[systemd-devel] [ANNOUNCE] systemd v239

Heya! I am happy to announce systemd v239: https://github.com/systemd/systemd/archive/v239.tar.gz Enjoy! CHANGES WITH 239: * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id" builtin will name network interfaces differently than in previous versions for virtual network interfaces created with SR-IOV and NPAR and for devices where the PCI network controller device does not have a slot number associated. SR-IOV virtual devices are now named based on the name of the parent interface, with a suffix of "v<N>", where <N> is the virtual device number. Previously those virtual devices were named as if completely independent. The ninth and later NPAR virtual devices will be named following the scheme used for the first eight NPAR partitions. Previously those devices were not renamed and the kernel default (eth<n>) was used. "net_id" will also generate names for PCI devices where the PCI network controller device does not have an associated slot number itself, but one of its parents does. Previously those devices were not renamed and the kernel default (eth<n>) was used. * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in systemd-logind.service. Since v235, IPAddressDeny=any has been set to the unit. So, it is expected that the default behavior of systemd-logind is not changed. However, if distribution packagers or administrators disabled or modified IPAddressDeny= setting by a drop-in config file, then it may be necessary to update the file to re-enable AF_INET and AF_INET6 to support network user name services, e.g. NIS. * When the RestrictNamespaces= unit property is specified multiple times, then the specified types are merged now. Previously, only the last assignment was used. So, if distribution packagers or administrators modified the setting by a drop-in config file, then it may be necessary to update the file. * When OnFailure= is used in combination with Restart= on a service unit, then the specified units will no longer be triggered on failures that result in restarting. Previously, the specified units would be activated each time the unit failed, even when the unit was going to be restarted automatically. This behaviour contradicted the documentation. With this release the code is adjusted to match the documentation. * systemd-tmpfiles will now print a notice whenever it encounters tmpfiles.d/ lines referencing the /var/run/ directory. It will recommend reworking them to use the /run/ directory instead (for which /var/run/ is simply a symlinked compatibility alias). This way systemd-tmpfiles can properly detect line conflicts and merge lines referencing the same file by two paths, without having to access them. * systemctl disable/unmask/preset/preset-all cannot be used with --runtime. Previously this was allowed, but resulted in unintuitive behaviour that wasn't useful. systemctl disable/unmask will now undo both runtime and persistent enablement/masking, i.e. it will remove any relevant symlinks both in /run and /etc. * Note that all long-running system services shipped with systemd will now default to a system call whitelist (rather than a blacklist, as before). In particular, systemd-udevd will now enforce one too. For most cases this should be safe, however downstream distributions which disabled sandboxing of systemd-udevd (specifically the MountFlags= setting), might want to disable this security feature too, as the default whitelisting will prohibit all mount, swap, reboot and clock changing operations from udev rules. * sd-boot acquired new loader configuration settings to optionally turn off Windows and MacOS boot partition discovery as well as reboot-into-firmware menu items. It is also able to pick a better screen resolution for HiDPI systems, and now provides loader configuration settings to change the resolution explicitly. * systemd-resolved now supports DNS-over-TLS. It's still turned off by default, use DNSOverTLS=opportunistic to turn it on in resolved.conf. We intend to make this the default as soon as couple of additional techniques for optimizing the initial latency caused by establishing a TLS/TCP connection are implemented. * systemd-resolved.service and systemd-networkd.service now set DynamicUser=yes. The users systemd-resolve and systemd-network are not created by systemd-sysusers. * The systemd-resolve tool has been renamed to resolvectl (it also remains available under the old name, for compatibility), and its interface is now verb-based, similar in style to the other <xyz>ctl tools, such as systemctl or loginctl. * The resolvectl/systemd-resolve tool also provides 'resolvconf' compatibility. It may be symlinked under the 'resolvconf' name, in which case it will take arguments and input compatible with the Debian and FreeBSD resolvconf tool. * Support for suspend-then-hibernate has been added, i.e. a sleep mode where the system initially suspends, and after a time-out resumes and hibernates again. * networkd's ClientIdentifier= now accepts a new option "duid-only". If set the client will only send a DUID as client identifier. * The nss-systemd glibc NSS module will now enumerate dynamic users and groups in effect. Previously, it could resolve UIDs/GIDs to user names/groups and vice versa, but did not support enumeration. * journald's Compress= configuration setting now optionally accepts a byte threshold value. All journal objects larger than this threshold will be compressed, smaller ones will not. Previously this threshold was not configurable and set to 512. * A new system.conf setting NoNewPrivileges= is now available which may be used to turn off acquisition of new privileges system-wide (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also for all its children). Note that turning this option on means setuid binaries and file system capabilities lose their special powers. While turning on this option is a big step towards a more secure system, doing so is likely to break numerous pre-existing UNIX tools, in particular su and sudo. * A new service systemd-time-sync-wait.service has been added. If enabled it will delay the time-sync.target unit at boot until time synchronization has been received from the network. This functionality is useful on systems lacking a local RTC or where it is acceptable that the boot process shall be delayed by external network services. * When hibernating, systemd will now inform the kernel of the image write offset, on kernels new enough to support this. This means swap files should work for hibernation now. * When loading unit files, systemd will now look for drop-in unit files extensions in additional places. Previously, for a unit file name "foo-bar-baz.service" it would look for dropin files in "foo-bar-baz.service.d/*.conf". Now, it will also look in "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the service name truncated after all inner dashes. This scheme allows writing drop-ins easily that apply to a whole set of unit files at once. It's particularly useful for mount and slice units (as their naming is prefix based), but is also useful for service and other units, for packages that install multiple unit files at once, following a strict naming regime of beginning the unit file name with the package's name. Two new specifiers are now supported in unit files to match this: %j and %J are replaced by the part of the unit name following the last dash. * Unit files and other configuration files that support specifier expansion now understand another three new specifiers: %T and %V will resolve to /tmp and /var/tmp respectively, or whatever temporary directory has been set for the calling user. %E will expand to either /etc (for system units) or $XDG_CONFIG_HOME (for user units). * The ExecStart= lines of unit files are no longer required to reference absolute paths. If non-absolute paths are specified the specified binary name is searched within the service manager's built-in $PATH, which may be queried with 'systemd-path search-binaries-default'. It's generally recommended to continue to use absolute paths for all binaries specified in unit files. * Units gained a new load state "bad-setting", which is used when a unit file was loaded, but contained fatal errors which prevent it from being started (for example, a service unit has been defined lacking both ExecStart= and ExecStop= lines). * coredumpctl's "gdb" verb has been renamed to "debug", in order to support alternative debuggers, for example lldb. The old name continues to be available however, for compatibility reasons. Use the new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable to pick an alternative debugger instead of the default gdb. * systemctl and the other tools will now output escape sequences that generate proper clickable hyperlinks in various terminal emulators where useful (for example, in the "systemctl status" output you can now click on the unit file name to quickly open it in the editor/viewer of your choice). Note that not all terminal emulators support this functionality yet, but many do. Unfortunately, the "less" pager doesn't support this yet, hence this functionality is currently automatically turned off when a pager is started (which happens quite often due to auto-paging). We hope to remove this limitation as soon as "less" learns these escape sequences. This new behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY environment variable. For details on these escape sequences see: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda * networkd's .network files now support a new IPv6MTUBytes= option for setting the MTU used by IPv6 explicitly as well as a new MTUBytes= option in the [Route] section to configure the MTU to use for specific routes. It also gained support for configuration of the DHCP "UserClass" option through the new UserClass= setting. It gained three new options in the new [CAN] section for configuring CAN networks. The MULTICAST and ALLMULTI interface flags may now be controlled explicitly with the new Multicast= and AllMulticast= settings. * networkd will now automatically make use of the kernel's route expiration feature, if it is available. * udevd's .link files now support setting the number of receive and transmit channels, using the RxChannels=, TxChannels=, OtherChannels=, CombinedChannels= settings. * Support for UDPSegmentationOffload= has been removed, given its limited support in hardware, and waning software support. * networkd's .netdev files now support creating "netdevsim" interfaces. * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used to query the unit belonging to a specific kernel control group. * systemd-analyze gained a new verb "cat-config", which may be used to dump the contents of any configuration file, with all its matching drop-in files added in, and honouring the usual search and masking logic applied to systemd configuration files. For example use "systemd-analyze cat-config systemd/system.conf" to get the complete system configuration file of systemd how it would be loaded by PID 1 itself. Similar to this, various tools such as systemd-tmpfiles or systemd-sysusers, gained a new option "--cat-config", which does the corresponding operation for their own configuration settings. For example, "systemd-tmpfiles --cat-config" will now output the full list of tmpfiles.d/ lines in place. * timedatectl gained three new verbs: "show" shows bus properties of systemd-timedated, "timesync-status" shows the current NTP synchronization state of systemd-timesyncd, and "show-timesync" shows bus properties of systemd-timesyncd. * systemd-timesyncd gained a bus interface on which it exposes details about its state. * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now understood by systemd-timedated. It takes a colon-separated list of unit names of NTP client services. The list is used by "timedatectl set-ntp". * systemd-nspawn gained a new --rlimit= switch for setting initial resource limits for the container payload. There's a new switch --hostname= to explicitly override the container's hostname. A new --no-new-privileges= switch may be used to control the PR_SET_NO_NEW_PRIVS flag for the container payload. A new --oom-score-adjust= switch controls the OOM scoring adjustment value for the payload. The new --cpu-affinity= switch controls the CPU affinity of the container payload. The new --resolv-conf= switch allows more detailed control of /etc/resolv.conf handling of the container. Similarly, the new --timezone= switch allows more detailed control of /etc/localtime handling of the container. * systemd-detect-virt gained a new --list switch, which will print a list of all currently known VM and container environments. * Support for "Portable Services" has been added, see doc/PORTABLE_SERVICES.md for details. Currently, the support is still experimental, but this is expected to change soon. Reflecting this experimental state, the "portablectl" binary is not installed into /usr/bin yet. The binary has to be called with the full path /usr/lib/systemd/portablectl instead. * journalctl's and systemctl's -o switch now knows a new log output mode "with-unit". The output it generates is very similar to the regular "short" mode, but displays the unit name instead of the syslog tag for each log line. Also, the date is shown with timezone information. This mode is probably more useful than the classic "short" output mode for most purposes, except where pixel-perfect compatibility with classic /var/log/messages formatting is required. * A new --dump-bus-properties switch has been added to the systemd binary, which may be used to dump all supported D-Bus properties. (Options which are still supported, but are deprecated, are *not* shown.) * sd-bus gained a set of new calls: sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to enable/disable the "floating" state of a bus slot object, i.e. whether the slot object pins the bus it is allocated for into memory or if the bus slot object gets disconnected when the bus goes away. sd_bus_open_with_description(), sd_bus_open_user_with_description(), sd_bus_open_system_with_description() may be used to allocate bus objects and set their description string already during allocation. * sd-event gained support for watching inotify events from the event loop, in an efficient way, sharing inotify handles between multiple users. For this a new function sd_event_add_inotify() has been added. * sd-event and sd-bus gained support for calling special user-supplied destructor functions for userdata pointers associated with sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new functions sd_bus_slot_set_destroy_callback, sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback, sd_bus_track_get_destroy_callback, sd_event_source_set_destroy_callback, sd_event_source_get_destroy_callback have been added. * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default. * PID 1 will now automatically reschedule .timer units whenever the local timezone changes. (They previously got rescheduled automatically when the system clock changed.) * New documentation has been added to document cgroups delegation, portable services and the various code quality tools we have set up: https://github.com/systemd/systemd/blob/master/doc/CGROUP_DELEGATION.md https://github.com/systemd/systemd/blob/master/doc/PORTABLE_SERVICES.md https://github.com/systemd/systemd/blob/master/doc/CODE_QUALITY.md * The Boot Loader Specification has been added to the source tree. https://github.com/systemd/systemd/blob/master/doc/BOOT_LOADER_SPECIFICATION.md While moving it into our source tree we have updated it and further changes are now accepted through the usual github PR workflow. * pam_systemd will now look for PAM userdata fields systemd.memory_max, systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by earlier PAM modules. The data in these fields is used to initialize the session scope's resource properties. Thus external PAM modules may now configure per-session limits, for example sourced from external user databases. * socket units with Accept=yes will now maintain a "refused" counter in addition to the existing "accepted" counter, counting connections refused due to the enforced limits. * The "systemd-path search-binaries-default" command may now be use to query the default, built-in $PATH PID 1 will pass to the services it manages. * A new unit file setting PrivateMounts= has been added. It's a boolean option. If enabled the unit's processes are invoked in their own file system namespace. Note that this behaviour is also implied if any other file system namespacing options (such as PrivateTmp=, PrivateDevices=, ProtectSystem=, …) are used. This option is hence primarily useful for services that do not use any of the other file system namespacing options. One such service is systemd-udevd.service wher this is now used by default. * ConditionSecurity= gained a new value "uefi-secureboot" that is true when the system is booted in UEFI "secure mode". * A new unit "system-update-pre.target" is added, which defines an optional synchronization point for offline system updates, as implemented by the pre-existing "system-update.target" unit. It allows ordering services before the service that executes the actual update process in a generic way. Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale, Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner, Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover, guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov, Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir, Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers, Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König, Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott, Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler, Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot, Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo, Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez, Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel, Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik, Yu Watanabe, Zbigniew Jędrzejewski-Szmek — Berlin, 2018-06-22 Lennart -- Lennart Poettering, Red Hat