summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS86
-rw-r--r--src/systemctl/systemctl.c14
2 files changed, 94 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 2a1edbe766..8d8c1033d3 100644
--- a/NEWS
+++ b/NEWS
@@ -6,7 +6,8 @@ CHANGES WITH 232 in spe
the user or group of a service when that service exits.
* The new ProtectKernelModules= option can be used to disable explicit
- load and unload operations of kernel modules by a service.
+ load and unload operations of kernel modules by a service. In
+ addition access to /usr/lib/modules is removed if this option is set.
* ProtectSystem= option gained a new value "strict", which causes the
whole file system tree with the exception of /dev, /proc, and /sys,
@@ -229,6 +230,87 @@ CHANGES WITH 232 in spe
running services in a race-free manner, and in particular collect
information about exit statuses and results.
+ * The nss-resolve module has been changed to strictly return UNAVAIL
+ when communication via D-Bus with resolved failed, and NOTFOUND when
+ a lookup completed but was negative. This means it is now possible to
+ neatly configure fallbacks using nsswitch.conf result checking
+ expressions. Taking benefit of this, the new recommended
+ configuration line for the "hosts" entry in /etc/nsswitch.conf is:
+
+ hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+
+ * A new setting CtrlAltDelBurstAction= has been added to
+ /etc/systemd/system.conf which may be used to configure the precise
+ behaviour if the user on the console presses Ctrl-Alt-Del more often
+ than 7 times in 2s. Previously this would unconditionally result in
+ an expedited, immediate reboot. With this new setting the precise
+ operation may be configured in more detail, and also turned off
+ entirely.
+
+ * In .netdev files two new settings RemoteChecksumTx= and
+ RemoteChecksumRx= are now understood that permit configuring the
+ remote checksumming logic for VXLAN networks.
+
+ * The service manager learnt a new "invocation ID" concept for invoked
+ services. Each runtime cycle of a service will get a new invocation
+ ID (a 128bit random UUID) assigned that identifies the current
+ run of the service uniquely and globally. A new invocation ID
+ is generated each time a service starts up. The journal will store
+ the invocation ID of a service along with any logged messages, thus
+ making the invocation ID useful for matching the online runtime of a
+ service with the offline log data it generated in a safe way without
+ relying on synchronized timestamps. In many ways this new service
+ invocation ID concept is similar to the kernel's boot ID concept that
+ uniquely and globally identifies the runtime of each boot. The
+ invocation ID of a service is passed to the service itself via an
+ environment variable ($INVOCATION_ID). A new bus call
+ GetUnitByInvocationID() has been added that is similar to GetUnit()
+ but instead of retrieving the bus path for a unit by its name
+ retrieves it by its invocation ID. The returned path is valid only as
+ long as the passed invocation ID is current.
+
+ * systemd-resolved gained a new "DNSStubListener" setting in
+ resolved.conf. It either takes a boolean value or the special values
+ "udp" and "tcp", and configures whether to enable the stub DNS
+ listener on 127.0.0.53:53.
+
+ * IP addresses configured via networkd may now carry additional
+ configuration settings supported by the kernel. New options include:
+ HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
+ PrefixRoute=, AutoJoin=.
+
+ * The PAM configuration fragment file for "user@.service" shipped with
+ systemd (i.e. the --user instance of systemd) has been stripped to
+ the minimum necessary to make the system boot. Previously, it
+ contained Fedora-specific stanzas that did not apply to other
+ distributions. It is expected that downstream distributions add
+ additional configuration lines, matching their needs to this file,
+ using it only as rough template of what systemd itself needs. Note
+ that this reduced fragment does not even include an invocation of
+ pam_limits which most distributions probably want to add, even though
+ systemd itself does not need it. (There's also the new build time
+ option --with-pamconfdir=no to disable installation of the PAM
+ fragment entirely.)
+
+ * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
+ capability is now also dropped from its set (in addition to
+ CAP_SYS_MKNOD as before).
+
+ * In service unit files it is now possible to connect a specific named
+ file descriptor with stdin/stdout/stdout of an executed service. The
+ name may be specified in matching .socket units using the
+ FileDescriptorName= setting.
+
+ * A number of journal settings may now be configured on the kernel
+ command line. Specifically, the following options are now understood:
+ systemd.journald.max_level_console=,
+ systemd.journald.max_level_store=,
+ systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
+ systemd.journald.max_level_wall=.
+
+ * "systemctl is-enabled --full" will now show by which symlinks a unit
+ file is enabled in the unit dependency tree.
+
CHANGES WITH 231:
* In service units the various ExecXYZ= settings have been extended
@@ -2106,7 +2188,7 @@ CHANGES WITH 219:
files.
* systemd now provides a way to store file descriptors
- per-service in PID 1.This is useful for daemons to ensure
+ per-service in PID 1. This is useful for daemons to ensure
that fds they require are not lost during a daemon
restart. The fds are passed to the daemon on the next
invocation in the same way socket activation fds are
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 2e3b59af3e..35d5c11cc7 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2721,7 +2721,7 @@ typedef struct {
static void wait_context_free(WaitContext *c) {
c->match = sd_bus_slot_unref(c->match);
c->event = sd_event_unref(c->event);
- c->unit_paths = set_free(c->unit_paths);
+ c->unit_paths = set_free_free(c->unit_paths);
}
static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
@@ -2738,31 +2738,37 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error
r = sd_bus_message_skip(m, "s");
if (r < 0)
return bus_log_parse_error(r);
+
r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{sv}");
if (r < 0)
return bus_log_parse_error(r);
while ((r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
const char *s;
- bool is_failed;
r = sd_bus_message_read(m, "s", &s);
if (r < 0)
return bus_log_parse_error(r);
+
if (streq(s, "ActiveState")) {
+ bool is_failed;
+
r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, "s");
if (r < 0)
return bus_log_parse_error(r);
+
r = sd_bus_message_read(m, "s", &s);
if (r < 0)
return bus_log_parse_error(r);
+
is_failed = streq(s, "failed");
if (streq(s, "inactive") || is_failed) {
log_debug("%s became %s, dropping from --wait tracking", path, s);
- set_remove(c->unit_paths, path);
- c->any_failed |= is_failed;
+ free(set_remove(c->unit_paths, path));
+ c->any_failed = c->any_failed || is_failed;
} else
log_debug("ActiveState on %s changed to %s", path, s);
+
break; /* no need to dissect the rest of the message */
} else {
/* other property */