On Thu, Jul 3, 2014 at 10:59 PM, Lennart Poettering <lenn...@poettering.net> wrote: > Heya! > > A lot of work to make factory reset, stateless systems and disconnected > updates working. A lot of networkd love (dhcp4 server!) and coredumpctl > is now finally really really useful. > > http://www.freedesktop.org/software/systemd/systemd-215.tar.xz > > Enjoy! > > CHANGES WITH 215: > > * A new tool systemd-sysusers has been added. This tool > creates system users and groups in /etc/passwd and > /etc/group, based on static declarative system user/group > definitions in /usr/lib/sysusers.d/. This is useful to > enable factory resets and volatile systems that boot up with > an empty /etc directory, and thus need system users and > groups created during early boot. systemd now also ships > with two default sysusers.d/ files for the most basic > users and groups systemd and the core operating system > require. > > * A new tmpfiles snippet has been added that rebuilds the > essential files in /etc on boot, should they be missing. > > * A directive for ensuring automatic clean-up of > /var/cache/man/ has been removed from the default > configuration. This line should now be shipped by the man > implementation. The necessary change has been made to the > man-db implementation. Note that you need to update your man > implementation to one that ships this line, otherwise no > automatic clean-up of /var/cache/man will take place. > > * A new condition ConditionNeedsUpdate= has been added that > may conditionalize services to only run when /etc or /var > are "older" than the vendor operating system resources in > /usr. This is useful for reconstructing or updating /etc > after an offline update of /usr or a factory reset, on the > next reboot. Services that want to run once after such an > update or reset should use this condition and order > themselves before the new systemd-update-done.service, which > will mark the two directories as fully updated. A number of > service files have been added making use of this, to rebuild > the udev hardware database, the journald message catalog and > dynamic loader cache (ldconfig). The systemd-sysusers tool > described above also makes use of this now. With this in > place it is now possible to start up a minimal operating > system with /etc empty cleanly. For more information on the > concepts involved see this recent blog story: > > http://0pointer.de/blog/projects/stateless.html > > * A new system group "input" has been introduced, and all > input device nodes get this group assigned. This is useful > for system-level software to get access to input devices. It > complements what is already done for "audio" and "video". > > * systemd-networkd learnt minimal DHCPv4 server support in > addition to the existing DHCPv4 client support. It also > learnt DHCPv6 client and IPv6 Router Solicitation client > support. The DHCPv4 client gained support for static routes > passed in from the server. Note that the [DHCPv4] section > known in older systemd-networkd versions has been renamed to > [DHCP] and is now also used by the DHCPv6 client. Existing > .network files using settings of this section should be > updated, though compatibility is maintained. Optionally, the > client hostname may now be sent to the DHCP server. > > * networkd gained support for vxlan virtual networks as well > as tun/tap and dummy devices. > > * networkd gained support for automatic allocation of address > ranges for interfaces from a system-wide pool of > addresses. This is useful for dynamically managing a large > number of interfaces with a single network configuration > file. In particular this is useful to easily assign > appropriate IP addresses to the veth links of a large number > of nspawn instances. > > * RPM macros for processing sysusers, sysctl and binfmt > drop-in snippets at package installation time have been > added. > > * The /etc/os-release file should now be placed in > /usr/lib/os-release. The old location is automatically > created as symlink. /usr/lib is the more appropriate > location of this file, since it shall actually describe the > vendor operating system shipped in /usr, and not the > configuration stored in /etc. > > * .mount units gained a new boolean SloppyOptions= setting > that maps to mount(8)'s -s option which enables permissive > parsing of unknown mount options. > > * tmpfiles learnt a new "L+" directive which creates a symlink > but (unlike "L") deletes a pre-existing file first, should > it already exist and not already be the correct > symlink. Similar, "b+", "c+" and "p+" directives have been > added as well, which create block and character devices, as > well as fifos in the filesystem, possibly removing any > pre-existing files of different types. > > * For tmpfiles' "L", "L+", "C" and "C+" directives the final > 'argument' field (which so far specified the source to > symlink/copy the files from) is now optional. If omitted the > same file os copied from /usr/share/factory/ suffixed by the > full destination path. This is useful for populating /etc > with essential files, by copying them from vendor defaults > shipped in /usr/share/factory/etc. > > * A new command "systemctl preset-all" has been added that > applies the service preset settings to all installed unit > files. A new switch --preset-mode= has been added that > controls whether only enable or only disable operations > shall be executed. > > * A new command "systemctl is-system-running" has been added > that allows checking the overall state of the system, for > example whether it is fully up and running. > > * When the system boots up with an empty /etc, the equivalent > to "systemctl preset-all" is executed during early boot, to > make sure all default services are enabled after a factory > reset. > > * systemd now contains a minimal preset file that enables the > most basic services systemd ships by default. > > * Unit files' [Install] section gained a new DefaultInstance= > field for defining the default instance to create if a > template unit is enabled with no instance specified. > > * A new passive target cryptsetup-pre.target has been added > that may be used by services that need to make they run and > finish before the first LUKS cryptographic device is set up. > > * The /dev/loop-control and /dev/btrfs-control device nodes > are now owned by the "disk" group by default, opening up > access to this group. > > * systemd-coredump will now automatically generate a > stack trace of all core dumps taking place on the system, > based on elfutils' libdw library. This stack trace is logged > to the journal. > > * systemd-coredump may now optionally store coredumps directly > on disk (in /var/lib/systemd/coredump, possibly compressed), > instead of storing them unconditionally in the journal. This > mode is the new default. A new configuration file > /etc/systemd/coredump.conf has been added to configure this > and other parameters of systemd-coredump.
Are there any thoughts about natively sending coredumps over network? I guess it is possible now by mounting /var/lib/systemd/coredump to a network drive but dumps occuring before network is up need to be transferred too. Capacity of an embedded product might not be enough to store multiple dumps. Umut > > * coredumpctl gained a new "info" verb to show details about a > specific coredump. A new switch "-1" has also been added > that makes sure to only show information about the most > recent entry instead of all entries. Also, as the tool is > generally useful now the "systemd-" prefix of the binary > name has been removed. Distributions that want to maintain > compatibility with the old name should add a symlink from > the old name to the new name. > > * journald's SplitMode= now defaults to "uid". This makes sure > that unprivileged users can access their own coredumps with > coredumpctl without restrictions. > > * New kernel command line options "systemd.wants=" (for > pulling an additional unit during boot), "systemd.mask=" > (for masking a specific unit for the boot), and > "systemd.debug-shell" (for enabling the debug shell on tty9) > have been added. This is implemented in the new generator > "systemd-debug-generator". > > * systemd-nspawn will now by default filter a couple of > syscalls for containers, among them those required for > kernel module loading, direct x86 IO port access, swap > management, and kexec. Most importantly though > open_by_handle_at() is now prohibited for containers, > closing a hole similar to a recently discussed vulnerability > in docker regarding access to files on file hierarchies the > container should normally not have access to. Note that for > nspawn we generally make no security claims anyway (and > this is explicitly documented in the man page), so this is > just a fix for one of the most obvious problems. > > * A new man page file-hierarchy(7) has been added that > contains a minimized, modernized version of the file system > layout systemd expects, similar in style to the FHS > specification or hier(5). A new tool systemd-path(1) has > been added to query many of these paths for the local > machine and user. > > * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no > longer done. Since the directory now has a per-user size > limit, and is cleaned on logout this appears unnecessary, > in particular since this now brings the lifecycle of this > directory closer in line with how IPC objects are handled. > > * systemd.pc now exports a number of additional directories, > including $libdir (which is useful to identify the library > path for the primary architecture of the system), and a > couple of drop-in directories. > > * udev's predictable network interface names now use the dev_port > sysfs attribute, introduced in linux 3.15 instead of dev_id to > distinguish between ports of the same PCI function. dev_id should > only be used for ports using the same HW address, hence the need > for dev_port. > > * machined has been updated to export the OS version of a > container (read from /etc/os-release and > /usr/lib/os-release) on the bus. This is now shown in > "machinectl status" for a machine. > > * A new service setting RestartForceExitStatus= has been > added. If configured to a set of exit signals or process > return values, the service will be restarted when the main > daemon process exits with any of them, regardless of the > Restart= setting. > > * systemctl's -H switch for connecting to remote systemd > machines has been extended so that it may be used to > directly connect to a specific container on the > host. "systemctl -H root@foobar:waldi" will now connect as > user "root" to host "foobar", and then proceed directly to > the container named "waldi". Note that currently you have to > authenticate as user "root" for this to work, as entering > containers is a privileged operation. > > Contributions from: Andreas Henriksson, Benjamin Steinwender, > Carl Schaefer, Christian Hesse, Colin Ian King, Cristian > Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene > Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo > Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart > Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine > Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, > Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le > Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, > Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe > Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar > Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek > > -- Berlin, 2014-07-03 > > Lennart > > -- > Lennart Poettering, Red Hat > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel