summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS212
-rw-r--r--man/systemd-escape.xml4
-rw-r--r--man/systemd.xml2
-rw-r--r--rules/60-persistent-storage.rules4
-rw-r--r--src/basic/virt.c25
-rw-r--r--src/udev/udev-builtin-path_id.c5
6 files changed, 118 insertions, 134 deletions
diff --git a/NEWS b/NEWS
index f31f848b71..5cd41c3d22 100644
--- a/NEWS
+++ b/NEWS
@@ -2,10 +2,59 @@ systemd System and Service Manager
CHANGES WITH 233:
+ * The "hybrid" control group mode has been modified to improve
+ compatibility with "legacy" cgroups-v1 setups. Specifically, the
+ "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
+ "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
+ cgroups-v1 hierarchy), the only externally visible change being that
+ the cgroups-v2 hierarchy is also mounted, to
+ /sys/fs/cgroup/unified. This should provide a large degree of
+ compatibility with "legacy" cgroups-v1, while taking benefit of the
+ better management capabilities of cgroups-v2.
+
+ * The default control group setup mode may be selected both a boot-time
+ via a set of kernel command line parameters (specifically:
+ systemd.unified_cgroup_hierarchy= and
+ systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
+ default selected on the configure command line
+ (--with-default-hierarchy=). The upstream default is "hybrid"
+ (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
+ this will change in a future systemd version to be "unified" (pure
+ cgroups-v2 mode). The third option for the compile time option is
+ "legacy", to enter pure cgroups-v1 mode. We recommend downstream
+ distributions to default to "hybrid" mode for release distributions,
+ starting with v233. We recommend "unified" for development
+ distributions (specifically: distributions such as Fedora's rawhide)
+ as that's where things are headed in the long run. Use "legacy" for
+ greatest stability and compatibility only.
+
+ * Note one current limitation of "unified" and "hybrid" control group
+ setup modes: the kernel currently does not permit the systemd --user
+ instance (i.e. unprivileged code) to migrate processes between two
+ disconnected cgroup subtrees, even if both are managed and owned by
+ the user. This effectively means "systemd-run --user --scope" doesn't
+ work when invoked from outside of any "systemd --user" service or
+ scope. Specifically, it is not supported from session scopes. We are
+ working on fixing this in a future systemd version. (See #3388 for
+ further details about this.)
+
* DBus policy files are now installed into /usr rather than /etc. Make
sure your system has dbus >= 1.9.18 running before upgrading to this
version, or override the install path with --with-dbuspolicydir= .
+ * All python scripts shipped with systemd (specifically: the various
+ tests written in Python) now require Python 3.
+
+ * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
+ CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
+ kernel.
+
+ * Support for the %c, %r, %R specifiers in unit files has been
+ removed. Specifiers are not supposed to be dependent on configuration
+ in the unit file itself (so that they resolve the same regardless
+ where used in the unit files), but these specifiers were influenced
+ by the Slice= option.
+
* The shell invoked by debug-shell.service now defaults to /bin/sh in
all cases. If distributions want to use a different shell for this
purpose (for example Fedora's /sbin/sushell) they need to specify
@@ -39,8 +88,7 @@ CHANGES WITH 233:
* The option MulticastDNS= of network configuration files has acquired
an actual implementation. With MulticastDNS=yes a host can resolve
- names of remote hosts and to reply to mDNS's A and AAAA requests from
- the hosts.
+ names of remote hosts and reply to mDNS A and AAAA requests.
* When units are about to be started an additional check is now done to
ensure that all dependencies of type BindsTo= (when used in
@@ -48,29 +96,46 @@ CHANGES WITH 233:
* systemd-analyze gained a new verb "syscall-filter" which shows which
system call groups are defined for the SystemCallFilter= unit file
- setting, and which system calls they precisely contain.
+ setting, and which system calls they contain.
* A new system call filter group "@filesystem" has been added,
- consisting of various file system related system calls. A group
+ consisting of various file system related system calls. Group
"@reboot" has been added, covering reboot, kexec and shutdown related
- calls. Finally, a group "@swap" has been added covering swap
+ calls. Finally, group "@swap" has been added covering swap
configuration related calls.
* A new unit file option RestrictNamespaces= has been added that may be
used to restrict access to the various process namespace types the
Linux kernel provides. Specifically, it may be used to take away the
- right for specific service units to create additional file system,
- networking, user, and other namespaces. This sandboxing option is
- particularly relevant due to the high amount of recently discovered
- namespacing related vulnerabilities in the kernel.
+ right for a service unit to create additional file system, network,
+ user, and other namespaces. This sandboxing option is particularly
+ relevant due to the high amount of recently discovered namespacing
+ related vulnerabilities in the kernel.
- * .link gained support for a new AutoNegotiation= setting for
- configuring Ethernet auto-negotiation.
+ * systemd-udev's .link files gained support for a new AutoNegotiation=
+ setting for configuring Ethernet auto-negotiation.
* systemd-networkd's .network files gained support for a new
ListenPort= setting in the [DHCP] section to explicitly configure the
UDP client port the DHCP client shall listen on.
+ * .network files gained a new Unmanaged= boolean setting for explicitly
+ excluding one or more interfaces from management by systemd-networkd.
+
+ * The systemd-networkd ProxyARP= option has been renamed to
+ IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
+ renamed to ReduceARPProxy=. The old names continue to be available
+ for compatibility.
+
+ * systemd-networkd gained support for configuring IPv6 Proxy NDP
+ addresses via the new IPv6ProxyNDPAddress= .network file setting.
+
+ * systemd-networkd's bonding device support gained support for two new
+ configuration options ActiveSlave= and PrimarySlave=.
+
+ * The various options in the [Match] section of .network files gained
+ support for negative matching.
+
* New systemd-specific mount options are now understood in /etc/fstab:
x-systemd.mount-timeout= may be used to configure the maximum
@@ -84,15 +149,15 @@ CHANGES WITH 233:
drives, so that mounted CDs are automatically unmounted when they are
removed from the drive.
- x-systemd.after= and x-systemd.before= may be use to explicitly order
- a mount after or before another unit or mount point.
+ x-systemd.after= and x-systemd.before= may be used to explicitly
+ order a mount after or before another unit or mount point.
* Enqueued start jobs for device units are now automatically garbage
collected if there are no jobs waiting for them anymore.
- * systemctl list-jobs gained two new switches: With --after, every
- queued job shows which other queued job is waiting for it; with
- --before it shows which other jobs every job is waiting for.
+ * systemctl list-jobs gained two new switches: with --after, for every
+ queued job the jobs it's waiting for are shown; with --before the
+ jobs which it's blocking are shown.
* systemd-nspawn gained support for ephemeral boots from disk images
(or in other words: --ephemeral and --image= may now be
@@ -105,18 +170,15 @@ CHANGES WITH 233:
* Calendar time specifications in .timer units now support
specifications relative to the end of a month by using "~" instead of
"-" as separator between month and day. For example, "*-02~03" means
- "The third last day in February". In addition a new syntax for
+ "the third last day in February". In addition a new syntax for
repeated events has been added using the "/" character. For example,
"9..17/2:00" means "every two hours from 9am to 5pm".
* systemd-socket-proxyd gained a new parameter --connections-max= for
configuring the maximum number of concurrent connections.
- * All python scripts shipped with systemd (specifically: the various
- tests written in Python) now require Python 3.
-
- * sd-id128 gained a new API for generating unique IDs for the host
- that does not leak the machine ID. Specifically,
+ * sd-id128 gained a new API for generating unique IDs for the host in a
+ way that does not leak the machine ID. Specifically,
sd_id128_get_machine_app_specific() derives an ID based on the
machine ID a in well-defined, non-reversible, stable way. This is
useful whenever an identifier for the host is needed but where the
@@ -145,9 +207,6 @@ CHANGES WITH 233:
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
- * .network files gained a new Unmanaged= boolean setting for explicitly
- excluding one or more interfaces from management by systemd-networkd.
-
* systemd-nspawn --image= option does now permit raw file system block
devices (in addition to images containing partition tables, as
before).
@@ -192,15 +251,6 @@ CHANGES WITH 233:
kernel and initrd image that incorporates such a root hash as well as
a Verity-enabled root partition.
- * Support for the %c, %r, %R specifiers in unit files has been
- removed. Specifiers are not supposed to be dependent on configuration
- of unit files themselves (so that they resolve to the same regardless
- where used in the unit files), but these options were due to the
- existence of the Slice= option.
-
- * The various options in the [Match] section of .network files gained
- support for negative matching.
-
* The hardware database (hwdb) udev supports has been updated to carry
accelerometer quirks.
@@ -228,27 +278,19 @@ CHANGES WITH 233:
systemd.firstboot= kernel command line option. It accepts a boolean
and when set to false the first boot questions are skipped.
- * The systemd-networkd ProxyARP= option has been renamed to
- IPV4ProxyARP=. Similar, VXLAN-specific option ARPProxy= has been
- renamed to ReduceARPProxy=. The old names continue to be available
- for compatibility.
-
- * systemd-networkd's bonding device support gained support for two new
- configuration options ActiveSlave= and PrimarySlave=.
-
* systemd-fstab-generator has been updated to check for the
- systemd.volatile= kernel command line option, which either takes a
- boolean parameter or the special value "state". If used the system
- may be booted in a "volatile" boot mode. Specifically,
- systemd.volatile=yes is used, the root directory will be mounted as
+ systemd.volatile= kernel command line option, which either takes an
+ optional boolean parameter or the special value "state". If used the
+ system may be booted in a "volatile" boot mode. Specifically,
+ "systemd.volatile" is used, the root directory will be mounted as
tmpfs, and only /usr is mounted from the actual root file system. If
- systemd.volatile=state is used, the root directory will be mounted as
- usual, but /var is mounted as tmpfs. This concept provides similar
+ "systemd.volatile=state" is used, the root directory will be mounted
+ as usual, but /var is mounted as tmpfs. This concept provides similar
functionality as systemd-nspawn's --volatile= option, but provides it
on physical boots. Use this option for implementing stateless
systems, or testing systems with all state and/or configuration reset
to the defaults. (Note though that many distributions are not
- prepared to boot up without a populated /etc or /var, though)
+ prepared to boot up without a populated /etc or /var, though.)
* systemd-gpt-auto-generator gained support for LUKS encrypted root
partitions. Previously it only supported LUKS encrypted partitions
@@ -261,8 +303,7 @@ CHANGES WITH 233:
for specifying the fallback hostname to use if none is configured in
/etc/hostname. For example, by specifying
--with-fallback-hostname=fedora it is possible to default to a
- hostname of "fedora" when the user didn't specify anything
- explicitly.
+ hostname of "fedora" on pristine installations.
* systemd-cgls gained support for a new --unit= switch for listing only
the control groups of a specific unit. Similar --user-unit= has been
@@ -298,19 +339,25 @@ CHANGES WITH 233:
different place. This option enables booting of ostree images
directly with systemd-nspawn.
- * systemd-networkd gained support for configuring IPv6 Proxy NDP
- addresses via the new IPv6ProxyNDPAddress= .network file setting.
-
* The systemd build scripts will no longer complain if the NTP server
- addresses are not changed from the defaults. Google is now supporting
+ addresses are not changed from the defaults. Google now supports
these NTP servers officially. We still recommend downstreams to
properly register an NTP pool with the NTP pool project though.
* coredumpctl gained new new "--reverse" option for printing the list
of coredumps in reverse order.
+ * coredumpctl will now show additional information about truncated and
+ inaccessible coredumps, as well as coredumps that are still being
+ processed. It also gained a new --quiet switch for suppressing
+ additional informational message in its output.
+
+ * coredumpctl gained support for only showing coredumps newer and/or
+ older than specific timestamps, using the new --since= and --until=
+ options, reminiscent of journalctl's options by the same name.
+
* The systemd-coredump logic has been improved so that it may be reused
- for collecting backtraces in non-compiled languages, for example in
+ to collect backtraces in non-compiled languages, for example in
scripting languages such as Python.
* machinectl will now show the UID shift of local containers, if user
@@ -320,65 +367,16 @@ CHANGES WITH 233:
configuration load time. They may be used to add environment
variables to the environment block passed to services invoked. One
user environment generator is shipped by default that sets up
- environment variables based on files dropped into
- ~/.config/environment.d/.
+ environment variables based on files dropped into /etc/environment.d
+ and ~/.config/environment.d/.
* systemd-resolved now includes the new, recently published 2017 DNSSEC
root key (KSK).
- * coredumpctl will now show additional information about truncated and
- inaccessible coredumps, as well as coredumps that are still being
- processed. It also gained a new --quiet switch for suppressing
- additional informational message in its output.
-
- * coredumpctl gained support for only showing coredumps newer and/or
- older than specific timestamps, using the new --since= and --until=
- options, reminiscent of journalctl's options by the same name.
-
* hostnamed has been updated to report a new chassis type of
"convertible" to cover "foldable" laptops that can both act as a
tablet and as a laptop, such as various Lenovo Yoga devices.
- * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
- CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
- kernel.
-
- * The "hybrid" control group mode has been modified to improve
- compatibility with "legacy" cgroupsv1 setups. Specifically, the
- "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
- "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
- cgroupsv1 hierarchy), the only externally visible change being that
- the cgroupsv2 hierarchy is also mounted, to
- /sys/fs/cgroup/unified. This should provide a large degree of
- compatibility with "legacy" cgroupsv1, while taking benefit of the
- better management capabilities of cgroupsv2.
-
- * The default control group setup mode may be selected both a boot-time
- via a set of kernel command line parameters (specifically:
- systemd.unified_cgroup_hierarchy= and
- systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
- default selected on the configure command line
- (--with-default-hierarchy=). The upstream default is "hybrid"
- (i.e. the cgroupsv1 + cgroupsv2 mixture discussed above) now, but
- this will change in a future systemd version to be "unified" (pure
- cgroupsv2 mode). The third option for the compile time option is
- "legacy", to enter pure cgroupsv1 mode. We recommend downstream
- distributions to default to "hybrid" mode for release distributions,
- starting with v233. We recommend "unified" for development
- distributions (specifically: distributions such as Fedora's rawhide)
- as that's where things are headed in the long run. Use "legacy" for
- greatest stability and compatibility only.
-
- * Note one current limitation of "unified" and "hybrid" control group
- setup modes: the kernel currently does not permit the systemd --user
- instance (i.e. unprivileged code) to migrate processes between two
- disconnected cgroup subtrees, even if both are managed and owned by
- the user. This effectively means "systemd-run --user --scope" doesn't
- work when invoked from outside of any "systemd --user" service or
- scope. Specifically, it is not supported from session scopes. We are
- working on fixing this in a future systemd version. (See #3388 for
- further details about this.)
-
Contributions from: Adrián López, Alexander Galanin, Alexander
Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
diff --git a/man/systemd-escape.xml b/man/systemd-escape.xml
index 5e95e22536..bb4c7e48e5 100644
--- a/man/systemd-escape.xml
+++ b/man/systemd-escape.xml
@@ -86,8 +86,8 @@
<listitem><para>Appends the specified unit type suffix to the
escaped string. Takes one of the unit types supported by
- systemd, such as <literal>.service</literal> or
- <literal>.mount</literal>. May not be used in conjunction with
+ systemd, such as <literal>service</literal> or
+ <literal>mount</literal>. May not be used in conjunction with
<option>--template=</option>, <option>--unescape</option> or
<option>--mangle</option>.</para></listitem>
</varlistentry>
diff --git a/man/systemd.xml b/man/systemd.xml
index 4856dea824..e8178ca4bb 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -761,7 +761,7 @@
<term><constant>SIGRTMIN+27</constant></term>
<term><constant>SIGRTMIN+28</constant></term>
- <listitem><para>Sets the log level to
+ <listitem><para>Sets the log target to
<literal>journal-or-kmsg</literal> (or
<literal>console</literal> on
<constant>SIGRTMIN+27</constant>, <literal>kmsg</literal> on
diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
index 4a33ad813f..9817e9c64b 100644
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -67,6 +67,10 @@ ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id"
ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}"
ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n"
+# legacy virtio-pci by-path links (deprecated)
+KERNEL=="vd*[!0-9]", ENV{ID_PATH}=="pci-*", SYMLINK+="disk/by-path/virtio-$env{ID_PATH}"
+KERNEL=="vd*[0-9]", ENV{ID_PATH}=="pci-*", SYMLINK+="disk/by-path/virtio-$env{ID_PATH}-part%n"
+
# probe filesystem metadata of optical drives which have a media inserted
KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ENV{ID_CDROM_MEDIA_TRACK_COUNT_DATA}=="?*", ENV{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}=="?*", \
IMPORT{builtin}="blkid --offset=$env{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}"
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 9d615da681..ff4491d6d6 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -28,7 +28,6 @@
#include "env-util.h"
#include "fd-util.h"
#include "fileio.h"
-#include "fs-util.h"
#include "macro.h"
#include "process-util.h"
#include "stat-util.h"
@@ -570,30 +569,16 @@ int running_in_userns(void) {
}
int running_in_chroot(void) {
- _cleanup_free_ char *self_mnt = NULL, *pid1_mnt = NULL;
- int r;
-
- /* Try to detect whether we are running in a chroot() environment. Specifically, check whether we have a
- * different root directory than PID 1, even though we live in the same mount namespace as it. */
+ int ret;
if (getenv_bool("SYSTEMD_IGNORE_CHROOT") > 0)
return 0;
- r = files_same("/proc/1/root", "/");
- if (r < 0)
- return r;
- if (r > 0)
- return 0;
-
- r = readlink_malloc("/proc/self/ns/mnt", &self_mnt);
- if (r < 0)
- return r;
-
- r = readlink_malloc("/proc/1/ns/mnt", &pid1_mnt);
- if (r < 0)
- return r;
+ ret = files_same("/proc/1/root", "/");
+ if (ret < 0)
+ return ret;
- return streq(self_mnt, pid1_mnt); /* Only if we live in the same namespace! */
+ return ret == 0;
}
static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
index 527f0bff2d..8cb330dba1 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/udev/udev-builtin-path_id.c
@@ -664,11 +664,8 @@ static int builtin_path_id(struct udev_device *dev, int argc, char *argv[], bool
parent = skip_subsystem(parent, "xen");
supported_parent = true;
} else if (streq(subsys, "virtio")) {
- while (parent && streq_ptr("virtio", udev_device_get_subsystem(parent)))
- parent = udev_device_get_parent(parent);
- path_prepend(&path, "virtio-pci-%s", udev_device_get_sysname(parent));
+ parent = skip_subsystem(parent, "virtio");
supported_transport = true;
- supported_parent = true;
} else if (streq(subsys, "scm")) {
path_prepend(&path, "scm-%s", udev_device_get_sysname(parent));
parent = skip_subsystem(parent, "scm");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-21 23:47:27 +0000