diff options
-rw-r--r-- | NEWS | 86 | ||||
-rw-r--r-- | src/systemctl/systemctl.c | 14 |
2 files changed, 94 insertions, 6 deletions
@@ -6,7 +6,8 @@ CHANGES WITH 232 in spe the user or group of a service when that service exits. * The new ProtectKernelModules= option can be used to disable explicit - load and unload operations of kernel modules by a service. + load and unload operations of kernel modules by a service. In + addition access to /usr/lib/modules is removed if this option is set. * ProtectSystem= option gained a new value "strict", which causes the whole file system tree with the exception of /dev, /proc, and /sys, @@ -229,6 +230,87 @@ CHANGES WITH 232 in spe running services in a race-free manner, and in particular collect information about exit statuses and results. + * The nss-resolve module has been changed to strictly return UNAVAIL + when communication via D-Bus with resolved failed, and NOTFOUND when + a lookup completed but was negative. This means it is now possible to + neatly configure fallbacks using nsswitch.conf result checking + expressions. Taking benefit of this, the new recommended + configuration line for the "hosts" entry in /etc/nsswitch.conf is: + + hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname + + * A new setting CtrlAltDelBurstAction= has been added to + /etc/systemd/system.conf which may be used to configure the precise + behaviour if the user on the console presses Ctrl-Alt-Del more often + than 7 times in 2s. Previously this would unconditionally result in + an expedited, immediate reboot. With this new setting the precise + operation may be configured in more detail, and also turned off + entirely. + + * In .netdev files two new settings RemoteChecksumTx= and + RemoteChecksumRx= are now understood that permit configuring the + remote checksumming logic for VXLAN networks. + + * The service manager learnt a new "invocation ID" concept for invoked + services. Each runtime cycle of a service will get a new invocation + ID (a 128bit random UUID) assigned that identifies the current + run of the service uniquely and globally. A new invocation ID + is generated each time a service starts up. The journal will store + the invocation ID of a service along with any logged messages, thus + making the invocation ID useful for matching the online runtime of a + service with the offline log data it generated in a safe way without + relying on synchronized timestamps. In many ways this new service + invocation ID concept is similar to the kernel's boot ID concept that + uniquely and globally identifies the runtime of each boot. The + invocation ID of a service is passed to the service itself via an + environment variable ($INVOCATION_ID). A new bus call + GetUnitByInvocationID() has been added that is similar to GetUnit() + but instead of retrieving the bus path for a unit by its name + retrieves it by its invocation ID. The returned path is valid only as + long as the passed invocation ID is current. + + * systemd-resolved gained a new "DNSStubListener" setting in + resolved.conf. It either takes a boolean value or the special values + "udp" and "tcp", and configures whether to enable the stub DNS + listener on 127.0.0.53:53. + + * IP addresses configured via networkd may now carry additional + configuration settings supported by the kernel. New options include: + HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=, + PrefixRoute=, AutoJoin=. + + * The PAM configuration fragment file for "user@.service" shipped with + systemd (i.e. the --user instance of systemd) has been stripped to + the minimum necessary to make the system boot. Previously, it + contained Fedora-specific stanzas that did not apply to other + distributions. It is expected that downstream distributions add + additional configuration lines, matching their needs to this file, + using it only as rough template of what systemd itself needs. Note + that this reduced fragment does not even include an invocation of + pam_limits which most distributions probably want to add, even though + systemd itself does not need it. (There's also the new build time + option --with-pamconfdir=no to disable installation of the PAM + fragment entirely.) + + * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO + capability is now also dropped from its set (in addition to + CAP_SYS_MKNOD as before). + + * In service unit files it is now possible to connect a specific named + file descriptor with stdin/stdout/stdout of an executed service. The + name may be specified in matching .socket units using the + FileDescriptorName= setting. + + * A number of journal settings may now be configured on the kernel + command line. Specifically, the following options are now understood: + systemd.journald.max_level_console=, + systemd.journald.max_level_store=, + systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=, + systemd.journald.max_level_wall=. + + * "systemctl is-enabled --full" will now show by which symlinks a unit + file is enabled in the unit dependency tree. + CHANGES WITH 231: * In service units the various ExecXYZ= settings have been extended @@ -2106,7 +2188,7 @@ CHANGES WITH 219: files. * systemd now provides a way to store file descriptors - per-service in PID 1.This is useful for daemons to ensure + per-service in PID 1. This is useful for daemons to ensure that fds they require are not lost during a daemon restart. The fds are passed to the daemon on the next invocation in the same way socket activation fds are diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 2e3b59af3e..35d5c11cc7 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -2721,7 +2721,7 @@ typedef struct { static void wait_context_free(WaitContext *c) { c->match = sd_bus_slot_unref(c->match); c->event = sd_event_unref(c->event); - c->unit_paths = set_free(c->unit_paths); + c->unit_paths = set_free_free(c->unit_paths); } static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error *error) { @@ -2738,31 +2738,37 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error r = sd_bus_message_skip(m, "s"); if (r < 0) return bus_log_parse_error(r); + r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{sv}"); if (r < 0) return bus_log_parse_error(r); while ((r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) { const char *s; - bool is_failed; r = sd_bus_message_read(m, "s", &s); if (r < 0) return bus_log_parse_error(r); + if (streq(s, "ActiveState")) { + bool is_failed; + r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, "s"); if (r < 0) return bus_log_parse_error(r); + r = sd_bus_message_read(m, "s", &s); if (r < 0) return bus_log_parse_error(r); + is_failed = streq(s, "failed"); if (streq(s, "inactive") || is_failed) { log_debug("%s became %s, dropping from --wait tracking", path, s); - set_remove(c->unit_paths, path); - c->any_failed |= is_failed; + free(set_remove(c->unit_paths, path)); + c->any_failed = c->any_failed || is_failed; } else log_debug("ActiveState on %s changed to %s", path, s); + break; /* no need to dissect the rest of the message */ } else { /* other property */ |