| NEWS | NEWS | |||
|---|---|---|---|---|
| systemd System and Service Manager | systemd System and Service Manager | |||
| CHANGES WITH 216: | ||||
| * timedated no longer reads NTP implementation unit names from | ||||
| /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP | ||||
| implementations should add a | ||||
| Conflicts=systemd-timesyncd.service | ||||
| to their unit files to take over and replace systemd's NTP | ||||
| default functionality. | ||||
| * systemd-sysusers gained a new line type "r" for configuring | ||||
| which UID/GID ranges to allocate system users/groups | ||||
| from. Lines of type "u" may now add an additional column | ||||
| that specifies the home directory for the system user to be | ||||
| created. Also, systemd-sysusers may now optionally read user | ||||
| information from STDIN instead of a file. This is useful for | ||||
| invoking it from RPM preinst scriptlets that need to create | ||||
| users before the first RPM file is installed since these | ||||
| files might need to be owned by them. A new | ||||
| %sysusers_create_inline RPM macro has been introduced to do | ||||
| just that. systemd-sysusers now updates the shadow files as | ||||
| well as the user/group databases, which should enhance | ||||
| compatibility with certain tools like grpck. | ||||
| * A number of bus APIs of PID 1 now optionally consult | ||||
| PolicyKit to permit access for otherwise unprivileged | ||||
| clients under certain conditions. Note that this currently | ||||
| doesn't support interactive authentication yet, but this is | ||||
| expected to be added eventually, too. | ||||
| * /etc/machine-info now has new fields for configuring the | ||||
| deployment environment of the machine, as well as the | ||||
| location of the machine. hostnamectl has been updated with | ||||
| new command to update these fields. | ||||
| * systemd-timesyncd has been updated to automatically acquire | ||||
| NTP server information from systemd-networkd, which might | ||||
| have been discovered via DHCP. | ||||
| * systemd-resolved now includes a caching DNS stub resolver | ||||
| and a complete LLMNR name resolution implementation. A new | ||||
| NSS module "nss-resolve" has been added which make be used | ||||
| of glibc's own "nss-dns" to resolve hostnames via | ||||
| systemd-resolved. Hostnames, addresses and arbitrary RRs may | ||||
| be resolved via systemd-resolved D-Bus APIs. In contrast to | ||||
| the glibc internal resolver systemd-resolved is aware of | ||||
| multi-homed system, and keeps DNS server and caches separate | ||||
| and per-interface. Queries are sent simultaneously on all | ||||
| interfaces that have DNS servers configured, in order to | ||||
| properly handle VPNs and local LANs which might resolve | ||||
| separate sets of domain names. systemd-resolved may acquire | ||||
| DNS server information from systemd-networkd automatically, | ||||
| which in turn might have discovered them via DHCP. A tool | ||||
| "systemd-resolve-host" has been added that may be used to | ||||
| query the DNS logic in resolved. systemd-resolved implements | ||||
| IDNA and automatically uses IDNA or UTF-8 encoding depending | ||||
| on whether classic DNS or LLMNR is used as transport. In the | ||||
| next releases we intend to add a DNSSEC and mDNS/DNS-SD | ||||
| implementation to systemd-resolved. | ||||
| * A new NSS module nss-mymachines has been added, that | ||||
| automatically resolves the names of all local registered | ||||
| containers to their respective IP addresses. | ||||
| * A new client tool "networkctl" for systemd-networkd has been | ||||
| added. It currently is entirely passive and will query | ||||
| networking configuration from udev, rtnetlink and networkd, | ||||
| and present it to the user in a very friendly | ||||
| way. Eventually, we hope to extend it to become a full | ||||
| control utility for networkd. | ||||
| * .socket units gained a new DeferAcceptSec= setting that | ||||
| controls the kernels' TCP_DEFER_ACCEPT sockopt for | ||||
| TCP. Similar, support for controlling TCP keep-alive | ||||
| settings has been added (KeepAliveTimeSec=, | ||||
| KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for | ||||
| turning off Nagle's algorithm on TCP has been added | ||||
| (NoDelay=). | ||||
| * logind learned a new session type "web", for use in projects | ||||
| like Cockpit which register web clients as PAM sessions. | ||||
| * timer units with at least one OnCalendar= setting will now | ||||
| be started only after timer-sync.target has been | ||||
| reached. This way they will not elapse before the system | ||||
| clock has been corrected by a local NTP client or | ||||
| similar. This is particular useful on RTC-less embedded | ||||
| machines, that come up with an invalid system clock. | ||||
| * systemd-nspawn's --network-veth= switch should now result in | ||||
| stable MAC addresses for both the outer and the inner side | ||||
| of the link. | ||||
| * systemd-nspawn gained a new --volatile= switch for running | ||||
| container instances with /etc or /var unpopulated. | ||||
| * The kdbus client code has been updated to use the new Linux | ||||
| 3.17 memfd subsystem instead of the old kdbus-specific one. | ||||
| * systemd-networkd's DHCP client and server now support | ||||
| FORCERENEW. There are also new configuration options to | ||||
| configure the vendor client identifier and broadcast mode | ||||
| for DHCP. | ||||
| * systemd will no longer inform the kernel about the current | ||||
| timezone, as this is necessarily incorrect and racy as the | ||||
| kernel has no understanding of DST and similar | ||||
| concepts. This hence means FAT timestamps will be always | ||||
| considered UTC, similar to what Android is already | ||||
| doing. Also, when the RTC is configured to the local time | ||||
| (rather than UTC) systemd will never synchronize back to it, | ||||
| as this might confuse Windows at a later boot. | ||||
| * systemd-analyze gained a new command "verify" for offline | ||||
| validation of unit files. | ||||
| * systemd-networkd gained support for a couple of additional | ||||
| settings for bonding networking setups. Also, the metric for | ||||
| statically configured routes may now be configured. For | ||||
| network interfaces where this is appropriate the peer IP | ||||
| address may now be configured. | ||||
| * systemd-networkd's DHCP client will no longer request | ||||
| broadcasting by default, as this tripped up some networks. | ||||
| For hardware where broadcast is required the feature should | ||||
| be switched back on using RequestBroadcast=yes. | ||||
| * systemd-networkd will now set up IPv4LL addresses (when | ||||
| enabled) even if DHCP is configured successfully. | ||||
| * udev will now default to respect network device names given | ||||
| by the kernel when the kernel indicates that these are | ||||
| predictable. This behavior can be tweaked by changing | ||||
| NamePolicy= in the relevant .link file. | ||||
| * A new library systemd-terminal has been added that | ||||
| implements full TTY stream parsing and rendering. This | ||||
| library is supposed to be used later on for implementing a | ||||
| full userspace VT subsystem, replacing the current kernel | ||||
| implementation. | ||||
| * A new tool systemd-journal-upload has been added to push | ||||
| journal data to a remote system running | ||||
| systemd-journal-remote. | ||||
| * journald will no longer forward all local data to another | ||||
| running syslog daemon. This change has been made because | ||||
| rsyslog (which appears to be the most commonly used syslog | ||||
| implementation these days) no longer makes use of this, and | ||||
| instead pulls the data out of the journal on its own. Since | ||||
| forwarding the messages to a non-existent syslog server is | ||||
| more expensive than we assumed we have now turned this | ||||
| off. If you run a syslog server that is not a recent rsyslog | ||||
| version, you have to turn this option on again | ||||
| (ForwardToSyslog= in journald.conf). | ||||
| * journald now optionally supports the LZ4 compressor for | ||||
| larger journal fields. This compressor should perform much | ||||
| better than XZ which was the previous default. | ||||
| * machinectl now shows the IP addresses of local containers, | ||||
| if it knows them, plus the interface name of the container. | ||||
| * A new tool "systemd-escape" has been added that makes it | ||||
| easy to escape strings to build unit names and similar. | ||||
| * sd_notify() messages may now include a new ERRNO= field | ||||
| which is parsed and collected by systemd and shown among the | ||||
| "systemctl status" output for a service. | ||||
| * A new component "systemd-firstboot" has been added that | ||||
| queries the most basic systemd information (timezone, | ||||
| hostname, root password) interactively on first | ||||
| boot. Alternatively it may also be used to provision these | ||||
| things offline on OS images installed into directories. | ||||
| * The default sysctl.d/ snippets will now set | ||||
| net.ipv4.conf.default.promote_secondaries=1 | ||||
| This has the benefit of no flushing secondary IP addresses | ||||
| when primary addresses are removed. | ||||
| Contributions from: Ansgar Burchardt, Bastien Nocera, Colin | ||||
| Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel | ||||
| Mack, Dan Williams, Dave Reisner, David Herrmann, Denis | ||||
| Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald | ||||
| Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann | ||||
| B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin | ||||
| Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, | ||||
| Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael | ||||
| Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, | ||||
| Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert | ||||
| Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef | ||||
| Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas | ||||
| Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, | ||||
| Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut | ||||
| Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek | ||||
| -- Berlin, 2014-08-19 | ||||
| CHANGES WITH 215: | CHANGES WITH 215: | |||
| * A new tool systemd-sysusers has been added. This tool | * A new tool systemd-sysusers has been added. This tool | |||
| creates system users and groups in /etc/passwd and | creates system users and groups in /etc/passwd and | |||
| /etc/group, based on static declarative system user/group | /etc/group, based on static declarative system user/group | |||
| definitions in /usr/lib/sysusers.d/. This is useful to | definitions in /usr/lib/sysusers.d/. This is useful to | |||
| enable factory resets and volatile systems that boot up with | enable factory resets and volatile systems that boot up with | |||
| an empty /etc directory, and thus need system users and | an empty /etc directory, and thus need system users and | |||
| groups created during early boot. systemd now also ships | groups created during early boot. systemd now also ships | |||
| with two default sysusers.d/ files for the most basic | with two default sysusers.d/ files for the most basic | |||
| skipping to change at line 295 | skipping to change at line 497 | |||
| manually load kernel modules necessary for certain tunnel | manually load kernel modules necessary for certain tunnel | |||
| transports. Instead, it is assumed the kernel loads them | transports. Instead, it is assumed the kernel loads them | |||
| automatically when required. This only works correctly on | automatically when required. This only works correctly on | |||
| very new kernels. On older kernels, please consider adding | very new kernels. On older kernels, please consider adding | |||
| the kernel modules to /etc/modules-load.d/ as a work-around. | the kernel modules to /etc/modules-load.d/ as a work-around. | |||
| * The resolv.conf file systemd-resolved generates has been | * The resolv.conf file systemd-resolved generates has been | |||
| moved to /run/systemd/resolve/. If you have a symlink from | moved to /run/systemd/resolve/. If you have a symlink from | |||
| /etc/resolv.conf, it might be necessary to correct it. | /etc/resolv.conf, it might be necessary to correct it. | |||
| * Two new service settings, ProtectedHome= and ProtectedSystem=, | * Two new service settings, ProtectHome= and ProtectSystem=, | |||
| have been added. When enabled, they will make the user data | have been added. When enabled, they will make the user data | |||
| (such as /home) inaccessible or read-only and the system | (such as /home) inaccessible or read-only and the system | |||
| (such as /usr) read-only, for specific services. This allows | (such as /usr) read-only, for specific services. This allows | |||
| very light-weight per-service sandboxing to avoid | very light-weight per-service sandboxing to avoid | |||
| modifications of user data or system files from | modifications of user data or system files from | |||
| services. These two new switches have been enabled for all | services. These two new switches have been enabled for all | |||
| of systemd's long-running services, where appropriate. | of systemd's long-running services, where appropriate. | |||
| * Socket units gained new SocketUser= and SocketGroup= | * Socket units gained new SocketUser= and SocketGroup= | |||
| settings to set the owner user and group of AF_UNIX sockets | settings to set the owner user and group of AF_UNIX sockets | |||
| End of changes. 2 change blocks. | ||||
| 1 lines changed or deleted | 203 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||