systemd System and Service Manager
+CHANGES WITH 249 in spe:
+
+ * When operating on disk images via the --image= switch of various
+ tools (such as systemd-nspawn or systemd-dissect), and multiple
+ suitable root or /usr/ partitions exist in the image, then a simple
+ comparison inspired by strverscmp() is done on the GPT partition
+ label, and the newest partition is picked. This permits a simple and
+ generic whole-file-system A/B update logic where new operating system
+ versions are dropped into partitions whose label is then updated with
+ a matching version identifier.
+
+ * systemd-sysusers now supports querying the passwords to set for the
+ users it creates via the "credentials" logic introduced in v247: the
+ passwd.hashed-password.<user> and passwd.plaintext-password.<user>
+ credentials are consulted for the password to use (either in UNIX
+ hashed form, or literally). By default these credentials are inherited
+ down from PID1 (which in turn imports it from a container manager if
+ there is one). This permits easy configuration of user passwords
+ during first boot. Example:
+
+ # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
+
+ Note that systemd-sysusers operates in purely additive mode: it
+ executes no operation if the declared users already exist, and hence
+ doesn't set any passwords as effect of the command line above if the
+ specified root user exists already in the image. (Note that
+ --volatile=yes ensures it doesn't, though.)
+
+ * systemd-firstboot now also supports querying various system
+ parameters via the credential subsystems. Thus, as above this may be
+ used to initialize important system parameters on first boot of
+ previously unprovisioned images (i.e. images with a mostly empty
+ /etc/).
+
+ * Services gained a new ExitType= setting which can configure how to
+ determine when a service exited: the default is "main" which defines
+ the runtime by the service's main process lifetime (this matches the
+ only behaviour implemented in v248 and before), but with "cgroup" the
+ runtime is defined by the existence of any process in the service's
+ cgroup.
+
+ * The systemd-machine-id-setup tool now supports a --image= switch for
+ provisioning a machine ID file into an OS disk image, similar to how
+ --root= operates on an OS file tree. This matches the existing switch
+ of the same name for systemd-tmpfiles, systemd-firstboot, and
+ systemd-sysusers tools.
+
+ * Similarly, systemd-repart gained support for the --image= switch too.
+ In combination with the existing --size= option, this makes the tool
+ particularly useful for easily growing disk images in a single
+ invocation, following the declarative rules included in the image
+ itself.
+
+ * systemd-repart's partition configuration files gained support for a
+ new switch MakeDirectories= which may be used to create arbitrary
+ directories inside file systems that are created, before registering
+ them in the partition table. This is useful in particular for root
+ partitions to create mount point directories for other partitions
+ included in the image. For example, a disk image that contains a
+ root, /home/, and /var/ partitions, may set MakeDirectories=yes to
+ create /home/ and /var/ as empty directories in the root file system
+ on its creation, so that the resulting image can mounted immediately,
+ even in read-only mode.
+
+ * systemd-repart's CopyBlocks= setting gained support for the special
+ value "auto". If used, a suitable matching partition on the booted OS
+ is found as source to copy blocks from. This is useful when
+ implementing replicating installers, that are booted from one medium
+ and then stream their own root partition onto the target medium.
+
+ * systemd-repart's partition configuration files gained support for a
+ Flags= and a ReadOnly= setting, allowing control of the GPT partition
+ flags for the created partitions: this is useful for marking newly
+ created partitions as read-only from the start.
+
+ * The /etc/os-release file has been extended with two new (optional)
+ variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
+ information for OS images that are updated comprehensively and
+ atomically as one image. Two new specifiers %M, %A now resolve to
+ these two fields in the various configuration options that resolve
+ specifiers.
+
+ * portablectl gained a new switch --extension= for enabling portable
+ service images with extensions that follow the extension image
+ concept introduced with v248, and thus allows layering multiple
+ images when setting up the root filesystem of the service.
+
+ * systemd-coredump will now extract ELF build-id information from
+ processes dumping core and include it in the coredump report.
+ Moreover, it will look for ELF .note.package sections with
+ distribution packaging meta-information about the crashing process.
+ This is useful to directly embed the rpm or deb (or any other)
+ package name and version in ELF files, making it easy to match
+ coredump reports with the specific package for which the software was
+ compiled. This is particularly useful on environments with ELF files
+ from multiple vendors, different distributions and versions, as is
+ common today in our containerized and sand-boxed world. For further
+ information, see:
+
+ https://systemd.io/COREDUMP_PACKAGE_METADATA
+
+ * A new udev hardware database has been added for FireWire devices
+ (IEEE 1394).
+
+ * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
+ NULL bus object, for which they will return false. Or in other words,
+ an unallocated bus connection is neither ready nor open.
+
+ * The sd-device API acquired a new API function
+ sd_device_get_usec_initialized() that returns the monotonic time when
+ the udev device first appeared in the database.
+
+ * sd-device gained a new APIs sd_device_trigger_with_uuid() and
+ sd_device_get_trigger_uuid(). The former is similar to
+ sd_device_trigger() but returns a randomly generated UUID that is
+ associated with the synthetic uevent generated by the call. This UUID
+ may be read from the sd_device object a monitor eventually receives,
+ via the sd_device_get_trigger_uuid(). This interface requires kernel
+ 4.13 or above to work, and allows tracking a synthetic uevent through
+ the entire device management stack. The "udevadm trigger --settle"
+ logic has been updated to make use of this concept if available to
+ wait precisely for the uevents it generates. "udevadm trigger" also
+ gained a new parameter --uuid that prints the UUID for each generated
+ uevent.
+
+ * sd-device also gained new APIs sd_device_new_from_ifname() and
+ sd_device_new_from_ifindex() for allocating an sd-device object for
+ the specified network interface. The former accepts an interface name
+ (either a primary or an alternative name), the latter an interface
+ index.
+
+ * The native Journal protocol has been documented. Clients may talk
+ this as alternative to the classic BSD syslog protocol for locally
+ delivering log records to the Journal. The protocol has been stable
+ since a long time and in fact been implemented already in a variety
+ of alternative client libraries. This documentation makes the support
+ for that official:
+
+ https://systemd.io/JOURNAL_NATIVE_PROTOCOL
+
+ * A new BPFProgram= setting has been added to service files. It may be
+ set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
+ file, or a bind mount or symlink to one. This may be used to upload
+ and manage BPF programs externally and then hook arbitrary systemd
+ services into them.
+
+ * The "home.arpa" domain that has been officially declared as the
+ choice for domain for local home networks per RFC 8375 has been added
+ to the default NTA list of resolved, since DNSSEC is generally not
+ available on private domains.
+
+ * The CPUAffinity= setting of unit files now resolves "%" specifiers.
+
+ * A new ManageForeignRoutingPolicyRules= setting has been added to
+ .network files which may be used to exclude foreign-created routing
+ policy rules from systemd-networkd management.
+
+ * systemd-network-wait-online gained two new switches -4 and -6 that
+ may be used to tweak whether to wait for only IPv4 or only IPv6
+ connectivity.
+
+ * .network files gained a new RequiredFamilyForOnline= setting to
+ fine-tune whether to require an IPv4 or IPv6 address in order to
+ consider an interface "online".
+
+ * networkctl will now show an over-all "online" state in the per-link
+ information.
+
+ * In .network files a new OutgoingInterface= setting has been added to
+ specify the output interface in bridge FDB setups.
+
+ * In .network files the Multipath group ID may now be configured for
+ [NextHop] entries, via the new Group= setting.
+
+ * The DHCP server logic configured in .network files gained a new
+ setting RelayTarget= that turns the server into a DHCP server relay.
+ The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
+ to further tweak the DHCP relay behaviour.
+
+ * The DHCP server logic also gained a new ServerAddress= setting in
+ .network files that explicitly specifies the server IP address to
+ use. If not specified, the address is determined automatically, as
+ before.
+
+ * The DHCP server logic in systemd-networkd gained support for static
+ DHCP leases, configurable via the [DHCPServerStaticLease]
+ section. This allows explicitly mapping specific MAC addresses to
+ fixed IP addresses and vice versa.
+
+ * The RestrictAddressFamilies= setting in service files now supports a
+ new special value "none". If specified sockets of all address
+ families will be made unavailable to services configured that way.
+
+ * systemd-fstab-generator and systemd-repart have been updated to
+ support booting from disks that carry only a /usr/ partition but no
+ root partition yet, and where systemd-repart can add it in on the
+ first boot. This is useful for implementing systems that ship with a
+ single /usr/ file system, and whose root file system shall be set up
+ and formatted on a LUKS-encrypted volume whose key is generated
+ locally (and possibly enrolled in the TPM) during the first boot.
+
+ * The [Address] section of .network files now accepts a new
+ RouteMetric= setting that configures the routing metric to use for
+ the prefix route created as effect of the address configuration.
+ Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
+ gained matching settings for their prefix routes. (The option of the
+ same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
+ it conceptually belongs there; the old option is still understood for
+ compatibility.)
+
+ * The DHCPv6 IAID and DUID are now explicitly configurable in .network
+ files.
+
+ * A new udev property ID_NET_DHCP_BROADCAST on network interface
+ devices is now honoured by systemd-networkd, controlling whether to
+ issue DHCP offers via broadcasting. This is used to ensure that s390
+ layer 3 network interfaces work out-of-the-box with systemd-networkd.
+
+ * nss-myhostname and systemd-resolved will now synthesize address
+ records for a new special hostname "_outbound". The name will always
+ resolve to the local IP addresses most likely used for outbound
+ connections towards the default routes. On multi-homed hosts this is
+ useful to have a stable handle referring to "the" local IP address
+ that matters most, to the point where this is defined.
+
+ * The Discoverable Partition Specification has been updated with a new
+ GPT partition flag "growsfs" defined for its partition types.
+ Whenever partitions with this flag set are automatically mounted
+ (i.e. via systemd-gpt-auto-generator or the --image= switch of
+ systemd-nspawn or other tools; and as opposed to explicit mounting
+ via /etc/fstab), the file system within the partition is
+ automatically grown to the full size of the partition. If the file
+ system size already matches the partition size this flag has no
+ effect. Previously, this functionality has been available via the
+ explicit x-systemd.growfs mount option, and this new flag extends
+ this to automatically discovered mounts. A new GrowFileSystem=
+ setting has been added to systemd-repart drop-in files that allows
+ configuring this partition flag. This new flag defaults to on for
+ partitions automatically created by systemd-repart, except if they
+ are marked read-only. See the specification for further details:
+
+ https://systemd.io/DISCOVERABLE_PARTITIONS
+
+ * .network files gained a new setting RoutesToNTP= in the [DHCPv4]
+ section. If enabled (which is the default), and an NTP server address
+ is acquired through a DHCP lease on this interface an explicit route
+ to this address is created on this interface to ensure that NTP
+ traffic to the NTP server acquired on an interface is also routed
+ through that interface. The pre-existing RoutesToDNS= setting that
+ implements the same for DNS servers is now enabled by default.
+
+ * A pair of service settings SocketBindAllow= + SocketBindDeny= have
+ been added that may be used to restrict the network interfaces
+ sockets created by the service may be bound to. This is implemented
+ via BPF.
+
+ * A new ConditionFirmware= condition type has been added to unit files.
+ It may be used to detect certain firmware features. At the moment it
+ may check whether running on an UEFI system, a device.tree system, or
+ if the system is compatible with some specified device-tree feature.
+
+ * hostnamed gained a new Describe() D-Bus method that returns a JSON
+ serialization of the host data it exposes. This is exposed via
+ "hostnamectl --json=" to acquire a host identity description in JSON.
+ It's our intention to add a similar features to most services and
+ objects systemd manages, in order to simplify integration with
+ program code that can consume JSON.
+
+ * Similarly, networkd gained a Describe() method on its Manager and
+ Link bus objects. This is exposed via "networkctl --json=".
+
+ * hostnamectl's various "get-xyz"/"set-xyz" verb pairs
+ (e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
+ been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
+ that is used both to get the value (when no argument is given), and
+ to set the value (when an argument is specified). The old names
+ continue to be supported for compatibility.
+
+ * systemd-detect-virt and ConditionVirtualization= are now able to
+ correctly identify Amazon EC2 environments.
+
+ * The LogLevelMax= setting of unit files now applies not only to log
+ messages generated *by* the service, but also to log messages
+ generated *about* the service by PID 1. To suppress logs concerning a
+ specific service comprehensively, set this option to a high log
+ level.
+
+ * bootctl gained support for a new --make-machine-id-directory= switch
+ that allows precise control on whether to create the top-level
+ per-machine directory in the boot partition that typically contains
+ Type 1 boot loader entries.
+
+ * During build SBAT data to include in the systemd-boot EFI PE binaries
+ may be specified now.
+
+ * /etc/crypttab learnt a new option "headless". If specified any
+ requests to query the user interactively for passwords or PINs will
+ be skipped. This is useful on systems that are headless, i.e. where
+ an interactive user is generally not present.
+
+ * /etc/crypttab also learnt a new option "password-echo=" that allows
+ configuring whether the encryption password prompt shall echo the
+ typed password and if so, do so literally or via asterisks. (The
+ default is the same behaviour as before: provide echo feedback via
+ asterisks.)
+
+ * FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
+ systemd-homed has been updated to allow explicit configuration of the
+ "user presence" and "user verification" checks, as well as whether a
+ PIN is required for authentication, via the new switches
+ --fido2-with-user-presence=, --fido2-with-user-verification=,
+ --fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
+ features are available, and may be enabled or disabled depends on the
+ used FIDO2 token.
+
+ * systemd-nspawn's --private-user= switch now accepts the special value
+ "identity" which configures a user namespacing environment with an
+ identity mapping of 65535 UIDs. This means the container UID 0 is
+ mapped to the host UID 0, and the UID 1 to host UID 1. On first look
+ this doesn't appear to be useful, however it does reduce the attack
+ surface a bit, since the resulting container will possess process
+ capabilities only within its namespace and not on the host.
+
+ * systemd-nspawn's --private-user-chown switch has been replaced by a
+ more generic --private-user-ownership= switch that accepts one of
+ three values: "chown" is equivalent to the old --private-user-chown,
+ and "off" is equivalent to the absence of the old switch. The value
+ "map" uses the new UID mapping mounts of Linux 5.12 to map ownership
+ of files and directories of the underlying image to the chosen UID
+ range for the container. "auto" is equivalent to "map" if UID mapping
+ mount are supported, otherwise it is equivalent to "chown". The short
+ -U switch systemd-nspawn now implies --private-user-ownership=auto
+ instead of the old --private-user-chown. Effectively this means: if
+ the backing file system supports UID mapping mounts the feature is
+ now used by default if -U is used. Generally, it's a good idea to use
+ UID mapping mounts instead of recursive chown()ing, since it allows
+ running containers off immutable images (since no modifications of
+ the images need to take place), and share images between multiple
+ instances. Moreover, the recursive chown()ing operation is slow and
+ can be avoided. Conceptually it's also a good thing if transient UID
+ range uses do not leak into persistent file ownership anymore. TLDR:
+ finally, the last major drawback of user namespacing has been
+ removed, and -U should always be used (unless you use btrfs, where
+ UID mapped mounts do not exist; or your container actually needs
+ privileges on the host).
+
+ * nss-systemd now synthesizes user and group shadow records in addition
+ to the main user and group records. Thus, hashed passwords managed by
+ systemd-homed are now accessible via the shadow database.
+
+ * The userdb logic (and thus nss-systemd, and so on) now read
+ additional user/group definitions in JSON format from the drop-in
+ directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
+ /usr/lib/userdb/. This is a simple and powerful mechanism for making
+ additional users available to the system, with full integration into
+ NSS including the shadow databases. Since the full JSON user/group
+ record format is supported this may also be used to define users with
+ resource management settings and other runtime settings that
+ pam_systemd and systemd-logind enforce at login.
+
+ * The userdbctl tool gained two new switches --with-dropin= and
+ --with-varlink= which can be used to fine-tune the sources used for
+ user database lookups.
+
+ * systemd-nspawn gained a new switch --bind-user= for binding a host
+ user account into the container. This does three things: the user's
+ home directory is bind mounted from the host into the container,
+ below the /run/userdb/home/ hierarchy. A free UID is picked in the
+ container, and a user namespacing UID mapping to the host user's UID
+ installed. And finally, a minimal JSON user and group record (along
+ with its hashed password) is dropped into /run/host/userdb/. These
+ records are picked up automatically by the userdb drop-in logic
+ describe above, and allow the user to login with the same password as
+ on the host. Effectively this means: if host and container run new
+ enough systemd versions making a host user available to the container
+ is trivially simple.
+
+ * systemd-journal-gatewayd now supports the switches --user, --system,
+ --merge, --file= that are equivalent to the same switches of
+ journalctl, and permit exposing only the specified subset of the
+ Journal records.
+
+ * The OnFailure= dependency between units is now augmented with a
+ implicit reverse dependency OnFailureOf= (this new dependency cannot
+ be configured directly it's only created as effect of an OnFailure=
+ dependency in the reverse order — it's visible in "systemctl show"
+ however). Similar, Slice= now has an reverse dependency SliceOf=,
+ that is also not configurable directly, but useful to determine all
+ units that are members of a slice.
+
+ * A pair of new dependency types between units PropagatesStopTo= +
+ StopPropagatedFrom= has been added, that allows propagation of unit
+ stop events between two units. It operates similar to the existing
+ PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.
+
+ * A new dependency type OnSuccess= has been added (plus the reverse
+ dependency OnSuccessOf=, which cannot be configured directly, but
+ exists only as effect of the reverse OnSuccess=). It is similar to
+ OnFailure=, but triggers in the opposite case: when a service exits
+ cleanly. This allows "chaining up" of services where one or more
+ services are started once another service has successfully completed.
+
+ * A new dependency type Upholds= has been added (plus the reverse
+ dependency UpheldBy=, which cannot be configured directly, but exists
+ only as effect of Upholds=). This dependency type is a stronger form
+ of Wants=: if a unit has an UpHolds= dependency on some other unit
+ and the former is active then the latter is started whenever it is
+ found inactive (and no job is queued for it). This is an alternative
+ to Restart= inside service units, but less configurable, and the
+ request to uphold a unit is not encoded in the unit itself but in
+ another unit that intends to uphold it.
+
+ * The systemd-ask-password tool now also supports reading passwords
+ from the credentials subsystem, via the new --credential= switch.
+
+ * The systemd-ask-password tool learnt a new switch --emoji= which may
+ be used to explicit control whether the lock and key emoji (🔐) is
+ shown in the password prompt on suitable TTYs.
+
+ * The --echo switch of systemd-ask-password now optionally takes a
+ parameter that controls character echo. It may either show asterisks
+ (default, as before), turn echo off entirely, or echo the typed
+ characters literally.
+
+ * New documentation has been added that describes the organization of
+ the systemd source code tree:
+
+ https://systemd.io/ARCHITECTURE
+
+ * Units using ConditionNeedsUpdate= will no longer be activated in
+ the initrd.
+
+ * It is now possible to list a template unit in the WantedBy= or
+ RequiredBy= settings of the [Install] section of another template
+ unit, which will be instantiated using the same instance name.
+
+ * A new MemoryAvailable property is available for units. If the unit,
+ or the slice(s) it is part of, have a memory limit set via MemoryMax=/
+ MemoryHigh=, MemoryAvailable will indicate how much more memory the
+ unit can claim before hitting the limit(s).
+
+ * systemd-coredump will now try to stay below the cgroup memory limit
+ placed on itself or one of the slices it runs under, if the storage
+ area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
+ since files written on such filesystems count toward the cgroup memory
+ limit. If there is not enough available memory in such cases to store
+ the core file uncompressed, systemd-coredump will skip to compressed
+ storage directly (if enabled) and it will avoid analyzing the core file
+ to print backtrace and metadata in the journal.
+
+ * tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
+ of a path matches the configured expectations, and remove it if not.
+
+ * tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
+ specify which of the several available filesystem timestamps (access
+ time, birth time, change time, modification time) to look at when
+ deciding whether a path has aged enough to be cleaned.
+
+ * A new IPv6StableSecretAddress= setting has been added to .network
+ files, which takes an IPv6 address to use as secret for IPv6 address
+ generation.
+
+ * The [DHCPServer] logic in .network files gained support for a new
+ UplinkInterface= setting that permits configuration of the uplink
+ interface name to propagate DHCP lease information from.
+
+ * The WakeOnLan= setting in .link files now accepts a list of flags
+ instead of a single one, to configure multiple wake-on-LAN policies.
+
+ * User-space defined tracepoints (USDT) have been added to udev at
+ strategic locations. This is useful for tracing udev behaviour and
+ performance with bpftrace and similar tools.
+
+ * systemd-journald-upload gained a new NetworkTimeoutSec= option for
+ setting a network timeout time.
+
+ Contributions from: Aakash Singh, adrian5, Alexander Sverdlin,
+ alexlzhu, Allen Webb, Alvin Šipraga, Alyssa Ross, Anita Zhang, asavah,
+ Balint Reczey, Bertrand Jacquin, borna-blazevic, caoxia2008cxx,
+ Carlo Teubner, Christian Göttsche, Christian Hesse, Daniel Schaefer,
+ Dan Streetman, David Santamaría Rogado, David Tardon, Deepak Rawat,
+ Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
+ Flos Lonicerae, Franck Bui, Francois Gervais, Frantisek Sumsal,
+ Gibeom Gwon, gitm0, Hans de Goede, Harsh Barsaiyan, Henri Chain,
+ Igor Zhbanov, imayoda, Jakub Warczarek, James Buren, Jan Janssen,
+ Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban,
+ Jérôme Carretero, jiangchuangang, Joerg Behrmann,
+ Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Julia Kartseva,
+ Kai-Heng Feng, Khem Raj, KoyamaSohei, Lennart Poettering,
+ LetzteInstanz, Luca Adrian L, Luca Boccassi, Lucas Magasweran,
+ Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard, Masahiro Matsuya,
+ Matt Johnston, Michael Catanzaro, Michal Koutný, Michal Sekletár,
+ Mike Kazantsev, Milan, Miroslav Suchý, Morten Linderud, nerdopolis,
+ nl6720, Noah Meyerhans, Oleg Popov, Olle Lundberg, Ondrej Kozina,
+ Perry.Yuan, Peter Hutterer, Peter Kjellerstedt, Peter Morrow,
+ Phaedrus Leeds, Roman Beranek, Roshan Shariff, Ryan Hendrickson,
+ Samuel BF, scootergrisen, Sebastian Blunt, Seong-ho Cho, Sergey Bugaev,
+ Sevan Janiyan, Sibo Dong, simmon, Simon Watts, Srinidhi Kaushik,
+ Štěpán Němec, Steve Bonds, Susant Sahani, sverdlin, syyhao1994,
+ Takashi Sakamoto, Topi Miettinen, tramsay, Uwe Kleine-König,
+ Viktor Mihajlovski, Vincent Dechenaux, Vito Caputo,
+ William A. Kennington III, Yangyang Shen, Yegor Alexeyev, Yi Gao,
+ Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб
+
+ — Berlin, 2021-06-15
+
CHANGES WITH 248:
* A concept of system extension images is introduced. Such images may
projects / systemd.git / blobdiff