scope's resource properties. Thus external PAM modules
may now configure per-session limits, for example sourced from
external user databases.
* socket units with Accept=yes will now maintain a "refused" counter in
addition to the existing "accepted" counter, counting connections
refused due to the enforced limits.
* The "systemd-path search-binaries-default" command may now be use to
query the default, built-in $PATH PID 1 will pass to the services it
* A new unit file setting PrivateMounts= has been added. It's a boolean
option. If enabled the unit's processes are invoked in their own file
system namespace. Note that this behaviour is also implied if any
other file system namespacing options (such as PrivateTmp=,
PrivateDevices=, ProtectSystem=, …) are used. This option is hence
primarily useful for services that do not use any of the other file
system namespacing options. One such service is systemd-udevd.service
wher this is now used by default.
* ConditionSecurity= gained a new value "uefi-secureboot" that is true
when the system is booted in UEFI "secure mode".
* A new unit "system-update-pre.target" is added, which defines an
optional synchronization point for offline system updates, as
implemented by the pre-existing "system-update.target" unit. It
allows ordering services before the service that executes the actual
update process in a generic way.
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2018-06-22
Lennart Poettering, Red Hat
More information about the systemd-devel