forked from systemd/systemd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
8694 lines (7084 loc) · 448 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
systemd System and Service Manager
CHANGES WITH 240 in spe:
* A new service type has been added: Type=exec. It's very similar to
Type=simple and ensures the service manager will wait for both fork()
and execve() of the main service binary to complete before proceeding
with follow-up units. This is primarily useful so that the manager
propagates any errors in the preparation phase of service execution
back to the job that requested the unit to be started. For example,
consider a service that has ExecStart= set to a file system binary
that doesn't exist. With Type=simple starting the unit would
typically succeed instantly, as only fork() has to complete
successfully and execve() is not waited for, and hence its failure is
seen "too late". With the new Type=exec service type starting the
unit will fail, as the execve() will be waited for and will fail,
which is then propagated back to the start job.
NOTE: with the next release 241 of systemd we intend to change the
systemd-run tool to default to Type=exec for transient services
started by it. This should be mostly safe, but in specific corner
cases might result in problems, as the systemd-run tool will then
block on NSS calls (such as user name lookups due to User=) done
between the fork() and execve(), which under specific circumstances
might cause problems. It is recommended to specify "-p Type=simple"
explicitly in the few cases where this applies. For regular,
non-transient services (i.e. those defined with unit files on disk)
we will continue to default to Type=simple.
* The Linux kernel's current default RLIMIT_NOFILE resource limit for
userspace processes is set to 1024 (soft) and 4096
(hard). Previously, systemd passed this on unmodified to all
processes it forked off. With this systemd release the hard limit
systemd passes on is increased to 512K, overriding the kernel's
defaults and substantially increasing the number of simultaneous file
descriptors unprivileged userspace processes can allocate. Note that
the soft limit remains at 1024 for compatibility reasons: the
traditional UNIX select() call cannot deal with file descriptors >=
1024 and increasing the soft limit globally might thus result in
programs unexpectedly allocating a high file descriptor and thus
failing abnormally when attempting to use it with select() (of
course, programs shouldn't use select() anymore, and prefer
poll()/epoll, but the call unfortunately remains undeservedly popular
at this time). This change reflects the fact that file descriptor
handling in the Linux kernel has been optimized in more recent
kernels and allocating large numbers of them should be much cheaper
both in memory and in performance than it used to be. Programs that
want to take benefit of the increased limit have to "opt-in" into
high file descriptors explicitly by setting their soft limit to the
hard limit during initialization. Of course, when doing that they
must do this acknowledging the fact that they cannot use select()
anymore (and neither can any shared library they use — or any shared
library used by any shared library they use and so on). Which default
hard limit is most appropriate is of course hard to decide. However,
given reports that ~300K file descriptors are used in real-life
applications we believe 512K is sufficiently high as new default for
now. Note that there are also reports that using very high hard
limits (e.g. 1G) is problematic: some software allocates large arrays
with one element for each potential file descriptor (Java, …) — a
high hard limit thus triggers excessively large memory allocations in
these applications. Hopefully, the new default of 512K is a good
middle ground: higher than what real-life applications currently
need, and low enough for not triggering excessively large allocations
in problematic software. (And yes, somebody should fix Java, to not
require such excessive allocations.)
* The fs.nr_open and fs.file-max sysctls are now automatically bumped
to the highest possible values, as separate accounting of file
descriptors is no longer necessary, as memcg tracks them correctly as
part of the memory accounting anyway. Thus, from the four limits on
file descriptors currently enforced (fs.file-max, fs.nr_open,
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
and keep only the latter two. A set of build-time options
(-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
has been added to revert this change in behaviour, which might be
an option for systems that turn off memcg in the kernel.
* When no /etc/locale.conf file exists (and hence no locale settings
are in place), systemd will now use the "C.UTF-8" locale by default,
and set LANG= to it. This locale is supported by various
distributions including Fedora, with clear indications that upstream
glibc is going to make it available too. This locale enables UTF-8
mode by default, which appears appropriate for 2018.
* The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
default. This effectively switches the RFC3704 Reverse Path filtering
from Strict mode to Loose mode. This is more appropriate for hosts
that have multiple links with routes to the same networks (e.g.
a client with a Wi-Fi and Ethernet both connected to the internet).
Consult the kernel documetnation for details on this sysctl:
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
builtin will name network interfaces differently than in previous
versions for virtual network interfaces created with SR-IOV and NPAR
and for devices where the PCI network controller device does not have
a slot number associated.
SR-IOV virtual devices are now named based on the name of the parent
interface, with a suffix of "v<N>", where <N> is the virtual device
number. Previously those virtual devices were named as if completely
independent.
The ninth and later NPAR virtual devices will be named following the
scheme used for the first eight NPAR partitions. Previously those
devices were not renamed and the kernel default (eth<n>) was used.
"net_id" will also generate names for PCI devices where the PCI
network controller device does not have an associated slot number
itself, but one of its parents does. Previously those devices were
not renamed and the kernel default (eth<n>) was used.
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
systemd-logind.service. Since v235, IPAddressDeny=any has been set to
the unit. So, it is expected that the default behavior of
systemd-logind is not changed. However, if distribution packagers or
administrators disabled or modified IPAddressDeny= setting by a
drop-in config file, then it may be necessary to update the file to
re-enable AF_INET and AF_INET6 to support network user name services,
e.g. NIS.
* When the RestrictNamespaces= unit property is specified multiple
times, then the specified types are merged now. Previously, only the
last assignment was used. So, if distribution packagers or
administrators modified the setting by a drop-in config file, then it
may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
failures that result in restarting. Previously, the specified units
would be activated each time the unit failed, even when the unit was
going to be restarted automatically. This behaviour contradicted the
documentation. With this release the code is adjusted to match the
documentation.
* systemd-tmpfiles will now print a notice whenever it encounters
tmpfiles.d/ lines referencing the /var/run/ directory. It will
recommend reworking them to use the /run/ directory instead (for
which /var/run/ is simply a symlinked compatibility alias). This way
systemd-tmpfiles can properly detect line conflicts and merge lines
referencing the same file by two paths, without having to access
them.
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
behaviour that wasn't useful. systemctl disable/unmask will now undo
both runtime and persistent enablement/masking, i.e. it will remove
any relevant symlinks both in /run and /etc.
* Note that all long-running system services shipped with systemd will
now default to a system call whitelist (rather than a blacklist, as
before). In particular, systemd-udevd will now enforce one too. For
most cases this should be safe, however downstream distributions
which disabled sandboxing of systemd-udevd (specifically the
MountFlags= setting), might want to disable this security feature
too, as the default whitelisting will prohibit all mount, swap,
reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
reboot-into-firmware menu items. It is also able to pick a better
screen resolution for HiDPI systems, and now provides loader
configuration settings to change the resolution explicitly.
* systemd-resolved now supports DNS-over-TLS. It's still
turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.
* systemd-resolved.service and systemd-networkd.service now set
DynamicUser=yes. The users systemd-resolve and systemd-network are
not created by systemd-sysusers anymore.
NOTE: This has a chance of breaking nss-ldap and similar NSS modules
that embedd a network facing module into any process using getpwuid()
or related call: the dynamic allocation of the user ID for
systemd-resolved.service means the service manager has to check NSS
if the user name is already taken when forking off the service. Since
the user in the common case won't be defined in /etc/passwd the
lookup is likely to trigger nss-ldap which in turn might use NSS to
ask systemd-resolved for hostname lookups. This will hence result in
a deadlock: a user name lookup in order to start
systemd-resolved.service will result in a host name lookup for which
systemd-resolved.service needs to be started already. There are
multiple ways to work around this problem: pre-allocate the
"systemd-resolve" user on such systems, so that nss-ldap won't be
triggered; or use a different NSS package that doesn't do networking
in-process but provides a local asynchronous name cache; or configure
the NSS package to avoid lookups for UIDs in the range `pkg-config
systemd --variable=dynamicuidmin` … `pkg-config systemd
--variable=dynamicuidmax`, so that it does not consider itself
authoritative for the same UID range systemd allocates dynamic users
from.
* The systemd-resolve tool has been renamed to resolvectl (it also
remains available under the old name, for compatibility), and its
interface is now verb-based, similar in style to the other <xyz>ctl
tools, such as systemctl or loginctl.
* The resolvectl/systemd-resolve tool also provides 'resolvconf'
compatibility. It may be symlinked under the 'resolvconf' name, in
which case it will take arguments and input compatible with the
Debian and FreeBSD resolvconf tool.
* Support for suspend-then-hibernate has been added, i.e. a sleep mode
where the system initially suspends, and after a time-out resumes and
hibernates again.
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
set the client will only send a DUID as client identifier.
* The nss-systemd glibc NSS module will now enumerate dynamic users and
groups in effect. Previously, it could resolve UIDs/GIDs to user
names/groups and vice versa, but did not support enumeration.
* journald's Compress= configuration setting now optionally accepts a
byte threshold value. All journal objects larger than this threshold
will be compressed, smaller ones will not. Previously this threshold
was not configurable and set to 512.
* A new system.conf setting NoNewPrivileges= is now available which may
be used to turn off acquisition of new privileges system-wide
(i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
for all its children). Note that turning this option on means setuid
binaries and file system capabilities lose their special powers.
While turning on this option is a big step towards a more secure
system, doing so is likely to break numerous pre-existing UNIX tools,
in particular su and sudo.
* A new service systemd-time-sync-wait.service has been added. If
enabled it will delay the time-sync.target unit at boot until time
synchronization has been received from the network. This
functionality is useful on systems lacking a local RTC or where it is
acceptable that the boot process shall be delayed by external network
services.
* When hibernating, systemd will now inform the kernel of the image
write offset, on kernels new enough to support this. This means swap
files should work for hibernation now.
* When loading unit files, systemd will now look for drop-in unit files
extensions in additional places. Previously, for a unit file name
"foo-bar-baz.service" it would look for dropin files in
"foo-bar-baz.service.d/*.conf". Now, it will also look in
"foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
service name truncated after all inner dashes. This scheme allows
writing drop-ins easily that apply to a whole set of unit files at
once. It's particularly useful for mount and slice units (as their
naming is prefix based), but is also useful for service and other
units, for packages that install multiple unit files at once,
following a strict naming regime of beginning the unit file name with
the package's name. Two new specifiers are now supported in unit
files to match this: %j and %J are replaced by the part of the unit
name following the last dash.
* Unit files and other configuration files that support specifier
expansion now understand another three new specifiers: %T and %V will
resolve to /tmp and /var/tmp respectively, or whatever temporary
directory has been set for the calling user. %E will expand to either
/etc (for system units) or $XDG_CONFIG_HOME (for user units).
* The ExecStart= lines of unit files are no longer required to
reference absolute paths. If non-absolute paths are specified the
specified binary name is searched within the service manager's
built-in $PATH, which may be queried with 'systemd-path
search-binaries-default'. It's generally recommended to continue to
use absolute paths for all binaries specified in unit files.
* Units gained a new load state "bad-setting", which is used when a
unit file was loaded, but contained fatal errors which prevent it
from being started (for example, a service unit has been defined
lacking both ExecStart= and ExecStop= lines).
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
support alternative debuggers, for example lldb. The old name
continues to be available however, for compatibility reasons. Use the
new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
to pick an alternative debugger instead of the default gdb.
* systemctl and the other tools will now output escape sequences that
generate proper clickable hyperlinks in various terminal emulators
where useful (for example, in the "systemctl status" output you can
now click on the unit file name to quickly open it in the
editor/viewer of your choice). Note that not all terminal emulators
support this functionality yet, but many do. Unfortunately, the
"less" pager doesn't support this yet, hence this functionality is
currently automatically turned off when a pager is started (which
happens quite often due to auto-paging). We hope to remove this
limitation as soon as "less" learns these escape sequences. This new
behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
environment variable. For details on these escape sequences see:
https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
* networkd's .network files now support a new IPv6MTUBytes= option for
setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
option in the [Route] section to configure the MTU to use for
specific routes. It also gained support for configuration of the DHCP
"UserClass" option through the new UserClass= setting. It gained
three new options in the new [CAN] section for configuring CAN
networks. The MULTICAST and ALLMULTI interface flags may now be
controlled explicitly with the new Multicast= and AllMulticast=
settings.
* networkd will now automatically make use of the kernel's route
expiration feature, if it is available.
* udevd's .link files now support setting the number of receive and
transmit channels, using the RxChannels=, TxChannels=,
OtherChannels=, CombinedChannels= settings.
* Support for UDPSegmentationOffload= has been removed, given its
limited support in hardware, and waning software support.
* networkd's .netdev files now support creating "netdevsim" interfaces.
* PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
to query the unit belonging to a specific kernel control group.
* systemd-analyze gained a new verb "cat-config", which may be used to
dump the contents of any configuration file, with all its matching
drop-in files added in, and honouring the usual search and masking
logic applied to systemd configuration files. For example use
"systemd-analyze cat-config systemd/system.conf" to get the complete
system configuration file of systemd how it would be loaded by PID 1
itself. Similar to this, various tools such as systemd-tmpfiles or
systemd-sysusers, gained a new option "--cat-config", which does the
corresponding operation for their own configuration settings. For
example, "systemd-tmpfiles --cat-config" will now output the full
list of tmpfiles.d/ lines in place.
* timedatectl gained three new verbs: "show" shows bus properties of
systemd-timedated, "timesync-status" shows the current NTP
synchronization state of systemd-timesyncd, and "show-timesync"
shows bus properties of systemd-timesyncd.
* systemd-timesyncd gained a bus interface on which it exposes details
about its state.
* A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
understood by systemd-timedated. It takes a colon-separated list of
unit names of NTP client services. The list is used by
"timedatectl set-ntp".
* systemd-nspawn gained a new --rlimit= switch for setting initial
resource limits for the container payload. There's a new switch
--hostname= to explicitly override the container's hostname. A new
--no-new-privileges= switch may be used to control the
PR_SET_NO_NEW_PRIVS flag for the container payload. A new
--oom-score-adjust= switch controls the OOM scoring adjustment value
for the payload. The new --cpu-affinity= switch controls the CPU
affinity of the container payload. The new --resolv-conf= switch
allows more detailed control of /etc/resolv.conf handling of the
container. Similarly, the new --timezone= switch allows more detailed
control of /etc/localtime handling of the container.
* systemd-detect-virt gained a new --list switch, which will print a
list of all currently known VM and container environments.
* Support for "Portable Services" has been added, see
doc/PORTABLE_SERVICES.md for details. Currently, the support is still
experimental, but this is expected to change soon. Reflecting this
experimental state, the "portablectl" binary is not installed into
/usr/bin yet. The binary has to be called with the full path
/usr/lib/systemd/portablectl instead.
* journalctl's and systemctl's -o switch now knows a new log output
mode "with-unit". The output it generates is very similar to the
regular "short" mode, but displays the unit name instead of the
syslog tag for each log line. Also, the date is shown with timezone
information. This mode is probably more useful than the classic
"short" output mode for most purposes, except where pixel-perfect
compatibility with classic /var/log/messages formatting is required.
* A new --dump-bus-properties switch has been added to the systemd
binary, which may be used to dump all supported D-Bus properties.
(Options which are still supported, but are deprecated, are *not*
shown.)
* sd-bus gained a set of new calls:
sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
enable/disable the "floating" state of a bus slot object,
i.e. whether the slot object pins the bus it is allocated for into
memory or if the bus slot object gets disconnected when the bus goes
away. sd_bus_open_with_description(),
sd_bus_open_user_with_description(),
sd_bus_open_system_with_description() may be used to allocate bus
objects and set their description string already during allocation.
* sd-event gained support for watching inotify events from the event
loop, in an efficient way, sharing inotify handles between multiple
users. For this a new function sd_event_add_inotify() has been added.
* sd-event and sd-bus gained support for calling special user-supplied
destructor functions for userdata pointers associated with
sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
functions sd_bus_slot_set_destroy_callback,
sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
sd_bus_track_get_destroy_callback,
sd_event_source_set_destroy_callback,
sd_event_source_get_destroy_callback have been added.
* The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
* PID 1 will now automatically reschedule .timer units whenever the
local timezone changes. (They previously got rescheduled
automatically when the system clock changed.)
* New documentation has been added to document cgroups delegation,
portable services and the various code quality tools we have set up:
https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
* The Boot Loader Specification has been added to the source tree.
https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
While moving it into our source tree we have updated it and further
changes are now accepted through the usual github PR workflow.
* pam_systemd will now look for PAM userdata fields systemd.memory_max,
systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
earlier PAM modules. The data in these fields is used to initialize
the session scope's resource properties. Thus external PAM modules
may now configure per-session limits, for example sourced from
external user databases.
* socket units with Accept=yes will now maintain a "refused" counter in
addition to the existing "accepted" counter, counting connections
refused due to the enforced limits.
* The "systemd-path search-binaries-default" command may now be use to
query the default, built-in $PATH PID 1 will pass to the services it
manages.
* A new unit file setting PrivateMounts= has been added. It's a boolean
option. If enabled the unit's processes are invoked in their own file
system namespace. Note that this behaviour is also implied if any
other file system namespacing options (such as PrivateTmp=,
PrivateDevices=, ProtectSystem=, …) are used. This option is hence
primarily useful for services that do not use any of the other file
system namespacing options. One such service is systemd-udevd.service
wher this is now used by default.
* ConditionSecurity= gained a new value "uefi-secureboot" that is true
when the system is booted in UEFI "secure mode".
* A new unit "system-update-pre.target" is added, which defines an
optional synchronization point for offline system updates, as
implemented by the pre-existing "system-update.target" unit. It
allows ordering services before the service that executes the actual
update process in a generic way.
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2018-06-22
CHANGES WITH 238:
* The MemoryAccounting= unit property now defaults to on. After
discussions with the upstream control group maintainers we learnt
that the negative impact of cgroup memory accounting on current
kernels is finally relatively minimal, so that it should be safe to
enable this by default without affecting system performance. Besides
memory accounting only task accounting is turned on by default, all
other forms of resource accounting (CPU, IO, IP) remain off for now,
because it's not clear yet that their impact is small enough to move
from opt-in to opt-out. We recommend downstreams to leave memory
accounting on by default if kernel 4.14 or higher is primarily
used. On very resource constrained systems or when support for old
kernels is a necessity, -Dmemory-accounting-default=false can be used
to revert this change.
* rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
%udev_rules_update) and the journal catalog (%journal_catalog_update)
from the upgrade scriptlets of individual packages now do nothing.
Transfiletriggers have been added which will perform those updates
once at the end of the transaction.
Similar transfiletriggers have been added to execute any sysctl.d
and binfmt.d rules. Thus, it should be unnecessary to provide any
scriptlets to execute this configuration from package installation
scripts.
* systemd-sysusers gained a mode where the configuration to execute is
specified on the command line, but this configuration is not executed
directly, but instead it is merged with the configuration on disk,
and the result is executed. This is useful for package installation
scripts which want to create the user before installing any files on
disk (in case some of those files are owned by that user), while
still allowing local admin overrides.
This functionality is exposed to rpm scriptlets through a new
%sysusers_create_package macro. Old %sysusers_create and
%sysusers_create_inline macros are deprecated.
A transfiletrigger for sysusers.d configuration is now installed,
which means that it should be unnecessary to call systemd-sysusers from
package installation scripts, unless the package installs any files
owned by those newly-created users, in which case
%sysusers_create_package should be used.
* Analogous change has been done for systemd-tmpfiles: it gained a mode
where the command-line configuration is merged with the configuration
on disk. This is exposed as the new %tmpfiles_create_package macro,
and %tmpfiles_create is deprecated. A transfiletrigger is installed
for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
from package installation scripts.
* sysusers.d configuration for a user may now also specify the group
number, in addition to the user number ("u username 123:456"), or
without the user number ("u username -:456").
* Configution items for systemd-sysusers can now be specified as
positional arguments when the new --inline switch is used.
* The login shell of users created through sysusers.d may now be
specified (previously, it was always /bin/sh for root and
/sbin/nologin for other users).
* systemd-analyze gained a new --global switch to look at global user
configuration. It also gained a unit-paths verb to list the unit load
paths that are compiled into systemd (which can be used with
--systemd, --user, or --global).
* udevadm trigger gained a new --settle/-w option to wait for any
triggered events to finish (but just those, and not any other events
which are triggered meanwhile).
* The action that systemd-logind takes when the lid is closed and the
machine is connected to external power can now be configured using
HandleLidSwitchExternalPower= in logind.conf. Previously, this action
was determined by HandleLidSwitch=, and, for backwards compatibility,
is still is, if HandleLidSwitchExternalPower= is not explicitly set.
* journalctl will periodically call sd_journal_process() to make it
resilient against inotify queue overruns when journal files are
rotated very quickly.
* Two new functions in libsystemd — sd_bus_get_n_queued_read and
sd_bus_get_n_queued_write — may be used to check the number of
pending bus messages.
* systemd gained a new
org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
which can be used to migrate foreign processes to scope and service
units. The primary user for this new API is systemd itself: the
systemd --user instance uses this call of the systemd --system
instance to migrate processes if it itself gets the request to
migrate processes and the kernel refuses this due to access
restrictions. Thanks to this "systemd-run --scope --user …" works
again in pure cgroups v2 environments when invoked from the user
session scope.
* A new TemporaryFileSystem= setting can be used to mask out part of
the real file system tree with tmpfs mounts. This may be combined
with BindPaths= and BindReadOnlyPaths= to hide files or directories
not relevant to the unit, while still allowing some paths lower in
the tree to be accessed.
ProtectHome=tmpfs may now be used to hide user home and runtime
directories from units, in a way that is mostly equivalent to
"TemporaryFileSystem=/home /run/user /root".
* Non-service units are now started with KeyringMode=shared by default.
This means that mount and swapon and other mount tools have access
to keys in the main keyring.
* /sys/fs/bpf is now mounted automatically.
* QNX virtualization is now detected by systemd-detect-virt and may
be used in ConditionVirtualization=.
* IPAccounting= may now be enabled also for slice units.
* A new -Dsplit-bin= build configuration switch may be used to specify
whether bin and sbin directories are merged, or if they should be
included separately in $PATH and various listings of executable
directories. The build configuration scripts will try to autodetect
the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
system, but distributions are encouraged to configure this
explicitly.
* A new -Dok-color= build configuration switch may be used to change
the colour of "OK" status messages.
* UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
PrivateNetwork=yes was buggy in previous versions of systemd. This
means that after the upgrade and daemon-reexec, any such units must
be restarted.
* INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
will not exclude read-only files owned by root from cleanup.
Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)
— Warsaw, 2018-03-05
CHANGES WITH 237:
* Some keyboards come with a zoom see-saw or rocker which until now got
mapped to the Linux "zoomin/out" keys in hwdb. However, these
keycodes are not recognized by any major desktop. They now produce
Up/Down key events so that they can be used for scrolling.
* INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
slightly: previously, if an argument was specified for lines of this
type (i.e. the right-most column was set) this string was appended to
existing files each time systemd-tmpfiles was run. This behaviour was
different from what the documentation said, and not particularly
useful, as repeated systemd-tmpfiles invocations would not be
idempotent and grow such files without bounds. With this release
behaviour has been altered to match what the documentation says:
lines of this type only have an effect if the indicated files don't
exist yet, and only then the argument string is written to the file.
* FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
systemd-tmpfiles behaviour: previously, read-only files owned by root
were always excluded from the file "aging" algorithm (i.e. the
automatic clean-up of directories like /tmp based on
atime/mtime/ctime). We intend to drop this restriction, and age files
by default even when owned by root and read-only. This behaviour was
inherited from older tools, but there have been requests to remove
it, and it's not obvious why this restriction was made in the first
place. Please speak up now, if you are aware of software that reqires
this behaviour, otherwise we'll remove the restriction in v238.
* A new environment variable $SYSTEMD_OFFLINE is now understood by
systemctl. It takes a boolean argument. If on, systemctl assumes it
operates on an "offline" OS tree, and will not attempt to talk to the
service manager. Previously, this mode was implicitly enabled if a
chroot() environment was detected, and this new environment variable
now provides explicit control.
* .path and .socket units may now be created transiently, too.
Previously only service, mount, automount and timer units were
supported as transient units. The systemd-run tool has been updated
to expose this new functionality, you may hence use it now to bind
arbitrary commands to path or socket activation on-the-fly from the
command line. Moreover, almost all properties are now exposed for the
unit types that already supported transient operation.
* The systemd-mount command gained support for a new --owner= parameter
which takes a user name, which is then resolved and included in uid=
and gid= mount options string of the file system to mount.
* A new unit condition ConditionControlGroupController= has been added
that checks whether a specific cgroup controller is available.
* Unit files, udev's .link files, and systemd-networkd's .netdev and
.network files all gained support for a new condition
ConditionKernelVersion= for checking against specific kernel
versions.
* In systemd-networkd, the [IPVLAN] section in .netdev files gained
support for configuring device flags in the Flags= setting. In the
same files, the [Tunnel] section gained support for configuring
AllowLocalRemote=. The [Route] section in .network files gained
support for configuring InitialCongestionWindow=,
InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
understands RapidCommit=.
* systemd-networkd's DHCPv6 support gained support for Prefix
Delegation.
* sd-bus gained support for a new "watch-bind" feature. When this
feature is enabled, an sd_bus connection may be set up to connect to
an AF_UNIX socket in the file system as soon as it is created. This
functionality is useful for writing early-boot services that
automatically connect to the system bus as soon as it is started,
without ugly time-based polling. systemd-networkd and
systemd-resolved have been updated to make use of this
functionality. busctl exposes this functionality in a new
--watch-bind= command line switch.
* sd-bus will now optionally synthesize a local "Connected" signal as
soon as a D-Bus connection is set up fully. This message mirrors the
already existing "Disconnected" signal which is synthesized when the
connection is terminated. This signal is generally useful but
particularly handy in combination with the "watch-bind" feature
described above. Synthesizing of this message has to be requested
explicitly through the new API call sd_bus_set_connected_signal(). In
addition a new call sd_bus_is_ready() has been added that checks
whether a connection is fully set up (i.e. between the "Connected" and
"Disconnected" signals).
* sd-bus gained two new calls sd_bus_request_name_async() and
sd_bus_release_name_async() for asynchronously registering bus
names. Similar, there is now sd_bus_add_match_async() for installing
a signal match asynchronously. All of systemd's own services have
been updated to make use of these calls. Doing these operations
asynchronously has two benefits: it reduces the risk of deadlocks in
case of cyclic dependencies between bus services, and it speeds up
service initialization since synchronization points for bus
round-trips are removed.
* sd-bus gained two new calls sd_bus_match_signal() and
sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
and sd_bus_add_match_async() but instead of taking a D-Bus match
string take match fields as normal function parameters.
* sd-bus gained two new calls sd_bus_set_sender() and
sd_bus_message_set_sender() for setting the sender name of outgoing
messages (either for all outgoing messages or for just one specific
one). These calls are only useful in direct connections as on
brokered connections the broker fills in the sender anyway,
overwriting whatever the client filled in.
* sd-event gained a new pseudo-handle that may be specified on all API
calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
used this refers to the default event loop object of the calling
thread. Note however that this does not implicitly allocate one —
which has to be done prior by using sd_event_default(). Similarly
sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
to the default bus of the specified type of the calling thread. Here
too this does not implicitly allocate bus connection objects, this
has to be done prior with sd_bus_default() and friends.
* sd-event gained a new call pair
sd_event_source_{get|set}_io_fd_own(). This may be used to request
automatic closure of the file descriptor an IO event source watches
when the event source is destroyed.
* systemd-networkd gained support for natively configuring WireGuard
connections.
* In previous versions systemd synthesized user records both for the
"nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
internally. In order to simplify distribution-wide renames of the
"nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
new transitional flag file has been added: if
/etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
user and group record within the systemd codebase is disabled.
* systemd-notify gained a new --uid= option for selecting the source
user/UID to use for notification messages sent to the service
manager.
* journalctl gained a new --grep= option to list only entries in which
the message matches a certain pattern. By default matching is case
insensitive if the pattern is lowercase, and case sensitive
otherwise. Option --case-sensitive=yes|no can be used to override
this an specify case sensitivity or case insensitivity.
* There's now a "systemd-analyze service-watchdogs" command for printing
the current state of the service runtime watchdog, and optionally
enabling or disabling the per-service watchdogs system-wide if given a
boolean argument (i.e. the concept you configure in WatchdogSec=), for
debugging purposes. There's also a kernel command line option
systemd.service_watchdogs= for controlling the same.
* Two new "log-level" and "log-target" options for systemd-analyze were
added that merge the now deprecated get-log-level, set-log-level and
get-log-target, set-log-target pairs. The deprecated options are still
understood for backwards compatibility. The two new options print the
current value when no arguments are given, and set them when a
level/target is given as an argument.
* sysusers.d's "u" lines now optionally accept both a UID and a GID
specification, separated by a ":" character, in order to create users
where UID and GID do not match.
Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
Палаузов
— Brno, 2018-01-28
CHANGES WITH 236:
* The modprobe.d/ drop-in for the bonding.ko kernel module introduced
in v235 has been extended to also set the dummy.ko module option
numdummies=0, preventing the kernel from automatically creating
dummy0. All dummy interfaces must now be explicitly created.
* Unknown '%' specifiers in configuration files are now rejected. This
applies to units and tmpfiles.d configuration. Any percent characters
that are followed by a letter or digit that are not supposed to be
interpreted as the beginning of a specifier should be escaped by
doubling ("%%"). (So "size=5%" is still accepted, as well as
"size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
valid specifiers today.)
* systemd-resolved now maintains a new dynamic
/run/systemd/resolve/stub-resolv.conf compatibility file. It is
recommended to make /etc/resolv.conf a symlink to it. This file
points at the systemd-resolved stub DNS 127.0.0.53 resolver and
includes dynamically acquired search domains, achieving more correct
DNS resolution by software that bypasses local DNS APIs such as NSS.
* The "uaccess" udev tag has been dropped from /dev/kvm and
/dev/dri/renderD*. These devices now have the 0666 permissions by
default (but this may be changed at build-time). /dev/dri/renderD*
will now be owned by the "render" group along with /dev/kfd.
* "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
systemd-journal-gatewayd.service and
systemd-journal-upload.service. This means "nss-systemd" must be
enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
services are resolved properly.
* In /etc/fstab two new mount options are now understood:
x-systemd.makefs and x-systemd.growfs. The former has the effect that
the configured file system is formatted before it is mounted, the
latter that the file system is resized to the full block device size
after it is mounted (i.e. if the file system is smaller than the
partition it resides on, it's grown). This is similar to the fsck
logic in /etc/fstab, and pulls in systemd-makefs@.service and
systemd-growfs@.service as necessary, similar to
systemd-fsck@.service. Resizing is currently only supported on ext4
and btrfs.
* In systemd-networkd, the IPv6 RA logic now optionally may announce
DNS server and domain information.
* Support for the LUKS2 on-disk format for encrypted partitions has
been added. This requires libcryptsetup2 during compilation and
runtime.
* The systemd --user instance will now signal "readiness" when its
basic.target unit has been reached, instead of when the run queue ran
empty for the first time.
* Tmpfiles.d with user configuration are now also supported.
systemd-tmpfiles gained a new --user switch, and snippets placed in
~/.config/user-tmpfiles.d/ and corresponding directories will be
executed by systemd-tmpfiles --user running in the new
systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
running in the user session.
* Unit files and tmpfiles.d snippets learnt three new % specifiers:
%S resolves to the top-level state directory (/var/lib for the system
instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
top-level cache directory (/var/cache for the system instance,
$XDG_CACHE_HOME for the user instance), %L resolves to the top-level
logs directory (/var/log for the system instance,
$XDG_CONFIG_HOME/log/ for the user instance). This matches the
existing %t specifier, that resolves to the top-level runtime
directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
user instance).
* journalctl learnt a new parameter --output-fields= for limiting the
set of journal fields to output in verbose and JSON output modes.
* systemd-timesyncd's configuration file gained a new option
RootDistanceMaxSec= for setting the maximum root distance of servers
it'll use, as well as the new options PollIntervalMinSec= and
PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
* bootctl gained a new command "list" for listing all available boot
menu items on systems that follow the boot loader specification.
* systemctl gained a new --dry-run switch that shows what would be done
instead of doing it, and is currently supported by the shutdown and
sleep verbs.
* ConditionSecurity= can now detect the TOMOYO security module.
* Unit file [Install] sections are now also respected in unit drop-in
files. This is intended to be used by drop-ins under /usr/lib/.
* systemd-firstboot may now also set the initial keyboard mapping.
* Udev "changed" events for devices which are exposed as systemd
.device units are now propagated to units specified in
ReloadPropagatedFrom= as reload requests.
* If a udev device has a SYSTEMD_WANTS= property containing a systemd
unit template name (i.e. a name in the form of 'foobar@.service',
without the instance component between the '@' and - the '.'), then
the escaped sysfs path of the device is automatically used as the
instance.
* SystemCallFilter= in unit files has been extended so that an "errno"
can be specified individually for each system call. Example:
SystemCallFilter=~uname:EILSEQ.
* The cgroup delegation logic has been substantially updated. Delegate=
now optionally takes a list of controllers (instead of a boolean, as
before), which lists the controllers to delegate at least.
* The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
* A new LogLevelMax= setting configures the maximum log level any
process of the service may log at (i.e. anything with a lesser
priority than what is specified is automatically dropped). A new
LogExtraFields= setting allows configuration of additional journal
fields to attach to all log records generated by any of the unit's
processes.
* New StandardInputData= and StandardInputText= settings along with the
new option StandardInput=data may be used to configure textual or
binary data that shall be passed to the executed service process via
standard input, encoded in-line in the unit file.
* StandardInput=, StandardOutput= and StandardError= may now be used to
connect stdin/stdout/stderr of executed processes directly with a
file or AF_UNIX socket in the file system, using the new "file:" option.
* A new unit file option CollectMode= has been added, that allows
tweaking the garbage collection logic for units. It may be used to
tell systemd to garbage collect units that have failed automatically
(normally it only GCs units that exited successfully). systemd-run
and systemd-mount expose this new functionality with a new -G option.
* "machinectl bind" may now be used to bind mount non-directories
(i.e. regularfiles, devices, fifos, sockets).
* systemd-analyze gained a new verb "calendar" for validating and
testing calendar time specifications to use for OnCalendar= in timer
units. Besides validating the expression it will calculate the next
time the specified expression would elapse.
* In addition to the pre-existing FailureAction= unit file setting
there's now SuccessAction=, for configuring a shutdown action to
execute when a unit completes successfully. This is useful in
particular inside containers that shall terminate after some workload
has been completed. Also, both options are now supported for all unit
types, not just services.
* networkds's IP rule support gained two new options
IncomingInterface= and OutgoingInterface= for configuring the incoming
and outgoing interfaces of configured rules. systemd-networkd also
gained support for "vxcan" network devices.
* networkd gained a new setting RequiredForOnline=, taking a
boolean. If set, systemd-wait-online will take it into consideration
when determining that the system is up, otherwise it will ignore the
interface for this purpose.
* The sd_notify() protocol gained support for a new operation: with
FDSTOREREMOVE=1 file descriptors may be removed from the per-service
store again, ahead of POLLHUP or POLLERR when they are removed