#4554: systemd-244
--------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: task | Status: assigned
Priority: normal | Milestone: 9.1
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Comment (by renodr):
{{{
CHANGES WITH 244:
* Support for the cpuset cgroups v2 controller has been added.
Processes may be restricted to specific CPUs using the new
AllowedCPUs= setting, and to specific memory NUMA nodes using
the new
AllowedMemoryNodes= setting.
* The signal used in restart jobs (as opposed to e.g. stop jobs)
may
now be configured using a new RestartKillSignal= setting. This
allows units which signals to request termination to implement
different behaviour when stopping in preparation for a restart.
* "systemctl clean" may now be used also for socket, mount, and
swap
units.
* systemd will also read configuration options from the EFI
variable
SystemdOptions. This may be used to configure systemd behaviour
when
modifying the kernel command line is inconvenient, but
configuration
on disk is read too late, for example for the options related to
cgroup hierarchy setup. 'bootctl systemd-efi-options' may be
used to
set the EFI variable.
* systemd will now disable printk ratelimits in early boot. This
should
allow us to capture more logs from the early boot phase where
normal
storage is not available and the kernel ring buffer is used for
logging. Configuration on the kernel command line has higher
priority
and overrides the systemd setting.
systemd programs which log to /dev/kmsg directly use internal
ratelimits to prevent runaway logging. (Normally this is only
used
during early boot, so in practice this change has very little
effect.)
* Unit files now support top level dropin directories of the form
<unit_type>.d/ (e.g. service.d/) that may be used to add
configuration
that affects all corresponding unit files.
* systemctl gained support for 'stop --job-mode=triggering' which
will
stop the specified unit and any units which could trigger it.
* Unit status display now includes units triggering and triggered
by
the unit being shown.
* The RuntimeMaxSec= setting is now supported by scopes, not just
.service units. This is particularly useful for PAM sessions
which
create a scope unit for the user login. systemd.runtime_max_sec=
setting may used with the pam_systemd module to limit the
duration
of the PAM session, for example for time-limited logins.
* A new @pkey system call group is now defined to make it easier
to
whitelist memory protection syscalls for containers and services
which need to use them.
* systemd-udevd: removed the 30s timeout for killing stale workers
on
exit. systemd-udevd now waits for workers to finish. The hard-
coded
exit timeout of 30s was too short for some large installations,
where
driver initialization could be prematurely interrupted during
initrd
processing if the root file system had been mounted and init was
preparing to switch root. If udevd is run without systemd and
workers
are hanging while udevd receives an exit signal, udevd will now
exit
when udev.event_timeout is reached for the last hanging worker.
With
systemd, the exit timeout can additionally be configured using
TimeoutStopSec= in systemd-udevd.service.
* udev now provides a program (fido_id) that identifies FIDO CTAP1
("U2F")/CTAP2 security tokens based on the usage declared in
their
report and descriptor and outputs suitable environment
variables.
This replaces the externally maintained whitelists of all known
security tokens that were used previously.
* Automatically generated autosuspend udev rules for whitelisted
devices have been imported from the Chromium OS project. This
should
improve power saving with many more devices.
* udev gained a new "CONST{key}=value" setting that allows
matching
against system-wide constants without forking a helper binary.
Currently "arch" and "virt" keys are supported.
* udev now opens CDROMs in non-exclusive mode when querying their
capabilities. This should fix issues where other programs trying
to
use the CDROM cannot gain access to it, but carries a risk of
interfering with programs writing to the disk, if they did not
open
the device in exclusive mode as they should.
* systemd-networkd does not create a default route for IPv4 link
local
addressing anymore. The creation of the route was unexpected and
was
breaking routing in various cases, but people who rely on it
being
created implicitly will need to adjust. Such a route may be
requested
with DefaultRouteOnDevice=yes.
Similarly, systemd-networkd will not assign a link-local IPv6
address
when IPv6 link-local routing is not enabled.
* Receive and transmit buffers may now be configured on links with
the new RxBufferSize= and TxBufferSize= settings.
* systemd-networkd may now advertise additional IPv6 routes. A new
[IPv6RoutePrefix] section with Route= and LifetimeSec= options
is
now supported.
* systemd-networkd may now configure "next hop" routes using the
[NextHop] section and Gateway= and Id= settings.
* systemd-networkd will now retain DHCP config on restarts by
default
(but this may be overridden using the KeepConfiguration=
setting).
The default for SendRelease= has been changed to true.
* The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME
option
received from the server.
The client will use the received SIP server list if UseSIP=yes
is
set.
The client may be configured to request specific options from
the
server using a new RequestOptions= setting.
The client may be configured to send arbitrary options to the
server
using a new SendOption= setting.
A new IPServiceType= setting has been added to configure the "IP
service type" value used by the client.
* The DHCPv6 client learnt a new PrefixDelegationHint= option to
request prefix hints in the DHCPv6 solicitation.
* The DHCPv4 server may be configured to send arbitrary options
using
a new SendOption= setting.
* The DHCPv4 server may now be configured to emit SIP server list
using
the new EmitSIP= and SIP= settings.
* systemd-networkd and networkctl may now renew DHCP leases on
demand.
networkctl has a new 'networkctl renew' verb.
* systemd-networkd may now reconfigure links on demand. networkctl
gained two new verbs: "reload" will reload the configuration,
and
"reconfigure DEVICE…" will reconfigure one or more devices.
* .network files may now match on SSID and BSSID of a wireless
network,
i.e. the access point name and hardware address using the new
SSID=
and BSSID= options. networkctl will display the current SSID and
BSSID for wireless links.
.network files may also match on the wireless network type using
the
new WLANInterfaceType= option.
* systemd-networkd now includes default configuration that enables
link-local addressing when connected to an ad-hoc wireless
network.
* systemd-networkd may configure the Traffic Control queueing
disciplines in the kernel using the new
[TrafficControlQueueingDiscipline] section and Parent=,
NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
NetworkEmulatorDuplicateRate= settings.
* systemd-tmpfiles gained a new w+ setting to append to files.
* systemd-analyze dump will now report when the memory
configuration in
the kernel does not match what systemd has configured (usually,
because some external program has modified the kernel
configuration
on its own).
* systemd-analyze gained a new --base-time= switch instructs the
'calendar' verb to resolve times relative to that timestamp
instead
of the present time.
* journalctl --update-catalog now produces deterministic output
(making
reproducible image builds easier).
* A new devicetree-overlay setting is now documented in the Boot
Loader
Specification.
* The default value of the WatchdogSec= setting used in systemd
services (the ones bundled with the project itself) may be set
at
configuration time using the -Dservice-watchdog= setting. If set
to
empty, the watchdogs will be disabled.
* systemd-resolved validates IP addresses in certificates now when
GnuTLS
is being used.
* libcryptsetup >= 2.0.1 is now required.
* A configuration option -Duser-path= may be used to override the
$PATH
used by the user service manager. The default is again to use
the same
path as the system manager.
* The systemd-id128 tool gained a new switch "-u" (or "--uuid")
for
outputting the 128bit IDs in UUID format (i.e. in the "canonical
representation").
* Service units gained a new sandboxing option ProtectKernelLogs=
which
makes sure the program cannot get direct access to the kernel
log
buffer anymore, i.e. the syslog() system call (not to be
confused
with the API of the same name in libc, which is not affected),
the
/proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are
made
inaccessible to the service. It's recommended to enable this
setting
for all services that should not be able to read from or write
to the
kernel log buffer, which are probably almost all.
Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint
Reczey,
Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert,
Carlo
Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel
Edgecumbe,
Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet,
Donald
A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe
Brandenburger,
Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B.
Guðmundsson,
Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng
Feng,
Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew,
Mario
Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck,
matthiasroos,
Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev,
Nicolas
Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul
Menzel,
Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael
Fontenelle,
Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott,
Ryan
Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve
Ramage,
Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu
Watanabe,
Zach Smith, Zbigniew Jędrzejewski-Szmek
– Warsaw, 2019-11-29
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4554#comment:2>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
