NEWS | NEWS | |||
---|---|---|---|---|
systemd System and Service Manager | systemd System and Service Manager | |||
CHANGES WITH 216: | ||||
* timedated no longer reads NTP implementation unit names from | ||||
/usr/lib/systemd/ntp-units.d/*.list. Alternative NTP | ||||
implementations should add a | ||||
Conflicts=systemd-timesyncd.service | ||||
to their unit files to take over and replace systemd's NTP | ||||
default functionality. | ||||
* systemd-sysusers gained a new line type "r" for configuring | ||||
which UID/GID ranges to allocate system users/groups | ||||
from. Lines of type "u" may now add an additional column | ||||
that specifies the home directory for the system user to be | ||||
created. Also, systemd-sysusers may now optionally read user | ||||
information from STDIN instead of a file. This is useful for | ||||
invoking it from RPM preinst scriptlets that need to create | ||||
users before the first RPM file is installed since these | ||||
files might need to be owned by them. A new | ||||
%sysusers_create_inline RPM macro has been introduced to do | ||||
just that. systemd-sysusers now updates the shadow files as | ||||
well as the user/group databases, which should enhance | ||||
compatibility with certain tools like grpck. | ||||
* A number of bus APIs of PID 1 now optionally consult | ||||
PolicyKit to permit access for otherwise unprivileged | ||||
clients under certain conditions. Note that this currently | ||||
doesn't support interactive authentication yet, but this is | ||||
expected to be added eventually, too. | ||||
* /etc/machine-info now has new fields for configuring the | ||||
deployment environment of the machine, as well as the | ||||
location of the machine. hostnamectl has been updated with | ||||
new command to update these fields. | ||||
* systemd-timesyncd has been updated to automatically acquire | ||||
NTP server information from systemd-networkd, which might | ||||
have been discovered via DHCP. | ||||
* systemd-resolved now includes a caching DNS stub resolver | ||||
and a complete LLMNR name resolution implementation. A new | ||||
NSS module "nss-resolve" has been added which make be used | ||||
of glibc's own "nss-dns" to resolve hostnames via | ||||
systemd-resolved. Hostnames, addresses and arbitrary RRs may | ||||
be resolved via systemd-resolved D-Bus APIs. In contrast to | ||||
the glibc internal resolver systemd-resolved is aware of | ||||
multi-homed system, and keeps DNS server and caches separate | ||||
and per-interface. Queries are sent simultaneously on all | ||||
interfaces that have DNS servers configured, in order to | ||||
properly handle VPNs and local LANs which might resolve | ||||
separate sets of domain names. systemd-resolved may acquire | ||||
DNS server information from systemd-networkd automatically, | ||||
which in turn might have discovered them via DHCP. A tool | ||||
"systemd-resolve-host" has been added that may be used to | ||||
query the DNS logic in resolved. systemd-resolved implements | ||||
IDNA and automatically uses IDNA or UTF-8 encoding depending | ||||
on whether classic DNS or LLMNR is used as transport. In the | ||||
next releases we intend to add a DNSSEC and mDNS/DNS-SD | ||||
implementation to systemd-resolved. | ||||
* A new NSS module nss-mymachines has been added, that | ||||
automatically resolves the names of all local registered | ||||
containers to their respective IP addresses. | ||||
* A new client tool "networkctl" for systemd-networkd has been | ||||
added. It currently is entirely passive and will query | ||||
networking configuration from udev, rtnetlink and networkd, | ||||
and present it to the user in a very friendly | ||||
way. Eventually, we hope to extend it to become a full | ||||
control utility for networkd. | ||||
* .socket units gained a new DeferAcceptSec= setting that | ||||
controls the kernels' TCP_DEFER_ACCEPT sockopt for | ||||
TCP. Similar, support for controlling TCP keep-alive | ||||
settings has been added (KeepAliveTimeSec=, | ||||
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for | ||||
turning off Nagle's algorithm on TCP has been added | ||||
(NoDelay=). | ||||
* logind learned a new session type "web", for use in projects | ||||
like Cockpit which register web clients as PAM sessions. | ||||
* timer units with at least one OnCalendar= setting will now | ||||
be started only after timer-sync.target has been | ||||
reached. This way they will not elapse before the system | ||||
clock has been corrected by a local NTP client or | ||||
similar. This is particular useful on RTC-less embedded | ||||
machines, that come up with an invalid system clock. | ||||
* systemd-nspawn's --network-veth= switch should now result in | ||||
stable MAC addresses for both the outer and the inner side | ||||
of the link. | ||||
* systemd-nspawn gained a new --volatile= switch for running | ||||
container instances with /etc or /var unpopulated. | ||||
* The kdbus client code has been updated to use the new Linux | ||||
3.17 memfd subsystem instead of the old kdbus-specific one. | ||||
* systemd-networkd's DHCP client and server now support | ||||
FORCERENEW. There are also new configuration options to | ||||
configure the vendor client identifier and broadcast mode | ||||
for DHCP. | ||||
* systemd will no longer inform the kernel about the current | ||||
timezone, as this is necessarily incorrect and racy as the | ||||
kernel has no understanding of DST and similar | ||||
concepts. This hence means FAT timestamps will be always | ||||
considered UTC, similar to what Android is already | ||||
doing. Also, when the RTC is configured to the local time | ||||
(rather than UTC) systemd will never synchronize back to it, | ||||
as this might confuse Windows at a later boot. | ||||
* systemd-analyze gained a new command "verify" for offline | ||||
validation of unit files. | ||||
* systemd-networkd gained support for a couple of additional | ||||
settings for bonding networking setups. Also, the metric for | ||||
statically configured routes may now be configured. For | ||||
network interfaces where this is appropriate the peer IP | ||||
address may now be configured. | ||||
* systemd-networkd's DHCP client will no longer request | ||||
broadcasting by default, as this tripped up some networks. | ||||
For hardware where broadcast is required the feature should | ||||
be switched back on using RequestBroadcast=yes. | ||||
* systemd-networkd will now set up IPv4LL addresses (when | ||||
enabled) even if DHCP is configured successfully. | ||||
* udev will now default to respect network device names given | ||||
by the kernel when the kernel indicates that these are | ||||
predictable. This behavior can be tweaked by changing | ||||
NamePolicy= in the relevant .link file. | ||||
* A new library systemd-terminal has been added that | ||||
implements full TTY stream parsing and rendering. This | ||||
library is supposed to be used later on for implementing a | ||||
full userspace VT subsystem, replacing the current kernel | ||||
implementation. | ||||
* A new tool systemd-journal-upload has been added to push | ||||
journal data to a remote system running | ||||
systemd-journal-remote. | ||||
* journald will no longer forward all local data to another | ||||
running syslog daemon. This change has been made because | ||||
rsyslog (which appears to be the most commonly used syslog | ||||
implementation these days) no longer makes use of this, and | ||||
instead pulls the data out of the journal on its own. Since | ||||
forwarding the messages to a non-existent syslog server is | ||||
more expensive than we assumed we have now turned this | ||||
off. If you run a syslog server that is not a recent rsyslog | ||||
version, you have to turn this option on again | ||||
(ForwardToSyslog= in journald.conf). | ||||
* journald now optionally supports the LZ4 compressor for | ||||
larger journal fields. This compressor should perform much | ||||
better than XZ which was the previous default. | ||||
* machinectl now shows the IP addresses of local containers, | ||||
if it knows them, plus the interface name of the container. | ||||
* A new tool "systemd-escape" has been added that makes it | ||||
easy to escape strings to build unit names and similar. | ||||
* sd_notify() messages may now include a new ERRNO= field | ||||
which is parsed and collected by systemd and shown among the | ||||
"systemctl status" output for a service. | ||||
* A new component "systemd-firstboot" has been added that | ||||
queries the most basic systemd information (timezone, | ||||
hostname, root password) interactively on first | ||||
boot. Alternatively it may also be used to provision these | ||||
things offline on OS images installed into directories. | ||||
* The default sysctl.d/ snippets will now set | ||||
net.ipv4.conf.default.promote_secondaries=1 | ||||
This has the benefit of no flushing secondary IP addresses | ||||
when primary addresses are removed. | ||||
Contributions from: Ansgar Burchardt, Bastien Nocera, Colin | ||||
Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel | ||||
Mack, Dan Williams, Dave Reisner, David Herrmann, Denis | ||||
Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald | ||||
Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann | ||||
B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin | ||||
Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, | ||||
Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael | ||||
Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, | ||||
Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert | ||||
Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef | ||||
Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas | ||||
Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, | ||||
Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut | ||||
Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek | ||||
-- Berlin, 2014-08-19 | ||||
CHANGES WITH 215: | CHANGES WITH 215: | |||
* A new tool systemd-sysusers has been added. This tool | * A new tool systemd-sysusers has been added. This tool | |||
creates system users and groups in /etc/passwd and | creates system users and groups in /etc/passwd and | |||
/etc/group, based on static declarative system user/group | /etc/group, based on static declarative system user/group | |||
definitions in /usr/lib/sysusers.d/. This is useful to | definitions in /usr/lib/sysusers.d/. This is useful to | |||
enable factory resets and volatile systems that boot up with | enable factory resets and volatile systems that boot up with | |||
an empty /etc directory, and thus need system users and | an empty /etc directory, and thus need system users and | |||
groups created during early boot. systemd now also ships | groups created during early boot. systemd now also ships | |||
with two default sysusers.d/ files for the most basic | with two default sysusers.d/ files for the most basic | |||
skipping to change at line 295 | skipping to change at line 497 | |||
manually load kernel modules necessary for certain tunnel | manually load kernel modules necessary for certain tunnel | |||
transports. Instead, it is assumed the kernel loads them | transports. Instead, it is assumed the kernel loads them | |||
automatically when required. This only works correctly on | automatically when required. This only works correctly on | |||
very new kernels. On older kernels, please consider adding | very new kernels. On older kernels, please consider adding | |||
the kernel modules to /etc/modules-load.d/ as a work-around. | the kernel modules to /etc/modules-load.d/ as a work-around. | |||
* The resolv.conf file systemd-resolved generates has been | * The resolv.conf file systemd-resolved generates has been | |||
moved to /run/systemd/resolve/. If you have a symlink from | moved to /run/systemd/resolve/. If you have a symlink from | |||
/etc/resolv.conf, it might be necessary to correct it. | /etc/resolv.conf, it might be necessary to correct it. | |||
* Two new service settings, ProtectedHome= and ProtectedSystem=, | * Two new service settings, ProtectHome= and ProtectSystem=, | |||
have been added. When enabled, they will make the user data | have been added. When enabled, they will make the user data | |||
(such as /home) inaccessible or read-only and the system | (such as /home) inaccessible or read-only and the system | |||
(such as /usr) read-only, for specific services. This allows | (such as /usr) read-only, for specific services. This allows | |||
very light-weight per-service sandboxing to avoid | very light-weight per-service sandboxing to avoid | |||
modifications of user data or system files from | modifications of user data or system files from | |||
services. These two new switches have been enabled for all | services. These two new switches have been enabled for all | |||
of systemd's long-running services, where appropriate. | of systemd's long-running services, where appropriate. | |||
* Socket units gained new SocketUser= and SocketGroup= | * Socket units gained new SocketUser= and SocketGroup= | |||
settings to set the owner user and group of AF_UNIX sockets | settings to set the owner user and group of AF_UNIX sockets | |||
End of changes. 2 change blocks. | ||||
1 lines changed or deleted | 203 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |