forked from systemd/systemd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
18424 lines (14893 loc) · 974 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
systemd System and Service Manager
CHANGES WITH 257 in spe:
Incompatible changes:
* The --purge switch of systemd-tmpfiles (which was added in v256) has
been reworked: it will now only apply to tmpfiles.d/ lines marked
with the new "$" flag. This is an incompatible change, and means any
tmpfiles.d/ files which shall be used together with --purge need to
be updated accordingly. This change has been made to make it harder
to accidentally delete too many files when using --purge incorrectly.
* The systemd-creds 'cat' verb now expects base64-encoded encrypted
credentials for consistency with the 'decrypt' verb and the
LoadCredentialEncrypted= service setting. Previously it could only
read raw binary data.
Announcements of Future Feature Removals and Incompatible Changes:
* To work around limitations of X11's keyboard handling systemd's
keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
mapped the microphone mute and touchpad on/off/toggle keys to the
function keys F20, F21, F22, F23 instead of their correct key
codes. This key code mangling will be removed in the next systemd
release v258. To maintain compatibility with X11 applications that
rely on the old function key code mappings, this mangling has now
been moved to the relevant X11 keyboard driver modules instead. Thus,
in order to ensure these keys continue to work as before make sure to
update the xf86-input-evdev and xf86-input-libinput packages to the
newest version before updating systemd to v258.
* Support for automatic flushing of the nscd user/group database caches
has been dropped.
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will refuse to boot under
it. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
only cgroup v2 ('unified' hierarchy) can be selected as build-time
default.
* Support for System V service scripts is deprecated and will be
removed in a future release. Please make sure to update your software
*now* to include a native systemd unit file instead of a legacy
System V script to retain compatibility with future systemd releases.
* Support for the SystemdOptions EFI variable is deprecated.
'bootctl systemd-efi-options' will emit a warning when used. It seems
that this feature is little-used and it is better to use alternative
approaches like credentials and confexts. The plan is to drop support
altogether at a later point, but this might be revisited based on
user feedback.
* systemd-run's switch --expand-environment= which currently is disabled
by default when combined with --scope, will be changed in a future
release to be enabled by default.
* The FileDescriptorName= setting for socket units is now honored by
Accept=yes sockets too, where it was previously silently ignored and
"connection" was used unconditionally.
* systemd-logind now always obeys inhibitor locks, where previously it
ignored locks taken by the caller or when the caller was root. A
privileged caller can always close the other sessions, remove the
inhibitor locks, or use --force or --check-inhibitors=no to ignore the
inhibitors. This change thus doesn't affect security, since everything
that was possible before at a given privilege level is still possible,
but it should make the inhibitor logic easier to use and understand,
and also help avoiding accidental reboots and shutdowns. New 'delay-weak'
and 'block-weak' inhibitor modes were added, if taken they will make
the inhibitor lock work as in the previous versions. Inhibitor locks
can also be taken by remote users (subject to polkit policy).
* systemd-nspawn will now mount the unified cgroup hierarchy into a
container if no systemd installation is found in a container's root
filesystem. $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0 can be used to override
this behavior.
* D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() becomes
deprecated (reach out if you have use cases).
libsystemd:
* New sd-json component is now available as part of libsystemd. The
goal of the library is to allow structures to be conveniently
created in C code and serialized to JSON, and for JSON to
conveniently deserialized into in-memory structures, using callbacks
to handle specific keys. Various data types like integers, floats,
booleans, strings, UUIDs, hex-encoded strings, and arrays are
supported natively.
Service and system management:
* Environment variable $REMOTE_ADDR is now set when using socket
activation for AF_UNIX sockets.
* Multipath TCP (MPTCP) is now supported as a socket protocol.
* New crypttab options fido2-pin=, fido2-up=, fido2-uv= can be used to
enable/disable the PIN query, User Presence check, and User
Verification.
* New crypttab option password-cache=yes|no|read-only can be used to
customize password caching.
* New fstab option x-systemd.wants= creates "Wants" dependencies.
(This is similar to the previously available x-systemd.requires=.)
* The initialization of the system clock during boot and updates has
been simplified: either pid1 or systemd-timesyncd will pick the
latest time as indicated by the compiled-in epoch,
/usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
systemd(1) for an detailed updated description.
* Ctrl-Alt-Delete is re-enabled during late shutdown, so that the user
can still initiate a reboot if the system freezes.
* Unit option PrivateUsers=identity can be used to request a user
namespace with an identity mapping for the first 65536 UIDs/GIDs.
This is analogous to the systemd-nspawn's --private-users=identity.
* Unit option PrivateTmp=disconnected can be used to specify that a
separate tmpfs instance should be used for /tmp/ and /var/tmp/ for
the unit.
* A new sleep.conf HibernateOnACPower= option has been added, which
when disabled would suppress hibernation in suspend-then-hibernate
mode until the system is disconnected from a power source.
* udev rules now set 'uaccess' for /dev/udmabuf, giving locally
logged-in users access to the hardware. This is necessary to support
IPMI cameras with libcamera.
* New RELEASE_TYPE= and EXPERIMENT= fields are documented for the
os-release file. For example, "RELEASE_TYPE=development|stable|lts"
can be used to indicate various stages of the release life cycle,
and "RELEASE_TYPE=experimental" can indicate experimental builds,
with the EXPERIMENT= field providing a human-readable description of
the nature of the experiment.
* The manager (and various other tools too) use pidfds in more places
to refer to processes.
* A bunch of patches to ease building against musl have been merged.
* A build option -D link-executor-shared=false can be used to build
the systemd-executor binary (added in the previous release) in a way
where it does not link to shared libsystemd-shared-….so library.
PID1 holds a reference to the executor binary that was on disk when
the manager was started or restarted, but the shared libraries it is
linked to are not loaded until the executor binary needs to be used.
This partial static linking is a workaround for the issue where,
during upgrades, the old libsystemd-shared-….so may have already
been removed and the pinned executor binary will just fail to
execute.
systemd-logind:
* New DesignatedMaintenanceTime= configuration option allows
shutdowns to be automatically scheduled at the specified time.
* logind now reacts to Ctrl-Alt-Shift-Esc being pressed. It will send
out a org.freedesktop.login1.SecureAttentionKey signal, indicating a
request by the user for the system to display a secure login dialog.
The handling of SAK can be suppressed in logind configuration.
systemd-machined:
* Unprivileged clients are now allowed to register VMs and containers.
Machines started via the systemd-vmspawn@.service unit will now be
registered with systemd-machined.
systemd-resolved:
* resolvconf command now supports '-p' switch. If specified, the
interface will not be used as the default route.
* resolvectl now allows interactive polkit authorization. It gained a
--no-ask-password option to suppress it.
systemd-networkd and networkctl:
* IPv6 address labels can be configured in a new [IPv6AddressLabel]
section with Prefix= and Label= settings.
* 'networkctl edit' can now read the new contents from standard input
with the new --stdin option.
* 'networkctl edit' and 'cat' now supports editing .netdev files by
link. 'networkctl cat' can also list all configuration files
associated with an interface at once with ':all'.
* networkctl gained a --no-ask-password option to suppress interactive
polkit authorization.
systemd-boot, systemd-stub, and related tools:
* The EFI stub now supports loading of .ucode sections with microcode
from addons.
* A new .profile PE section type is now documented and supported in
systemd-measure, ukify, systemd-stub and systemd-boot. Those new
sections allow multiple "profiles" to be stored together in the UKI,
with .profile sections creating groupings of sections in the UKI,
allowing some sections to be shared and other sections like .cmdline
or .initrd unique to the profile.
* ukify gained an --extend switch to import an existing UKI to
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
The journal:
* journalctl can now list invocations of a unit with the
--list-invocation options and show logs for a specific invocation
with the new --invocation/-I option. (This is analogous to the
--list-boots/--boot/-b options.)
systemd-sysupdate and related tools:
* systemd-sysupdate can be run as system service, allowing
unprivileged clients to update the system via D-Bus calls.
A new updatectl command-line tool can be used to control the
service.
* systemd-sysupdate gained a new --offline option to force it to
operate locally. This is useful when listing locally installed
versions.
* systemd-sysupdate gained a new --transfer-source= option to set the
directory to which transfer sources configured with
PathRelativeTo=explicit will be interpreted.
Miscellaneous:
* systemctl now supports the --now option with the 'reenable' verb.
* systemd-analyze will now show the SMBIOS #11 vendor strings set for
the machine with a new 'smbios11' verb.
* systemd-analyze gained a new --instance= option that can be used to
provide an instance name to analyze multiple templates instantiated
with the same instance name.
* The 'tpm2' verb which lists usable TPM2 devices has been moved from
systemd-creds to systemd-analyze.
* varlinkctl gained a new verb 'list-methods' to show a list of
methods implemented by a service.
* varlinkctl gained a --quiet/-q option to suppress method call
replies.
* varlinkctl gained a --graceful= option to suppress specified Varlink
errors.
* varlinkctl gained a --timeout= option to limit how long the
invocation can take.
* varlinkctl allows remote invocations over ssh, via the new
"ssh-exec:" address specification. It'll make an ssh connection,
start the specified executable on the remote, and communicate with
the remote process using the Varlink protocol.
"ssh:" address specification has been renamed to "ssh-unix:".
(The old syntax is still supported for backwards compatibility.)
* bootctl gained a --random-seed=yes|no option to control provisioning
of the random seed file in ESP. (This is useful when producing an
image that will be used multiple times.)
* systemd-cryptenroll gained new options --fido2-salt-file= and
--fido2-parameters-in-header= to simplify manual enrollment of FIDO2
tokens.
* systemd-cryptenroll, systemd-repart, and systemd-storagetm gained a
new --list-devices option to list appropriate candidate block
devices.
* systemd-repart's CopyBlocks= directive can now use a char device as
source (in addition to previously supported regular files and block
devices).
* systemd-repart gained a new Compression= and CompressionLevel=
settings to enable internal compression in filesystems created
offline.
* systemd-repart understands a new MakeSymlinks= option to create one
or more symlinks (each specified as a symlink name and target).
* systemd-mount can now output JSON with a new --json= switch.
* A new generator sytemd-import-generator has been added to
synthetisize image download jobs. This provides functionality
similar to importctl, but configured via the kernel command line and
system credentials.
* systemd-inhibit now allows interactive polkit authorization. It
gained a --no-ask-password option to suppress it.
* systemd-id128 gained a new 'var-partition-uuid' verb to calculate
the DPS UUID for /var/ keyed by the local machine-id.
* locatectl gained a -l/--full option to show output without
ellipsization.
* 'busctl monitor' gained new options --num-matches= and --timeout=
to set the number of matches or limit the runtime of the command.
This is intended to be used in scripts.
* systemd-run can output some data as JSON via the new --json= option.
* timedatectl now supports interactive polkit authorization.
— <place>, <date>
CHANGES WITH 256:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for automatic flushing of the nscd user/group database caches
will be dropped in a future release.
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will refuse to boot under
it. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
only cgroup v2 ('unified' hierarchy) can be selected as build-time
default.
* Support for System V service scripts is deprecated and will be
removed in a future release. Please make sure to update your software
*now* to include a native systemd unit file instead of a legacy
System V script to retain compatibility with future systemd releases.
* Support for the SystemdOptions EFI variable is deprecated.
'bootctl systemd-efi-options' will emit a warning when used. It seems
that this feature is little-used and it is better to use alternative
approaches like credentials and confexts. The plan is to drop support
altogether at a later point, but this might be revisited based on
user feedback.
* systemd-run's switch --expand-environment= which currently is disabled
by default when combined with --scope, will be changed in a future
release to be enabled by default.
* Previously, systemd-networkd did not explicitly remove any bridge
VLAN IDs assigned on bridge master and ports. Since version 256, if a
.network file for an interface has at least one valid setting in the
[BridgeVLAN] section, then all assigned VLAN IDs on the interface
that are not configured in the .network file are removed.
* IPForward= setting in .network file is deprecated and replaced with
IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
supported both in .network file and networkd.conf. If specified in a
.network file, they control corresponding per-link settings. If
specified in networkd.conf, they control corresponding global
settings. Note, previously IPv6SendRA= and IPMasquerade= implied
IPForward=, but now they imply the new per-link settings. One of the
simplest ways to migrate configurations, that worked as a router with
the previous version, is enabling both IPv4Forwarding= and
IPv6Forwarding= in networkd.conf. See systemd.network(5) and
networkd.conf(5) for more details.
* systemd-gpt-auto-generator will stop generating units for ESP or
XBOOTLDR partitions if it finds mount entries for or below the /boot/
or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
from interfering with systems where the ESP is explicitly configured
to be mounted at some path, for example /boot/efi/ (this type of
setup is obsolete, but still commonly found).
* The behavior of systemd-sleep and systemd-homed has been updated to
freeze user sessions when entering the various sleep modes or when
locking a homed-managed home area. This is known to cause issues with
the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
drivers may want to add drop-in configuration files that set
SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false for systemd-suspend.service
and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
systemd-homed.service.
* systemd-tmpfiles and systemd-sysusers, when given a relative
configuration file path (with at least one directory separator '/'),
will open the file directly, instead of searching for the given
partial path in the standard locations. The old mode wasn't useful
because tmpfiles.d/ and sysusers.d/ configuration has a flat
structure with no subdirectories under the standard locations and
this change makes it easier to work with local files with those
tools.
* systemd-tmpfiles now properly applies nested configuration to 'R' and
'D' stanzas. For example, with the combination of 'R /foo' and 'x
/foo/bar', /foo/bar will now be excluded from removal.
* systemd.crash_reboot and related settings are deprecated in favor of
systemd.crash_action=.
* Stable releases for version v256 and newer will now be pushed in the
main repository. The systemd-stable repository will be used for existing
stable branches (v255-stable and lower), and when they reach EOL it will
be archived.
General Changes and New Features:
* Various programs will now attempt to load the main configuration file
from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
below /etc/. For example, systemd-logind will look for
/etc/systemd/logind.conf, /run/systemd/logind.conf,
/usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
and use the first file that is found. This means that the search
logic for the main config file and for drop-ins is now the same.
Similarly, kernel-install will look for the config files in
/usr/lib/kernel/ and the other search locations, and now also
supports drop-ins.
systemd-udevd now supports drop-ins for udev.conf.
* A new 'systemd-vpick' binary has been added. It implements the new
vpick protocol, where a "*.v/" directory may contain multiple files
which have versions (following the UAPI version format specification)
embedded in the file name. The files are ordered by version and
the newest one is selected.
systemd-nspawn --image=/--directory=, systemd-dissect,
systemd-portabled, and the RootDirectory=, RootImage=,
ExtensionImages=, and ExtensionDirectories= settings for units now
support the vpick protocol and allow the latest version to be
selected automatically if a "*.v/" directory is specified as the
source.
* Encrypted service credentials can now be made accessible to
unprivileged users. systemd-creds gained new options --user/--uid=
for encrypting/decrypting a credential for a specific user.
* New command-line tool 'importctl' to download, import, and export
disk images via systemd-importd is added with the following verbs:
pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
export-raw, list-transfers, and cancel-transfer. This functionality
was previously available in "machinectl", where it was used
exclusively for machine images. The new "importctl" generalizes this
for sysext, confext, and portable service images.
* The systemd sources may now be compiled cleanly with all OpenSSL 3.0
deprecations removed, including the OpenSSL engine logic turned off.
Service Management:
* New system manager setting ProtectSystem= has been added. It is
analogous to the unit setting, but applies to the whole system. It is
enabled by default in the initrd.
Note that this means that code executed in the initrd cannot naively
expect to be able to write to /usr/ during boot. This affects
dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.
* New unit setting WantsMountsFor= has been added. It is analogous to
RequiresMountsFor=, but creates a Wants= dependency instead of
Requires=. This new logic is now used in various places where mounts
were added as dependencies for other settings (WorkingDirectory=-…,
PrivateTmp=yes, cryptsetup lines with 'nofail').
* New unit setting MemoryZSwapWriteback= can be used to control the new
memory.zswap.writeback cgroup knob added in kernel 6.8.
* The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
D-Bus method to devolve some processes from a service into a new
scope. This new scope will remain running, even when the original
service unit is restarted or stopped. This allows a service unit to
split out some worker processes which need to continue running.
Control group properties of the new scope are copied from the
originating unit, so various limits are retained.
* Units now expose properties EffectiveMemoryMax=,
EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
most stringent limit systemd is aware of for the given unit.
* A new unit file specifier %D expands to $XDG_DATA_HOME (for user
services) or /usr/share/ (for system services).
* AllowedCPUs= now supports specifier expansion.
* What= setting in .mount and .swap units now accepts fstab-style
identifiers, for example UUID=… or LABEL=….
* RestrictNetworkInterfaces= now supports alternative network interface
names.
* PAMName= now implies SetLoginEnvironment=yes.
* systemd.firstboot=no can be used on the kernel command-line to
disable interactive queries, but allow other first boot configuration
to happen based on credentials.
* The system's hostname can be configured via the systemd.hostname
system credential.
* The systemd binary will no longer chainload sysvinit's "telinit"
binary when called under the init/telinit name on a system that isn't
booted with systemd. This previously has been supported to make sure
a distribution that has both init systems installed can reasonably
switch from one to the other via a simple reboot. Distributions
apparently have lost interest in this, and the functionality has not
been supported on the primary distribution this was still intended
for a long time, and hence has been removed now.
* A new concept called "capsules" has been introduced. "Capsules" wrap
additional per-user service managers, whose users are transient and
are only defined as long as the service manager is running. (This is
implemented via DynamicUser=1), allowing a user manager to be used to
manage a group of processes without needing to create an actual user
account. These service managers run with home directories of
/var/lib/capsules/<capsule-name> and can contain regular services and
other units. A capsule is started via a simple "systemctl start
capsule@<name>.service". See the capsule@.service(5) man page for
further details.
Various systemd tools (including, and most importantly, systemctl and
systemd-run) have been updated to interact with capsules via the new
"--capsule="/"-C" switch.
* .socket units gained a new setting PassFileDescriptorsToExec=, taking
a boolean value. If set to true the file descriptors the socket unit
encapsulates are passed to the ExecStartPost=, ExecStopPre=,
ExecStopPost= using the usual $LISTEN_FDS interface. This may be used
for doing additional initializations on the sockets once they are
allocated. (For example, to install an additional eBPF program on
them).
* The .socket setting MaxConnectionsPerSource= (which so far put a
limit on concurrent connections per IP in Accept=yes socket units),
now also has an effect on AF_UNIX sockets: it will put a limit on the
number of simultaneous connections from the same source UID (as
determined via SO_PEERCRED). This is useful for implementing IPC
services in a simple Accept=yes mode.
* The service manager will now maintain a counter of soft reboot cycles
the system went through. It may be queried via the D-Bus APIs.
* systemd's execution logic now supports the new pidfd_spawn() API
introduced by glibc 2.39, which allows us to invoke a subprocess in a
target cgroup and get a pidfd back in a single operation.
* systemd/PID 1 will now send an additional sd_notify() message to its
supervising VMM or container manager reporting the selected hostname
("X_SYSTEMD_HOSTNAME=") and machine ID ("X_SYSTEMD_MACHINE_ID=") at
boot. Moreover, the service manager will send additional sd_notify()
messages ("X_SYSTEMD_UNIT_ACTIVE=") whenever a target unit is
reached. This can be used by VMMs/container managers to schedule
access to the system precisely. For example, the moment a system
reports "ssh-access.target" being reached a VMM/container manager
knows it can now connect to the system via SSH. Finally, a new
sd_notify() message ("X_SYSTEMD_SIGNALS_LEVEL=2") is sent the moment
PID 1 has successfully completed installation of its various UNIX
process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
PID 1 will start to have the effect of shutting down the system
cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
down, and carries a string identifying the type of shutdown,
i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
sent at the same time and carries the string passed to "systemctl
--reboot-argument=" if there was one.
* New D-Bus properties ExecMainHandoffTimestamp and
ExecMainHandoffTimestampMonotonic are now published by services
units. This timestamp is taken as the very last operation before
handing off control to invoked binaries. This information is
available for other unit types that fork off processes (i.e. mount,
swap, socket units), but currently only via "systemd-analyze dump".
* An additional timestamp is now taken by the service manager when a
system shutdown operation is initiated. It can be queried via D-Bus
during the shutdown phase. It's passed to the following service
manager invocation on soft reboots, which will then use it to log the
overall "grey-out" time of the soft reboot operation, i.e. the time
when the shutdown began until the system is fully up again.
* "systemctl status" will now display the invocation ID in its usual
output, i.e. the 128bit ID uniquely assigned to the current runtime
cycle of the unit. The ID has been supported for a long time, but is
now more prominently displayed, as it is a very useful handle to a
specific invocation of a service.
* systemd now generates a new "taint" string "unmerged-bin" for systems
that have /usr/bin/ and /usr/sbin/ separate. It's generally
recommended to make the latter a symlink to the former these days.
* A new systemd.crash_action= kernel command line option has been added
that configures what to do after the system manager (PID 1) crashes.
This can also be configured through CrashAction= in systemd.conf.
* "systemctl kill" now supports --wait which will make the command wait
until the signalled services terminate.
Journal:
* systemd-journald can now forward journal entries to a socket
(AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
specified in journald.conf via a new option ForwardToSocket= or via
the 'journald.forward_to_socket' credential. Log records are sent in
the Journal Export Format. A related setting MaxLevelSocket= has been
added to control the maximum log levels for the messages sent to this
socket.
* systemd-journald now also reads the journal.storage credential when
determining where to store journal files.
* systemd-vmspawn gained a new --forward-journal= option to forward the
virtual machine's journal entries to the host. This is done over a
AF_VSOCK socket, i.e. it does not require networking in the guest.
* journalctl gained option '-i' as a shortcut for --file=.
* journalctl gained a new -T/--exclude-identifier= option to filter
out certain syslog identifiers.
* journalctl gained a new --list-namespaces option.
* systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
(so it can be used to receive entries forwarded by systemd-journald).
* systemd-journal-gatewayd allows restricting the time range of
retrieved entries with a new "realtime=[<since>]:[<until>]" URL
parameter.
* systemd-cat gained a new option --namespace= to specify the target
journal namespace to which the output shall be connected.
* systemd-bsod gained a new option --tty= to specify the output TTY
Device Management:
* /dev/ now contains symlinks that combine by-path and by-{label,uuid}
information:
/dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>
This allows distinguishing partitions with identical contents on
multiple storage devices. This is useful, for example, when copying
raw disk contents between devices.
* systemd-udevd now creates persistent /dev/media/by-path/ symlinks for
media controllers. For example, the uvcvideo driver may create
/dev/media0 which will be linked as
/dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.
* A new unit systemd-udev-load-credentials.service has been added
to pick up udev.conf drop-ins and udev rules from credentials.
* 'udevadm test' and 'udevadm test-builtin' commands now do not change
any settings; sysfs attributes, sysctls, udev database and so on.
E.g. 'udevadm test-builtin net_setup_link /sys/class/net/INTERFACE'
does not change any interface settings, but only prints which .link
file matches the interface. So, even privileged users can safely
invoke the commands.
* An allowlist/denylist may be specified to filter which sysfs
attributes are used when crafting network interface names. Those
lists are stored as hwdb entries
ID_NET_NAME_ALLOW_<sysfsattr>=0|1
and
ID_NET_NAME_ALLOW=0|1.
The goal is to avoid unexpected changes to interface names when the
kernel is updated and new sysfs attributes become visible.
* A new unit tpm2.target has been added to provide a synchronization
point for units which expect the TPM hardware to be available. A new
generator "systemd-tpm2-generator" has been added that will insert
this target whenever it detects that the firmware has initialized a
TPM, but Linux hasn't loaded a driver for it yet.
* systemd-backlight now properly supports numbered devices which the
kernel creates to avoid collisions in the leds subsystem.
* systemd-hwdb update operation can be disabled with a new environment
variable SYSTEMD_HWDB_UPDATE_BYPASS=1.
systemd-hostnamed:
* systemd-hostnamed now exposes the machine ID and boot ID via
D-Bus. It also exposes the hosts AF_VSOCK CID, if available.
* systemd-hostnamed now provides a basic Varlink interface.
* systemd-hostnamed exports the full data in os-release(5) and
machine-info(5) via D-Bus and Varlink.
* hostnamectl now shows the system's product UUID and hardware serial
number if known.
Network Management:
* systemd-networkd now provides a basic Varlink interface.
* systemd-networkd's ARP proxy support gained a new option to configure
a private VLAN variant of the proxy ARP supported by the kernel under
the name IPv4ProxyARPPrivateVLAN=.
* systemd-networkd now exports the NamespaceId and NamespaceNSID
properties via D-Bus and Varlink. (which expose the inode and NSID of
the network namespace the networkd instance manages)
* systemd-networkd now supports IPv6RetransmissionTimeSec= and
UseRetransmissionTime= settings in .network files to configure
retransmission time for IPv6 neighbor solicitation messages.
* networkctl gained new verbs 'mask' and 'unmask' for masking networkd
configuration files such as .network files.
* 'networkctl edit --runtime' allows editing volatile configuration
under /run/systemd/network/.
* The implementation behind TTLPropagate= network setting has been
removed and the setting is now ignored.
* systemd-network-generator will now pick up .netdev/.link/.network/
networkd.conf configuration from system credentials.
* systemd-networkd will now pick up wireguard secrets from
credentials.
* systemd-networkd's Varlink API now supports enumerating LLDP peers.
* .link files now support new Property=, ImportProperty=,
UnsetProperty= fields for setting udev properties on a link.
* The various .link files that systemd ships for interfaces that are
supposed to be managed by systemd-networkd only now carry a
ID_NET_MANAGED_BY=io.systemd.Network udev property ensuring that
other network management solutions honouring this udev property do
not come into conflict with networkd, trying to manage these
interfaces.
* .link files now support a new ReceivePacketSteeringCPUMask= setting
for configuring which CPUs to steer incoming packets to.
* The [Network] section in .network files gained a new setting
UseDomains=, which is a single generic knob for controlling the
settings of the same name in the [DHCPv4], [DHCPv6] and
[IPv6AcceptRA].
* The 99-default.link file we ship by default (that defines the policy
for all network devices to which no other .link file applies) now
lists "mac" among AlternativeNamesPolicy=. This means that network
interfaces will now by default gain an additional MAC-address based
alternative device name. (i.e. enx…)
systemd-nspawn:
* systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
directory where the container payload can expose AF_UNIX sockets to
allow them to be accessed from outside.
* systemd-nspawn will tint the terminal background for containers in a
blueish color. This can be controller with the new --background=
switch or the new $SYSTEMD_TINT_BACKGROUND environment variable.
* systemd-nspawn gained support for the 'owneridmap' option for --bind=
mounts to map the target directory owner from inside the container to
the owner of the directory bound from the host filesystem.
* systemd-nspawn now supports moving Wi-Fi network devices into a
container, just like other network interfaces.
systemd-resolved:
* systemd-resolved now reads RFC 8914 EDE error codes provided by
upstream DNS services.
* systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
records, as well as RFC 2915 NAPTR records.
* resolvectl gained a new option --relax-single-label= to allow
querying single-label hostnames via unicast DNS on a per-query basis.
* systemd-resolved's Varlink IPC interface now supports resolving
DNS-SD services as well as an API for resolving raw DNS RRs.
* systemd-resolved's .dnssd DNS_SD service description files now
support DNS-SD "subtypes" via the new SubType= setting.
* systemd-resolved's configuration may now be reloaded without
restarting the service. (i.e. "systemctl reload systemd-resolved" is
now supported)
SSH Integration:
* An sshd_config drop-in to allow ssh keys acquired via userdbctl (for
example expose by homed accounts) to be used for authorization of
incoming SSH connections. This uses the AuthorizedKeysCommand stanza
of sshd_config. Note that sshd only allows a single command to be
configured this way, hence this drop-in might conflict with other
uses of the logic. It is possible to chainload another, similar tool
of another subsystem via the --chain switch of userdbctl, to support
both in parallel. See the "INTEGRATION WITH SSH" section in
userdbctl(1) for details on this. Our recommendation how to combine
other subsystem's use of the SSH authorized keys logic with systemd's
userbctl functionality however is to implement the APIs described
here: https://systemd.io/USER_GROUP_API – in that case this newly
added sshd_config integration would just work and do the right thing
for all backends.
* A small new unit generator "systemd-ssh-generator" has been added. It
checks if the sshd binary is installed. If so, it binds it via
per-connection socket activation to various sockets depending on the
execution context:
• If the system is run in a VM providing AF_VSOCK support, it
automatically binds sshd to AF_VSOCK port 22.
• If the system is invoked as a full-OS container and the container
manager pre-mounts a directory /run/host/unix-export/, it will
bind sshd to an AF_UNIX socket /run/host/unix-export/ssh. The
idea is the container manager bind mounts the directory to an
appropriate place on the host as well, so that the AF_UNIX socket
may be used to easily connect from the host to the container.
• sshd is also bound to an AF_UNIX socket
/run/ssh-unix-local/socket, which may be to use ssh/sftp in a
"sudo"-like fashion to access resources of other local users.
• Via the kernel command line option "systemd.ssh_listen=" and the
system credential "ssh.listen" sshd may be bound to additional,
explicitly configured options, including AF_INET/AF_INET6 ports.
In particular the first two mechanisms should make dealing with local
VMs and full OS containers a lot easier, as SSH connections will
*just* *work* from the host – even if no networking is available
whatsoever.
systemd-ssh-generator optionally generates a per-connection
socket activation service file wrapping sshd. This is only done if
the distribution does not provide one on its own under the name
"sshd@.service". The generated unit only works correctly if the SSH
privilege separation ("privsep") directory exists. Unfortunately
distributions vary wildly where they place this directory. An
incomprehensive list:
• /usr/share/empty.sshd/ (new fedora)
• /var/empty/
• /var/empty/sshd/
• /run/sshd/ (debian/ubuntu?)
If the SSH privsep directory is placed below /var/ or /run/ care
needs to be taken that the directory is created automatically at boot
if needed, since these directories possibly or always come up
empty. This can be done via a tmpfiles.d/ drop-in. You may use the
"sshdprivsepdir" meson option provided by systemd to configure the
directory, in case you want systemd to create the directory as needed
automatically, if your distribution does not cover this natively.
Recommendations to distributions, in order to make things just work:
• Please provide a per-connection SSH service file under the name
"sshd@.service".
• Please move the SSH privsep dir into /usr/ (so that it is truly
immutable on image-based operating systems, is strictly under
package manager control, and never requires recreation if the
system boots up with an empty /run/ or /var/).
• As an extension of this: please consider following Fedora's lead
here, and use /usr/share/empty.sshd/ to minimize needless
differences between distributions.
• If your distribution insists on placing the directory in /var/ or
/run/ then please at least provide a tmpfiles.d/ drop-in to
recreate it automatically at boot, so that the sshd binary just
works, regardless in which context it is called.
* A small tool "systemd-ssh-proxy" has been added, which is supposed to
act as counterpart to "systemd-ssh-generator". It's a small plug-in
for the SSH client (via ProxyCommand/ProxyUseFdpass) to allow it to
connect to AF_VSOCK or AF_UNIX sockets. Example: "ssh vsock/4711"
connects to a local VM with cid 4711, or "ssh
unix/run/ssh-unix-local/socket" to connect to the local host via the
AF_UNIX socket /run/ssh-unix-local/socket.
systemd-boot and systemd-stub and Related Tools:
* TPM 1.2 PCR measurement support has been removed from systemd-stub.
TPM 1.2 is obsolete and – due to the (by today's standards) weak
cryptographic algorithms it only supports – does not actually provide
the security benefits it's supposed to provide. Given that the rest
of systemd's codebase never supported TPM 1.2, the support has now
been removed from systemd-stub as well.
* systemd-stub will now measure its payload via the new EFI
Confidential Computing APIs (CC), in addition to the pre-existing
measurements to TPM.
* confexts are loaded by systemd-stub from the ESP as well.
* kernel-install gained support for --root= for the 'list' verb.
* bootctl now provides a basic Varlink interface and can be run as a
daemon via a template unit.
* systemd-measure gained new options --certificate=, --private-key=,
and --private-key-source= to allow using OpenSSL's "engines" or
"providers" as the signing mechanism to use when creating signed
TPM2 PCR measurement values.
* ukify gained support for signing of PCR signatures via OpenSSL's
engines and providers.
* ukify now supports zboot kernels.
* systemd-boot now supports passing additional kernel command line
switches to invoked kernels via an SMBIOS Type #11 string
"io.systemd.boot.kernel-cmdline-extra". This is similar to the
pre-existing support for this in systemd-stub, but also applies to
Type #1 Boot Loader Specification Entries.
* systemd-boot's automatic SecureBoot enrollment support gained support
for enrolling "dbx" too (Previously, only db/KEK/PK enrollment was
supported). It also now supports UEFI "Custom" and "Audit" modes.
* The pcrlock policy is saved in an unencrypted credential file
"pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
/loader/credentials/ directory. It will be picked up at boot by
systemd-stub and passed to the initrd, where it can be used to unlock
the root file system.
* systemd-pcrlock gained an --entry-token= option to configure the
entry-token.
* systemd-pcrlock now provides a basic Varlink interface and can be run
as a daemon via a template unit.
* systemd-pcrlock's TPM nvindex access policy has been modified, this
means that previous pcrlock policies stored in nvindexes are
invalidated. They must be removed (systemd-pcrlock remove-policy) and
recreated (systemd-pcrlock make-policy). For the time being
systemd-pcrlock remains an experimental feature, but it is expected
to become stable in the next release, i.e. v257.
* systemd-pcrlock's --recovery-pin= switch now takes three values:
"hide", "show", "query". If "show" is selected the automatically
generated recovery PIN is shown to the user. If "query" is selected
then the PIN is queried from the user.
* sd-stub gained support for the new ".ucode" PE section in UKIs, that
may contain CPU microcode data. When control is handed over to the
Linux kernel this data is prepended to the set of initrds passed.
systemd-run/run0:
* systemd-run is now a multi-call binary. When invoked as 'run0', it
provides as interface similar to 'sudo', with all arguments starting
at the first non-option parameter being treated the command to invoke
as root. Unlike 'sudo' and similar tools, it does not make use of
setuid binaries or other privilege escalation methods, but instead
runs the specified command as a transient unit, which is started by
the system service manager, so privileges are dropped, rather than
gained, thus implementing a much more robust and safe security
model. As usual, authorization is managed via Polkit.
* systemd-run/run0 will now tint the terminal background on supported
terminals: in a reddish tone when invoking a root service, in a
yellowish tone otherwise. This may be controlled and turned off via
the new --background= switch or the new $SYSTEMD_TINT_BACKGROUND
environment variable.
* systemd-run gained a new option '--ignore-failure' to suppress
command failures.
Command-line tools:
* 'systemctl edit --stdin' allows creation of unit files and drop-ins
with contents supplied via standard input. This is useful when creating
configuration programmatically; the tool takes care of figuring out
the file name, creating any directories, and reloading the manager
afterwards.
* 'systemctl disable --now' and 'systemctl mask --now' now work
correctly with template units.
* 'systemd-analyze architectures' lists known CPU architectures.
* 'systemd-analyze --json=…' is supported for 'architectures',
'capability', 'exit-status'.
* 'systemd-tmpfiles --purge' will purge (remove) all files and
directories created via tmpfiles.d configuration.
* systemd-id128 gained new options --no-pager, --no-legend, and
-j/--json=.
* hostnamectl gained '-j' as shortcut for '--json=pretty' or
'--json=short'.
* loginctl now supports -j/--json=.
* resolvectl now supports -j/--json= for --type=.