On Mon, May 23, 2016 at 01:33:57AM -0400, Dave Reisner wrote: > On Sat, May 21, 2016 at 10:51:13PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > > Hi, > > > > systemd v230 has been tagged. Enjoy! > > > > CHANGES WITH 230: > > Hi, > > One important change missing from this list is 7163e1ca1108d7 -- if you > use systemd in your initramfs and do not add initrd-root-device.target, > bootup may fail due to races.
Yeah, you're right. Care to submit a (retroactive) PR with addition to NEWS? Zbyszek > > > > > * DNSSEC is now turned on by default in systemd-resolved (in > > "allow-downgrade" mode), but may be turned off during compile > > time by > > passing "--with-default-dnssec=no" to "configure" (and of course, > > during runtime with DNSSEC= in resolved.conf). We recommend > > downstreams to leave this on at least during development cycles > > and > > report any issues with the DNSSEC logic upstream. We are very > > interested in collecting feedback about the DNSSEC validator and > > its > > limitations in the wild. Note however, that DNSSEC support is > > probably nothing downstreams should turn on in stable distros just > > yet, as it might create incompatibilities with a few DNS servers > > and > > networks. We tried hard to make sure we downgrade to non-DNSSEC > > mode > > automatically whenever we detect such incompatible setups, but > > there > > might be systems we do not cover yet. Hence: please help us > > testing > > the DNSSEC code, leave this on where you can, report back, but > > then > > again don't consider turning this on in your stable, LTS or > > production release just yet. (Note that you have to enable > > nss-resolve in /etc/nsswitch.conf, to actually use > > systemd-resolved > > and its DNSSEC mode for host name resolution from local > > applications.) > > > > * systemd-resolve conveniently resolves DANE records with the --tlsa > > option and OPENPGPKEY records with the --openpgp option. It also > > supports dumping raw DNS record data via the new --raw= switch. > > > > * systemd-logind will now by default terminate user processes that > > are > > part of the user session scope unit (session-XX.scope) when the > > user > > logs out. This behavior is controlled by the KillUserProcesses= > > setting in logind.conf, and the previous default of "no" is now > > changed to "yes". This means that user sessions will be properly > > cleaned up after, but additional steps are necessary to allow > > intentionally long-running processes to survive logout. > > > > While the user is logged in at least once, [email protected] is > > running, > > and any service that should survive the end of any individual > > login > > session can be started at a user service or scope using > > systemd-run. > > systemd-run(1) man page has been extended with an example which > > shows > > how to run screen in a scope unit underneath [email protected]. The > > same > > command works for tmux. > > > > After the user logs out of all sessions, [email protected] will be > > terminated too, by default, unless the user has "lingering" > > enabled. > > To effectively allow users to run long-term tasks even if they are > > logged out, lingering must be enabled for them. See loginctl(1) > > for > > details. The default polkit policy was modified to allow users to > > set lingering for themselves without authentication. > > > > Previous defaults can be restored at compile time by the > > --without-kill-user-processes option to "configure". > > > > * systemd-logind gained new configuration settings SessionsMax= and > > InhibitorsMax=, both with a default of 8192. It will not register > > new > > user sessions or inhibitors above this limit. > > > > * systemd-logind will now reload configuration on SIGHUP. > > > > * The unified cgroup hierarchy added in Linux 4.5 is now supported. > > Use systemd.unified_cgroup_hierarchy=1 on the kernel command line > > to > > enable. Also, support for the "io" cgroup controller in the > > unified > > hierarchy has been added, so that the "memory", "pids" and "io" > > are > > now the controllers that are supported on the unified hierarchy. > > > > WARNING: it is not possible to use previous systemd versions with > > systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore > > it > > is necessary to also update systemd in the initramfs if using the > > unified hierarchy. An updated SELinux policy is also required. > > > > * LLDP support has been extended, and both passive (receive-only) > > and > > active (sender) modes are supported. Passive mode > > ("routers-only") is > > enabled by default in systemd-networkd. Active LLDP mode is > > enabled > > by default for containers on the internal network. The "networkctl > > lldp" command may be used to list information gathered. > > "networkctl > > status" will also show basic LLDP information on connected peers > > now. > > > > * The IAID and DUID unique identifier sent in DHCP requests may now > > be > > configured for the system and each .network file managed by > > systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options. > > > > * systemd-networkd gained support for configuring proxy ARP support > > for > > each interface, via the ProxyArp= setting in .network files. It > > also > > gained support for configuring the multicast querier feature of > > bridge devices, via the new MulticastQuerier= setting in .netdev > > files. Similarly, snooping on the IGMP traffic can be controlled > > via the new setting MulticastSnooping=. > > > > A new setting PreferredLifetime= has been added for addresses > > configured in .network file to configure the lifetime intended > > for an > > address. > > > > The systemd-networkd DHCP server gained the option EmitRouter=, > > which > > defaults to yes, to configure whether the DHCP Option 3 (Router) > > should be emitted. > > > > * The testing tool /usr/lib/systemd/systemd-activate is renamed to > > systemd-socket-activate and installed into /usr/bin. It is now > > fully > > supported. > > > > * systemd-journald now uses separate threads to flush changes to > > disk > > when closing journal files, thus reducing impact of slow disk I/O > > on > > logging performance. > > > > * The sd-journal API gained two new calls > > sd_journal_open_directory_fd() and sd_journal_open_files_fd() > > which > > can be used to open journal files using file descriptors instead > > of > > file or directory paths. sd_journal_open_container() has been > > deprecated, sd_journal_open_directory_fd() should be used instead > > with the flag SD_JOURNAL_OS_ROOT. > > > > * journalctl learned a new output mode "-o short-unix" that outputs > > log > > lines prefixed by their UNIX time (i.e. seconds since Jan 1st, > > 1970 > > UTC). It also gained support for a new --no-hostname setting to > > suppress the hostname column in the family of "short" output > > modes. > > > > * systemd-ask-password now optionally skips printing of the > > password to > > stdout with --no-output which can be useful in scripts. > > > > * Framebuffer devices (/dev/fb*) and 3D printers and scanners > > (devices tagged with ID_MAKER_TOOL) are now tagged with > > "uaccess" and are available to logged in users. > > > > * The DeviceAllow= unit setting now supports specifiers (with "%"). > > > > * "systemctl show" gained a new --value switch, which allows print a > > only the contents of a specific unit property, without also > > printing > > the property's name. Similar support was added to "show*" verbs > > of loginctl and machinectl that output "key=value" lists. > > > > * A new unit type "generated" was added for files dynamically > > generated > > by generator tools. Similarly, a new unit type "transient" is used > > for unit files created using the runtime API. "systemctl enable" > > will > > refuse to operate on such files. > > > > * A new command "systemctl revert" has been added that may be used > > to > > revert to the vendor version of a unit file, in case local changes > > have been made by adding drop-ins or overriding the unit file. > > > > * "machinectl clean" gained a new verb to automatically remove all > > or > > just hidden container images. > > > > * systemd-tmpfiles gained support for a new line type "e" for > > emptying > > directories, if they exist, without creating them if they don't. > > > > * systemd-nspawn gained support for automatically patching the > > UID/GIDs > > of the owners and the ACLs of all files and directories in a > > container tree to match the UID/GID user namespacing range > > selected > > for the container invocation. This mode is enabled via the new > > --private-user-chown switch. It also gained support for > > automatically > > choosing a free, previously unused UID/GID range when starting a > > container, via the new --private-users=pick setting (which implies > > --private-user-chown). Together, these options for the first time > > make user namespacing for nspawn containers fully automatic and > > thus > > deployable. The [email protected] template unit file has been > > changed to use this functionality by default. > > > > * systemd-nspawn gained a new --network-zone= switch, that allows > > creating ad-hoc virtual Ethernet links between multiple > > containers, > > that only exist as long as at least one container referencing > > them is > > running. This allows easy connecting of multiple containers with a > > common link that implements an Ethernet broadcast domain. Each of > > these network "zones" may be named relatively freely by the user, > > and > > may be referenced by any number of containers, but each container > > may > > only reference one of these "zones". On the lower level, this is > > implemented by an automatically managed bridge network interface > > for > > each zone, that is created when the first container referencing > > its > > zone is created and removed when the last one referencing its zone > > terminates. > > > > * The default start timeout may now be configured on the kernel > > command > > line via systemd.default_timeout_start_sec=. It was already > > configurable via the DefaultTimeoutStartSec= option in > > /etc/systemd/system.conf. > > > > * Socket units gained a new TriggerLimitIntervalSec= and > > TriggerLimitBurst= setting to configure a limit on the activation > > rate of the socket unit. > > > > * The LimitNICE= setting now optionally takes normal UNIX nice > > values > > in addition to the raw integer limit value. If the specified > > parameter is prefixed with "+" or "-" and is in the range -20..19 > > the > > value is understood as UNIX nice value. If not prefixed like this > > it > > is understood as raw RLIMIT_NICE limit. > > > > * Note that the effect of the PrivateDevices= unit file setting > > changed > > slightly with this release: the per-device /dev file system will > > be > > mounted read-only from this version on, and will have "noexec" > > set. This (minor) change of behavior might cause some > > (exceptional) > > legacy software to break, when PrivateDevices=yes is set for its > > service. Please leave PrivateDevices= off if you run into problems > > with this. > > > > * systemd-bootchart has been split out to a separate repository: > > https://github.com/systemd/systemd-bootchart > > > > * systemd-bus-proxyd has been removed, as kdbus is unlikely to > > still be > > merged into the kernel in its current form. > > > > * The compatibility libraries libsystemd-daemon.so, > > libsystemd-journal.so, libsystemd-id128.so, and > > libsystemd-login.so > > which have been deprecated since systemd-209 have been removed > > along > > with the corresponding pkg-config files. All symbols provided by > > those libraries are provided by libsystemd.so. > > > > * The Capabilities= unit file setting has been removed (it is > > ignored > > for backwards compatibility). AmbientCapabilities= and > > CapabilityBoundingSet= should be used instead. > > > > Contributions from: Alban Crequy, Alexander Kuleshov, Alexander > > Shopov, > > Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, > > Benjamin > > Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens > > Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh, > > Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David > > R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny > > Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck > > Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik > > Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo > > Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel > > Holdsworth, > > John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos > > Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, > > Lubomir > > Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin > > Pitt, > > Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, > > Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming > > Lin, > > mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, > > Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern, > > Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert > > Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan > > Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain > > Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller, > > Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen, > > Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor > > Toso, > > Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir > > Panteleev, > > Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew > > Jędrzejewski-Szmek > > > > — Fairfax, 2016-05-21 > > > > Zbyszek > > _______________________________________________ > > systemd-devel mailing list > > [email protected] > > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
