[systemd-devel] [ANNOUNCE] systemd v239

Lennart Poettering lennart at poettering.net
Fri Jun 22 11:19:51 UTC 2018


I am happy to announce systemd v239:




        * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
          builtin will name network interfaces differently than in previous
          versions for virtual network interfaces created with SR-IOV and NPAR
          and for devices where the PCI network controller device does not have
          a slot number associated.

          SR-IOV virtual devices are now named based on the name of the parent
          interface, with a suffix of "v<N>", where <N> is the virtual device
          number. Previously those virtual devices were named as if completely

          The ninth and later NPAR virtual devices will be named following the
          scheme used for the first eight NPAR partitions. Previously those
          devices were not renamed and the kernel default (eth<n>) was used.

          "net_id" will also generate names for PCI devices where the PCI
          network controller device does not have an associated slot number
          itself, but one of its parents does. Previously those devices were
          not renamed and the kernel default (eth<n>) was used.

        * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
          systemd-logind.service. Since v235, IPAddressDeny=any has been set to
          the unit. So, it is expected that the default behavior of
          systemd-logind is not changed. However, if distribution packagers or
          administrators disabled or modified IPAddressDeny= setting by a
          drop-in config file, then it may be necessary to update the file to
          re-enable AF_INET and AF_INET6 to support network user name services,
          e.g. NIS.

        * When the RestrictNamespaces= unit property is specified multiple
          times, then the specified types are merged now. Previously, only the
          last assignment was used. So, if distribution packagers or
          administrators modified the setting by a drop-in config file, then it
          may be necessary to update the file.

        * When OnFailure= is used in combination with Restart= on a service
          unit, then the specified units will no longer be triggered on
          failures that result in restarting. Previously, the specified units
          would be activated each time the unit failed, even when the unit was
          going to be restarted automatically. This behaviour contradicted the
          documentation. With this release the code is adjusted to match the

        * systemd-tmpfiles will now print a notice whenever it encounters
          tmpfiles.d/ lines referencing the /var/run/ directory. It will
          recommend reworking them to use the /run/ directory instead (for
          which /var/run/ is simply a symlinked compatibility alias). This way
          systemd-tmpfiles can properly detect line conflicts and merge lines
          referencing the same file by two paths, without having to access

        * systemctl disable/unmask/preset/preset-all cannot be used with
          --runtime. Previously this was allowed, but resulted in unintuitive
          behaviour that wasn't useful. systemctl disable/unmask will now undo
          both runtime and persistent enablement/masking, i.e. it will remove
          any relevant symlinks both in /run and /etc.

        * Note that all long-running system services shipped with systemd will
          now default to a system call whitelist (rather than a blacklist, as
          before). In particular, systemd-udevd will now enforce one too. For
          most cases this should be safe, however downstream distributions
          which disabled sandboxing of systemd-udevd (specifically the
          MountFlags= setting), might want to disable this security feature
          too, as the default whitelisting will prohibit all mount, swap,
          reboot and clock changing operations from udev rules.

        * sd-boot acquired new loader configuration settings to optionally turn
          off Windows and MacOS boot partition discovery as well as
          reboot-into-firmware menu items. It is also able to pick a better
          screen resolution for HiDPI systems, and now provides loader
          configuration settings to change the resolution explicitly.

        * systemd-resolved now supports DNS-over-TLS. It's still
          turned off by default, use DNSOverTLS=opportunistic to turn it on in
          resolved.conf. We intend to make this the default as soon as couple
          of additional techniques for optimizing the initial latency caused by
          establishing a TLS/TCP connection are implemented.

        * systemd-resolved.service and systemd-networkd.service now set
          DynamicUser=yes. The users systemd-resolve and systemd-network are
          not created by systemd-sysusers.

        * The systemd-resolve tool has been renamed to resolvectl (it also
          remains available under the old name, for compatibility), and its
          interface is now verb-based, similar in style to the other <xyz>ctl
          tools, such as systemctl or loginctl.

        * The resolvectl/systemd-resolve tool also provides 'resolvconf'
          compatibility. It may be symlinked under the 'resolvconf' name, in
          which case it will take arguments and input compatible with the
          Debian and FreeBSD resolvconf tool.

        * Support for suspend-then-hibernate has been added, i.e. a sleep mode
          where the system initially suspends, and after a time-out resumes and
          hibernates again.

        * networkd's ClientIdentifier= now accepts a new option "duid-only". If
          set the client will only send a DUID as client identifier.

        * The nss-systemd glibc NSS module will now enumerate dynamic users and
          groups in effect. Previously, it could resolve UIDs/GIDs to user
          names/groups and vice versa, but did not support enumeration.

        * journald's Compress= configuration setting now optionally accepts a
          byte threshold value. All journal objects larger than this threshold
          will be compressed, smaller ones will not. Previously this threshold
          was not configurable and set to 512.

        * A new system.conf setting NoNewPrivileges= is now available which may
          be used to turn off acquisition of new privileges system-wide
          (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
          for all its children). Note that turning this option on means setuid
          binaries and file system capabilities lose their special powers.
          While turning on this option is a big step towards a more secure
          system, doing so is likely to break numerous pre-existing UNIX tools,
          in particular su and sudo.

        * A new service systemd-time-sync-wait.service has been added. If
          enabled it will delay the time-sync.target unit at boot until time
          synchronization has been received from the network. This
          functionality is useful on systems lacking a local RTC or where it is
          acceptable that the boot process shall be delayed by external network

        * When hibernating, systemd will now inform the kernel of the image
          write offset, on kernels new enough to support this. This means swap
          files should work for hibernation now.

        * When loading unit files, systemd will now look for drop-in unit files
          extensions in additional places. Previously, for a unit file name
          "foo-bar-baz.service" it would look for dropin files in
          "foo-bar-baz.service.d/*.conf". Now, it will also look in
          "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
          service name truncated after all inner dashes. This scheme allows
          writing drop-ins easily that apply to a whole set of unit files at
          once. It's particularly useful for mount and slice units (as their
          naming is prefix based), but is also useful for service and other
          units, for packages that install multiple unit files at once,
          following a strict naming regime of beginning the unit file name with
          the package's name. Two new specifiers are now supported in unit
          files to match this: %j and %J are replaced by the part of the unit
          name following the last dash.

        * Unit files and other configuration files that support specifier
          expansion now understand another three new specifiers: %T and %V will
          resolve to /tmp and /var/tmp respectively, or whatever temporary
          directory has been set for the calling user. %E will expand to either
          /etc (for system units) or $XDG_CONFIG_HOME (for user units).

        * The ExecStart= lines of unit files are no longer required to
          reference absolute paths. If non-absolute paths are specified the
          specified binary name is searched within the service manager's
          built-in $PATH, which may be queried with 'systemd-path
          search-binaries-default'. It's generally recommended to continue to
          use absolute paths for all binaries specified in unit files.

        * Units gained a new load state "bad-setting", which is used when a
          unit file was loaded, but contained fatal errors which prevent it
          from being started (for example, a service unit has been defined
          lacking both ExecStart= and ExecStop= lines).

        * coredumpctl's "gdb" verb has been renamed to "debug", in order to
          support alternative debuggers, for example lldb. The old name
          continues to be available however, for compatibility reasons. Use the
          new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
          to pick an alternative debugger instead of the default gdb.

        * systemctl and the other tools will now output escape sequences that
          generate proper clickable hyperlinks in various terminal emulators
          where useful (for example, in the "systemctl status" output you can
          now click on the unit file name to quickly open it in the
          editor/viewer of your choice). Note that not all terminal emulators
          support this functionality yet, but many do. Unfortunately, the
          "less" pager doesn't support this yet, hence this functionality is
          currently automatically turned off when a pager is started (which
          happens quite often due to auto-paging). We hope to remove this
          limitation as soon as "less" learns these escape sequences. This new
          behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
          environment variable. For details on these escape sequences see:

        * networkd's .network files now support a new IPv6MTUBytes= option for
          setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
          option in the [Route] section to configure the MTU to use for
          specific routes. It also gained support for configuration of the DHCP
          "UserClass" option through the new UserClass= setting. It gained
          three new options in the new [CAN] section for configuring CAN
          networks. The MULTICAST and ALLMULTI interface flags may now be
          controlled explicitly with the new Multicast= and AllMulticast=

        * networkd will now automatically make use of the kernel's route
          expiration feature, if it is available.

        * udevd's .link files now support setting the number of receive and
          transmit channels, using the RxChannels=, TxChannels=,
          OtherChannels=, CombinedChannels= settings.

        * Support for UDPSegmentationOffload= has been removed, given its
          limited support in hardware, and waning software support.

        * networkd's .netdev files now support creating "netdevsim" interfaces.

        * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
          to query the unit belonging to a specific kernel control group.

        * systemd-analyze gained a new verb "cat-config", which may be used to
          dump the contents of any configuration file, with all its matching
          drop-in files added in, and honouring the usual search and masking
          logic applied to systemd configuration files. For example use
          "systemd-analyze cat-config systemd/system.conf" to get the complete
          system configuration file of systemd how it would be loaded by PID 1
          itself. Similar to this, various tools such as systemd-tmpfiles or
          systemd-sysusers, gained a new option "--cat-config", which does the
          corresponding operation for their own configuration settings. For
          example, "systemd-tmpfiles --cat-config" will now output the full
          list of tmpfiles.d/ lines in place.

        * timedatectl gained three new verbs: "show" shows bus properties of
          systemd-timedated, "timesync-status" shows the current NTP
          synchronization state of systemd-timesyncd, and "show-timesync"
          shows bus properties of systemd-timesyncd.

        * systemd-timesyncd gained a bus interface on which it exposes details
          about its state.

        * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
          understood by systemd-timedated. It takes a colon-separated list of
          unit names of NTP client services. The list is used by
          "timedatectl set-ntp".

        * systemd-nspawn gained a new --rlimit= switch for setting initial
          resource limits for the container payload. There's a new switch
          --hostname= to explicitly override the container's hostname. A new
          --no-new-privileges= switch may be used to control the
          PR_SET_NO_NEW_PRIVS flag for the container payload. A new
          --oom-score-adjust= switch controls the OOM scoring adjustment value
          for the payload. The new --cpu-affinity= switch controls the CPU
          affinity of the container payload. The new --resolv-conf= switch
          allows more detailed control of /etc/resolv.conf handling of the
          container. Similarly, the new --timezone= switch allows more detailed
          control of /etc/localtime handling of the container.

        * systemd-detect-virt gained a new --list switch, which will print a
          list of all currently known VM and container environments.

        * Support for "Portable Services" has been added, see
          doc/PORTABLE_SERVICES.md for details. Currently, the support is still
          experimental, but this is expected to change soon. Reflecting this
          experimental state, the "portablectl" binary is not installed into
          /usr/bin yet. The binary has to be called with the full path
          /usr/lib/systemd/portablectl instead.

        * journalctl's and systemctl's -o switch now knows a new log output
          mode "with-unit". The output it generates is very similar to the
          regular "short" mode, but displays the unit name instead of the
          syslog tag for each log line. Also, the date is shown with timezone
          information. This mode is probably more useful than the classic
          "short" output mode for most purposes, except where pixel-perfect
          compatibility with classic /var/log/messages formatting is required.

        * A new --dump-bus-properties switch has been added to the systemd
          binary, which may be used to dump all supported D-Bus properties.
          (Options which are still supported, but are deprecated, are *not*

        * sd-bus gained a set of new calls:
          sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
          enable/disable the "floating" state of a bus slot object,
          i.e. whether the slot object pins the bus it is allocated for into
          memory or if the bus slot object gets disconnected when the bus goes
          away. sd_bus_open_with_description(),
          sd_bus_open_system_with_description() may be used to allocate bus
          objects and set their description string already during allocation.

        * sd-event gained support for watching inotify events from the event
          loop, in an efficient way, sharing inotify handles between multiple
          users. For this a new function sd_event_add_inotify() has been added.

        * sd-event and sd-bus gained support for calling special user-supplied
          destructor functions for userdata pointers associated with
          sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
          functions sd_bus_slot_set_destroy_callback,
          sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
          sd_event_source_get_destroy_callback have been added.

        * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.

        * PID 1 will now automatically reschedule .timer units whenever the
          local timezone changes. (They previously got rescheduled
          automatically when the system clock changed.)

        * New documentation has been added to document cgroups delegation,
          portable services and the various code quality tools we have set up:


        * The Boot Loader Specification has been added to the source tree.


          While moving it into our source tree we have updated it and further
          changes are now accepted through the usual github PR workflow.

        * pam_systemd will now look for PAM userdata fields systemd.memory_max,
          systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
          earlier PAM modules. The data in these fields is used to initialize
          the session scope's resource properties. Thus external PAM modules
          may now configure per-session limits, for example sourced from
          external user databases.

        * socket units with Accept=yes will now maintain a "refused" counter in
          addition to the existing "accepted" counter, counting connections
          refused due to the enforced limits.

        * The "systemd-path search-binaries-default" command may now be use to
          query the default, built-in $PATH PID 1 will pass to the services it

        * A new unit file setting PrivateMounts= has been added. It's a boolean
          option. If enabled the unit's processes are invoked in their own file
          system namespace. Note that this behaviour is also implied if any
          other file system namespacing options (such as PrivateTmp=,
          PrivateDevices=, ProtectSystem=, …) are used. This option is hence
          primarily useful for services that do not use any of the other file
          system namespacing options. One such service is systemd-udevd.service
          wher this is now used by default.

        * ConditionSecurity= gained a new value "uefi-secureboot" that is true
          when the system is booted in UEFI "secure mode".

        * A new unit "system-update-pre.target" is added, which defines an
          optional synchronization point for offline system updates, as
          implemented by the pre-existing "system-update.target" unit. It
          allows ordering services before the service that executes the actual
          update process in a generic way.

        Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
        Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
        J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
        Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
        Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
        Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
        Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
        Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
        guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
        Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
        Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
        Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
        Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
        Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
        Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
        Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
        Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
        Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
        Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
        Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
        Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
        Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
        Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
        Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
        Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
        Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
        Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
        Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
        Yu Watanabe, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2018-06-22


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list