From 4ffe24797cc881f1dc95f39badf6facd8061117e Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Wed, 14 Sep 2016 01:40:02 -0400 Subject: NEWS: add a bunch of stuff for the 232 release (#4132) This does not include the description of the mixed v1/v2 mode, but everything important apart from that should be covered. --- NEWS | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) diff --git a/NEWS b/NEWS index 7ff4a44835..178ccf9b04 100644 --- a/NEWS +++ b/NEWS @@ -2,11 +2,141 @@ systemd System and Service Manager CHANGES WITH 232 in spe + * The new RemoveIPC= option can be used to remove IPC objects owned by + the user or group of a service when that service exits. + + * Support for dynamically creating users for the lifetime of a service + has been added. If DynamicUser=yes is specified, user and group IDs + will be allocated from the range 61184..65519 for the lifetime of the + service. They can be resolved using the new nss-systemd.so NSS + module. The module must be enabled in /etc/nsswitch.conf. Services + started in this way have PrivateTmp= and RemoveIPC= enabled, so that + any resources allocated by the service will be cleaned up when the + service exits. + + The nss-systemd module also always resolves root and nobody, making + it possible to have no /etc/passwd or /etc/group files in minimal + container systems. + + * Services may be started with their own user namespace using the new + PrivateUsers= option. Only root, nobody, and the uid/gid under which + the service is running are mapped. All other users are mapped to + nobody. + + * Support for the cgroup namespace has been added to systemd-nspawn. If + supported by kernel, the container system started by systemd-nspawn + will have its own view of the cgroup hierarchy. This new behaviour + can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable. + + * The new MemorySwapMax= option can be used to limit the maximum swap + usage under the unified cgroup hierarchy. + + * Support for the CPU controller in the unified cgroup hierarchy has + been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting= + options. This controller requires out-of-tree patches for the kernel + and the support is provisional. + + * .automount units may now be transient. + + * systemd-mount is a new tool which wraps mount(8) to pull in + additional dependencies through transient .mount and .automount + units. For example, this automatically runs fsck on the block device + before mounting, and allows the automount logic to be used. + + * LazyUnmount=yes option for mount units has been added to expose the + umount --lazy option. Similarly, ForceUnmount=yes exposes the --force + option. + + * /efi will be used as the mount point of the EFI boot partition, if + the directory is present, and the mount point was not configured + through other means (e.g. fstab). If /efi directory does not exist, + /boot will be used as before. This makes it easier to automatically + mount the EFI partition on systems where /boot is used for something + else. + + * disk/by-id symlinks are now created for NVMe drives. + + * Two new user session targets have been added to support running + graphical sessions under the systemd --user instance: + graphical-session.target and graphical-session-pre.target. See + systemd.special(7) for a description of how those targets should be + used. + + * The vconsole initialization code has been significantly reworked to + use KD_FONT_OP_GET/SET ioctls insteads of KD_FONT_OP_COPY and better + support unicode keymaps. Font and keymap configuration will now be + copied to all allocated virtual consoles. + + * FreeBSD's bhyve virtiualization is now detected. + + * Information recored in the journal for core dumps now includes the + contents of /proc/mountinfo and the command line of the process at + the top of the process hierarchy (which is usually the init process + of the container). + + * systemd-journal-gatewayd learned the --directory option to serve + files from the specified location. + + * journalctl --root=… can be used to peruse the journal in the + /var/log/ directories inside of a container tree. This is similar to + the existing --machine= option, but does not require the container to + be active. + + * The hardware database has been extended to support + ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify + trackball devices. + + MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to + specify the click rate for mice which include a horizontal wheel with + a click rate that is different than the one for the vertical wheel. + + * systemd-run gained a new --wait option that makes service execution + synchronous. + + * A new journal output mode "short-full" has been added which uses + timestamps with abbreviated English day names and adds a timezone + suffix. Those timestamps include more information and can be parsed + by journalctl. + + * /etc/resolv.conf will be bind-mounted into containers started by + systemd-nspawn, if possible, so any changes to resolv.conf contents + are automatically propagated to the container. + + * The number of instances for socket-activated services originating + from a single IP can be limited with MaxConnectionsPerSource=, + extending the existing setting of MaxConnections. + + * UDP Segmentation Offload, TCP Segmentation Offload, Generic + Segmentation Offload, Generic Receive Offload, Large Receive Offload + can be enabled and disabled using the new UDPSegmentationOffload=, + TCPSegmentationOffload=, GenericSegmentationOffload=, + GenericReceiveOffload=, LargeReceiveOffload= options in the + [Link] section of .link files. + + Spanning Tree Protocol enablement, Priority, Aging Time, and the + Default Port VLAN ID can be configured for bridge devices using the + new STP=, Priority=, AgeingTimeSec=, and DefaultPVID= settings in the + [Bridge] section of .netdev files. + + Address Resolution Protocol can be disabled on links managed by + systemd-networkd using the ARP=no setting in the [Link] section of + .network files. + + * $SERVICE_RESULT, $EXIT_CODE, $EXIT_STATUS are set for ExecStop= and + ExecStopPost= commands. + * Journald's SplitMode=login setting has been deprecated. It has been removed from documentation, and it's use is discouraged. In a future release it will be completely removed, and made equivalent to current default of SplitMode=uid. + * The --share-system systemd-nspawn option has been replaced with an + (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of + this functionality is discouraged. In addition the variables + $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID, + $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of + individual namespaces. + CHANGES WITH 231: * In service units the various ExecXYZ= settings have been extended @@ -223,6 +353,9 @@ CHANGES WITH 231: local changes made to systemd in a pristine, defined environment. See HACKING for details. + * configure learned the --with-support-url= option to specify the + distribution's bugtracker. + Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar -- cgit v1.2.3-54-g00ecf