"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "NEWS" between
systemd-247.tar.gz and systemd-248.tar.gz

About: systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts.

NEWS  (systemd-247):NEWS  (systemd-248)
systemd System and Service Manager systemd System and Service Manager
CHANGES WITH 248:
* A concept of system extension images is introduced. Such images may
be used to extend the /usr/ and /opt/ directory hierarchies at
runtime with additional files (even if the file system is read-only).
When a system extension image is activated, its /usr/ and /opt/
hierarchies and os-release information are combined via overlayfs
with the file system hierarchy of the host OS.
A new systemd-sysext tool can be used to merge, unmerge, list, and
refresh system extension hierarchies. See
https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
The systemd-sysext.service automatically merges installed system
extensions during boot (before basic.target, but not in very early
boot, since various file systems have to be mounted first).
The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
supported system extension level.
* A new ExtensionImages= unit setting can be used to apply the same
system extension image concept from systemd-sysext to the namespaced
file hierarchy of specific services, following the same rules and
constraints.
* Support for a new special "root=tmpfs" kernel command-line option has
been added. When specified, a tmpfs is mounted on /, and mount.usr=
should be used to point to the operating system implementation.
* A new configuration file /etc/veritytab may be used to configure
dm-verity integrity protection for block devices. Each line is in the
format "volume-name data-device hash-device roothash options",
similar to /etc/crypttab.
* A new kernel command-line option systemd.verity.root_options= may be
used to configure dm-verity behaviour for the root device.
* The key file specified in /etc/crypttab (the third field) may now
refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
acquired by connecting to that socket and reading from it. This
allows the implementation of a service to provide key information
dynamically, at the moment when it is needed.
* When the hostname is set explicitly to "localhost", systemd-hostnamed
will respect this. Previously such a setting would be mostly silently
ignored. The goal is to honour configuration as specified by the
user.
* The fallback hostname that will be used by the system manager and
systemd-hostnamed can now be configured in two new ways: by setting
DEFAULT_HOSTNAME= in os-release(5), or by setting
$SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
also be configured during compilation. The environment variable is
intended for testing and local overrides, the os-release(5) field is
intended to allow customization by different variants of a
distribution that share the same compiled packages.
* The environment block of the manager itself may be configured through
a new ManagerEnvironment= setting in system.conf or user.conf. This
complements existing ways to set the environment block (the kernel
command line for the system manager, the inherited environment and
user@.service unit file settings for the user manager).
* systemd-hostnamed now exports the default hostname and the source of
the configured hostname ("static", "transient", or "default") as
D-Bus properties.
* systemd-hostnamed now exports the "HardwareVendor" and
"HardwareModel" D-Bus properties, which are supposed to contain a
pair of cleaned up, human readable strings describing the system's
vendor and model. It's typically sourced from the firmware's DMI
tables, but may be augmented from a new hwdb database. hostnamectl
shows this in the status output.
* Support has been added to systemd-cryptsetup for extracting the
PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
metadata header. This allows the information how to open the
encrypted device to be embedded directly in the device and obviates
the need for configuration in an external file.
* systemd-cryptsetup gained support for unlocking LUKS2 volumes using
TPM2 hardware, as well as FIDO2 security tokens (in addition to the
pre-existing support for PKCS#11 security tokens).
* systemd-repart may enroll encrypted partitions using TPM2
hardware. This may be useful for example to create an encrypted /var
partition bound to the machine on first boot.
* A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
and PKCS#11 security tokens to LUKS volumes, list and destroy
them. See:
http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs1
1-security-hardware-on-systemd-248.html
It also supports enrolling "recovery keys" and regular passphrases.
* The libfido2 dependency is now based on dlopen(), so that the library
is used at runtime when installed, but is not a hard runtime
dependency.
* systemd-cryptsetup gained support for two new options in
/etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
request synchronous processing of encryption/decryption IO.
* The manager may be configured at compile time to use the fexecve()
instead of the execve() system call when spawning processes. Using
fexecve() closes a window between checking the security context of an
executable and spawning it, but unfortunately the kernel displays
stale information in the process' "comm" field, which impacts ps
output and such.
* The configuration option -Dcompat-gateway-hostname has been dropped.
"_gateway" is now the only supported name.
* The ConditionSecurity=tpm2 unit file setting may be used to check if
the system has at least one TPM2 (tpmrm class) device.
* A new ConditionCPUFeature= has been added that may be used to
conditionalize units based on CPU features. For example,
ConditionCPUFeature=rdrand will condition a unit so that it is only
run when the system CPU supports the RDRAND opcode.
* The existing ConditionControlGroupController= setting has been
extended with two new values "v1" and "v2". "v2" means that the
unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
hierarchy or the hybrid hierarchy are used.
* A new PrivateIPC= setting on a unit file allows executed processes to
be moved into a private IPC namespace, with separate System V IPC
identifiers and POSIX message queues.
A new IPCNamespacePath= allows the unit to be joined to an existing
IPC namespace.
* The tables of system calls in seccomp filters are now automatically
generated from kernel lists exported on
https://fedora.juszkiewicz.com.pl/syscalls.html.
The following architectures should now have complete lists:
alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
* The MountAPIVFS= service file setting now additionally mounts a tmpfs
on /run/ if it is not already a mount point. A writable /run/ has
always been a requirement for a functioning system, but this was not
guaranteed when using a read-only image.
Users can always specify BindPaths= or InaccessiblePaths= as
overrides, and they will take precedence. If the host's root mount
point is used, there is no change in behaviour.
* New bind mounts and file system image mounts may be injected into the
mount namespace of a service (without restarting it). This is exposed
respectively as 'systemctl bind <unit> <path>…' and
'systemctl mount-image <unit> <image>…'.
* The StandardOutput= and StandardError= settings can now specify files
to be truncated for output (as "truncate:<path>").
* The ExecPaths= and NoExecPaths= settings may be used to specify
noexec for parts of the file system.
* sd-bus has a new function sd_bus_open_user_machine() to open a
connection to the session bus of a specific user in a local container
or on the local host. This is exposed in the existing -M switch to
systemctl and similar tools:
systemctl --user -M lennart@foobar start foo
This will connect to the user bus of a user "lennart" in container
"foobar". If no container name is specified, the specified user on
the host itself is connected to
systemctl --user -M lennart@ start quux
* sd-bus also gained a convenience function sd_bus_message_send() to
simplify invocations of sd_bus_send(), taking only a single
parameter: the message to send.
* sd-event allows rate limits to be set on event sources, for dealing
with high-priority event sources that might starve out others. See
the new man page sd_event_source_set_ratelimit(3) for details.
* systemd.link files gained a [Link] Promiscuous= switch, which allows
the device to be raised in promiscuous mode.
New [Link] TransmitQueues= and ReceiveQueues= settings allow the
number of TX and RX queues to be configured.
New [Link] TransmitQueueLength= setting allows the size of the TX
queue to be configured.
New [Link] GenericSegmentOffloadMaxBytes= and
GenericSegmentOffloadMaxSegments= allow capping the packet size and
the number of segments accepted in Generic Segment Offload.
* systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
wireless routing protocol that operates on ISO/OSI Layer 2 only and
uses ethernet frames to route/bridge packets. This encompasses a new
"batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
new settings in .netdev files, and a new BatmanAdvanced= setting in
.network files.
* systemd.network files gained a [Network] RouteTable= configuration
switch to select the routing policy table.
systemd.network files gained a [RoutingPolicyRule] Type=
configuration switch (one of "blackhole, "unreachable", "prohibit").
systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
RouteAllowList= settings to ignore/accept route advertisements from
routers matching specified prefixes. The DenyList= setting has been
renamed to PrefixDenyList= and a new PrefixAllowList= option has been
added.
systemd.network files gained a [DHCPv6] UseAddress= setting to
optionally ignore the address provided in the lease.
systemd.network files gained a [DHCPv6PrefixDelegation]
ManageTemporaryAddress= switch.
systemd.network files gained a new ActivationPolicy= setting which
allows configuring how the UP state of an interface shall be managed,
i.e. whether the interface is always upped, always downed, or may be
upped/downed by the user using "ip link set dev".
* The default for the Broadcast= setting in .network files has slightly
changed: the broadcast address will not be configured for wireguard
devices.
* systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
configuration options for VLAN packet handling.
* udev rules may now set log_level= option. This allows debug logs to
be enabled for select events, e.g. just for a specific subsystem or
even a single device.
* udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
DATA_PREPARED_ID properties for block devices with ISO9660 file
systems.
* udev now exports decoded DMI information about installed memory slots
as device properties under the /sys/class/dmi/id/ pseudo device.
* /dev/ is not mounted noexec anymore. This didn't provide any
significant security benefits and would conflict with the executable
mappings used with /dev/sgx device nodes. The previous behaviour can
be restored for individual services with NoExecPaths=/dev (or by allow
-
listing and excluding /dev from ExecPaths=).
* Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
and /dev/vhost-net are owned by the kvm group.
* The hardware database has been extended with a list of fingerprint
readers that correctly support USB auto-suspend using data from
libfprint.
* systemd-resolved can now answer DNSSEC questions through the stub
resolver interface in a way that allows local clients to do DNSSEC
validation themselves. For a question with DO+CD set, it'll proxy the
DNS query and respond with a mostly unmodified packet received from
the upstream server.
* systemd-resolved learnt a new boolean option CacheFromLocalhost= in
resolved.conf. If true the service will provide caching even for DNS
lookups made to an upstream DNS server on the 127.0.0.1/::1
addresses. By default (and when the option is false) systemd-resolved
will not cache such lookups, in order to avoid duplicate local
caching, under the assumption the local upstream server caches
anyway.
* systemd-resolved now implements RFC5001 NSID in its local DNS
stub. This may be used by local clients to determine whether they are
talking to the DNS resolver stub or a different DNS server.
* When resolving host names and other records resolvectl will now
report where the data was acquired from (i.e. the local cache, the
network, locally synthesized, …) and whether the network traffic it
effected was encrypted or not. Moreover the tool acquired a number of
new options --cache=, --synthesize=, --network=, --zone=,
--trust-anchor=, --validate= that take booleans and may be used to
tweak a lookup, i.e. whether it may be answered from cached
information, locally synthesized information, information acquired
through the network, the local mDNS/LLMNR zone, the DNSSEC trust
anchor, and whether DNSSEC validation shall be executed for the
lookup.
* systemd-nspawn gained a new --ambient-capability= setting
(AmbientCapability= in .nspawn files) to configure ambient
capabilities passed to the container payload.
* systemd-nspawn gained the ability to configure the firewall using the
nftables subsystem (in addition to the existing iptables
support). Similarly, systemd-networkd's IPMasquerade= option now
supports nftables as back-end, too. In both cases NAT on IPv6 is now
supported too, in addition to IPv4 (the iptables back-end still is
IPv4-only).
"IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
retains its meaning, but has been deprecated. Please switch to either
"ivp4" or "both" (if covering IPv6 is desired).
* systemd-importd will now download .verity and .roothash.p7s files
along with the machine image (as exposed via machinectl pull-raw).
* systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
setting to configure the time a unit's cgroup needs to exceed memory
pressure limits before action will be taken, and a new
ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
units.
systemd-oomd is now considered fully supported (the usual
backwards-compatiblity promises apply). Swap is not required for
operation, but it is still recommended.
* systemd-timesyncd gained a new ConnectionRetrySec= setting which
configures the retry delay when trying to contact servers.
* systemd-stdio-bridge gained --system/--user options to connect to the
system bus (previous default) or the user session bus.
* systemd-localed may now call locale-gen to generate missing locales
on-demand (UTF-8-only). This improves integration with Debian-based
distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
* systemctl --check-inhibitors=true may now be used to obey inhibitors
even when invoked non-interactively. The old --ignore-inhibitors
switch is now deprecated and replaced by --check-inhibitors=false.
* systemctl import-environment will now emit a warning when called
without any arguments (i.e. to import the full environment block of
the called program). This command will usually be invoked from a
shell, which means that it'll inherit a bunch of variables which are
specific to that shell, and usually to the TTY the shell is connected
to, and don't have any meaning in the global context of the system or
user service manager. Instead, only specific variables should be
imported into the manager environment block.
Similarly, programs which update the manager environment block by
directly calling the D-Bus API of the manager, should also push
specific variables, and not the full inherited environment.
* systemctl's status output now shows unit state with a more careful
choice of Unicode characters: units in maintenance show a "○" symbol
instead of the usual "●", failed units show "×", and services being
reloaded "↻".
* coredumpctl gained a --debugger-arguments= switch to pass arguments
to the debugger. It also gained support for showing coredump info in
a simple JSON format.
* systemctl/loginctl/machinectl's --signal= option now accept a special
value "list", which may be used to show a brief table with known
process signals and their numbers.
* networkctl now shows the link activation policy in status.
* Various tools gained --pager/--no-pager/--json= switches to
enable/disable the pager and provide JSON output.
* Various tools now accept two new values for the SYSTEMD_COLORS
environment variable: "16" and "256", to configure how many terminal
colors are used in output.
* less 568 or newer is now required for the auto-paging logic of the
various tools. Hyperlink ANSI sequences in terminal output are now
used even if a pager is used, and older versions of less are not able
to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
disable this output again.
* Builds with support for separate / and /usr/ hierarchies ("split-usr"
builds, non-merged-usr builds) are now officially deprecated. A
warning is emitted during build. Support is slated to be removed in
about a year (when the Debian Bookworm release development starts).
* Systems with the legacy cgroup v1 hierarchy are now marked as
"tainted", to make it clearer that using the legacy hierarchy is not
recommended.
* systemd-localed will now refuse to configure a keymap which is not
installed in the file system. This is intended as a bug fix, but
could break cases where systemd-localed was used to configure the
keymap in advanced of it being installed. It is necessary to install
the keymap file first.
* The main git development branch has been renamed to 'main'.
* mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
for partitions, as in the vast majority of cases they contain none
and are used internally by the bootloader (eg: uboot).
* systemd will now set the $SYSTEMD_EXEC_PID environment variable for
spawned processes to the PID of the process itself. This may be used
by programs for detecting whether they were forked off by the service
manager itself or are a process forked off further down the tree.
* The sd-device API gained four new calls: sd_device_get_action() to
determine the uevent add/remove/change/… action the device object has
been seen for, sd_device_get_seqno() to determine the uevent sequence
number, sd_device_new_from_stat_rdev() to allocate a new sd_device
object from stat(2) data of a device node, and sd_device_trigger() to
write to the 'uevent' attribute of a device.
* For most tools the --no-legend= switch has been replaced by
--legend=no and --legend=yes, to force whether tables are shown with
headers/legends.
* Units acquired a new property "Markers" that takes a list of zero,
one or two of the following strings: "needs-reload" and
"needs-restart". These markers may be set via "systemctl
set-property". Once a marker is set, "systemctl reload-or-restart
--marked" may be invoked to execute the operation the units are
marked for. This is useful for package managers that want to mark
units for restart/reload while updating, but effect the actual
operations at a later step at once.
* The sd_bus_message_read_strv() API call of sd-bus may now also be
used to parse arrays of D-Bus signatures and D-Bus paths, in addition
to regular strings.
* bootctl will now report whether the UEFI firmware used a TPM2 device
and measured the boot process into it.
* systemd-tmpfiles learnt support for a new environment variable
$SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
even if the root fs of the system is not itself a btrfs volume.
* systemd-detect-virt/ConditionVirtualization= will now explicitly
detect Docker/Podman environments where possible. Moreover, they
should be able to generically detect any container manager as long as
it assigns the container a cgroup.
* portablectl gained a new "reattach" verb for detaching/reattaching a
portable service image, useful for updating images on-the-fly.
* Intel SGX enclave device nodes (which expose a security feature of
newer Intel CPUs) will now be owned by a new system group "sgx".
Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
Zmicer Turok, Дамјан Георгиевски
— Berlin, 2021-03-30
CHANGES WITH 247: CHANGES WITH 247:
* KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
"bind" and "unbind" to the Linux device model. When this kernel "bind" and "unbind" to the Linux device model. When this kernel
change was made, systemd-udevd was only minimally updated to handle change was made, systemd-udevd was only minimally updated to handle
and propagate these new event types. The introduction of these new and propagate these new event types. The introduction of these new
uevents (which are typically generated for USB devices and devices uevents (which are typically generated for USB devices and devices
needing a firmware upload before being functional) resulted in a needing a firmware upload before being functional) resulted in a
number of issues which we so far didn't address. We hoped the kernel number of issues which we so far didn't address. We hoped the kernel
maintainers would themselves address these issues in some form, but maintainers would themselves address these issues in some form, but
that did not happen. To handle them properly, many (if not most) udev that did not happen. To handle them properly, many (if not most) udev
rules files shipped in various packages need updating, and so do many rules files shipped in various packages need updating, and so do many
programs that monitor or enumerate devices with libudev or sd-device, programs that monitor or enumerate devices with libudev or sd-device,
or otherwise process uevents. Please note that this incompatibility or otherwise process uevents. Please note that this incompatibility
is not fault of systemd or udev, but caused by an incompatible kernel is not fault of systemd or udev, but caused by an incompatible kernel
change that happened back in Linux 4.12, but is becoming more and change that happened back in Linux 4.14, but is becoming more and
more visible as the new uevents are generated by more kernel drivers. more visible as the new uevents are generated by more kernel drivers.
To minimize issues resulting from this kernel change (but not avoid To minimize issues resulting from this kernel change (but not avoid
them entirely) starting with systemd-udevd 247 the udev "tags" them entirely) starting with systemd-udevd 247 the udev "tags"
concept (which is a concept for marking and filtering devices during concept (which is a concept for marking and filtering devices during
enumeration and monitoring) has been reworked: udev tags are now enumeration and monitoring) has been reworked: udev tags are now
"sticky", meaning that once a tag is assigned to a device it will not "sticky", meaning that once a tag is assigned to a device it will not
be removed from the device again until the device itself is removed be removed from the device again until the device itself is removed
(i.e. unplugged). This makes sure that any application monitoring (i.e. unplugged). This makes sure that any application monitoring
devices that match a specific tag is guaranteed to both see uevents devices that match a specific tag is guaranteed to both see uevents
skipping to change at line 48 skipping to change at line 528
to determine which tags are the ones applied by the most recent to determine which tags are the ones applied by the most recent
uevent/database update, in order to discern them from those uevent/database update, in order to discern them from those
originating from earlier uevents/database updates of the same originating from earlier uevents/database updates of the same
device. To accommodate for this a new automatic property CURRENT_TAGS device. To accommodate for this a new automatic property CURRENT_TAGS
has been added that works similar to the existing TAGS property but has been added that works similar to the existing TAGS property but
only lists tags set by the most recent uevent/database only lists tags set by the most recent uevent/database
update. Similarly, the libudev/sd-device API has been updated with update. Similarly, the libudev/sd-device API has been updated with
new functions to enumerate these 'current' tags, in addition to the new functions to enumerate these 'current' tags, in addition to the
existing APIs that now enumerate the 'sticky' ones. existing APIs that now enumerate the 'sticky' ones.
To properly handle "bind"/"unbind" on Linux 4.12 and newer it is To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
essential that all udev rules files and applications are updated to essential that all udev rules files and applications are updated to
handle the new events. Specifically: handle the new events. Specifically:
• All rule files that currently use a header guard similar to • All rule files that currently use a header guard similar to
ACTION!="add|change",GOTO="xyz_end" should be updated to use ACTION!="add|change",GOTO="xyz_end" should be updated to use
ACTION=="remove",GOTO="xyz_end" instead, so that the ACTION=="remove",GOTO="xyz_end" instead, so that the
properties/tags they add are also applied whenever "bind" (or properties/tags they add are also applied whenever "bind" (or
"unbind") is seen. (This is most important for all physical device "unbind") is seen. (This is most important for all physical device
types — those for which "bind" and "unbind" are currently types — those for which "bind" and "unbind" are currently
generated, for all other device types this change is still generated, for all other device types this change is still
skipping to change at line 3812 skipping to change at line 4292
exist yet, and only then the argument string is written to the file. exist yet, and only then the argument string is written to the file.
* FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change * FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
systemd-tmpfiles behaviour: previously, read-only files owned by root systemd-tmpfiles behaviour: previously, read-only files owned by root
were always excluded from the file "aging" algorithm (i.e. the were always excluded from the file "aging" algorithm (i.e. the
automatic clean-up of directories like /tmp based on automatic clean-up of directories like /tmp based on
atime/mtime/ctime). We intend to drop this restriction, and age files atime/mtime/ctime). We intend to drop this restriction, and age files
by default even when owned by root and read-only. This behaviour was by default even when owned by root and read-only. This behaviour was
inherited from older tools, but there have been requests to remove inherited from older tools, but there have been requests to remove
it, and it's not obvious why this restriction was made in the first it, and it's not obvious why this restriction was made in the first
place. Please speak up now, if you are aware of software that reqires place. Please speak up now, if you are aware of software that requires
this behaviour, otherwise we'll remove the restriction in v238. this behaviour, otherwise we'll remove the restriction in v238.
* A new environment variable $SYSTEMD_OFFLINE is now understood by * A new environment variable $SYSTEMD_OFFLINE is now understood by
systemctl. It takes a boolean argument. If on, systemctl assumes it systemctl. It takes a boolean argument. If on, systemctl assumes it
operates on an "offline" OS tree, and will not attempt to talk to the operates on an "offline" OS tree, and will not attempt to talk to the
service manager. Previously, this mode was implicitly enabled if a service manager. Previously, this mode was implicitly enabled if a
chroot() environment was detected, and this new environment variable chroot() environment was detected, and this new environment variable
now provides explicit control. now provides explicit control.
* .path and .socket units may now be created transiently, too. * .path and .socket units may now be created transiently, too.
skipping to change at line 5052 skipping to change at line 5532
* The new ProtectControlGroups= option can be used to disable write * The new ProtectControlGroups= option can be used to disable write
access by a service to /sys/fs/cgroup. access by a service to /sys/fs/cgroup.
* Various systemd services have been hardened with * Various systemd services have been hardened with
ProtectKernelTunables=yes, ProtectControlGroups=yes, ProtectKernelTunables=yes, ProtectControlGroups=yes,
RestrictAddressFamilies=. RestrictAddressFamilies=.
* Support for dynamically creating users for the lifetime of a service * Support for dynamically creating users for the lifetime of a service
has been added. If DynamicUser=yes is specified, user and group IDs has been added. If DynamicUser=yes is specified, user and group IDs
will be allocated from the range 61184..65519 for the lifetime of the will be allocated from the range 6118465519 for the lifetime of the
service. They can be resolved using the new nss-systemd.so NSS service. They can be resolved using the new nss-systemd.so NSS
module. The module must be enabled in /etc/nsswitch.conf. Services module. The module must be enabled in /etc/nsswitch.conf. Services
started in this way have PrivateTmp= and RemoveIPC= enabled, so that started in this way have PrivateTmp= and RemoveIPC= enabled, so that
any resources allocated by the service will be cleaned up when the any resources allocated by the service will be cleaned up when the
service exits. They also have ProtectHome=read-only and service exits. They also have ProtectHome=read-only and
ProtectSystem=strict enabled, so they are not able to make any ProtectSystem=strict enabled, so they are not able to make any
permanent modifications to the system. permanent modifications to the system.
* The nss-systemd module also always resolves root and nobody, making * The nss-systemd module also always resolves root and nobody, making
it possible to have no /etc/passwd or /etc/group files in minimal it possible to have no /etc/passwd or /etc/group files in minimal
skipping to change at line 5794 skipping to change at line 6274
line via systemd.default_timeout_start_sec=. It was already line via systemd.default_timeout_start_sec=. It was already
configurable via the DefaultTimeoutStartSec= option in configurable via the DefaultTimeoutStartSec= option in
/etc/systemd/system.conf. /etc/systemd/system.conf.
* Socket units gained a new TriggerLimitIntervalSec= and * Socket units gained a new TriggerLimitIntervalSec= and
TriggerLimitBurst= setting to configure a limit on the activation TriggerLimitBurst= setting to configure a limit on the activation
rate of the socket unit. rate of the socket unit.
* The LimitNICE= setting now optionally takes normal UNIX nice values * The LimitNICE= setting now optionally takes normal UNIX nice values
in addition to the raw integer limit value. If the specified in addition to the raw integer limit value. If the specified
parameter is prefixed with "+" or "-" and is in the range -20..19 the parameter is prefixed with "+" or "-" and is in the range -2019 the
value is understood as UNIX nice value. If not prefixed like this it value is understood as UNIX nice value. If not prefixed like this it
is understood as raw RLIMIT_NICE limit. is understood as raw RLIMIT_NICE limit.
* Note that the effect of the PrivateDevices= unit file setting changed * Note that the effect of the PrivateDevices= unit file setting changed
slightly with this release: the per-device /dev file system will be slightly with this release: the per-device /dev file system will be
mounted read-only from this version on, and will have "noexec" mounted read-only from this version on, and will have "noexec"
set. This (minor) change of behavior might cause some (exceptional) set. This (minor) change of behavior might cause some (exceptional)
legacy software to break, when PrivateDevices=yes is set for its legacy software to break, when PrivateDevices=yes is set for its
service. Please leave PrivateDevices= off if you run into problems service. Please leave PrivateDevices= off if you run into problems
with this. with this.
skipping to change at line 6132 skipping to change at line 6612
environments which are not aware of the concept of btrfs environments which are not aware of the concept of btrfs
subvolumes. subvolumes.
* systemd-detect-virt gained a new --chroot switch to detect * systemd-detect-virt gained a new --chroot switch to detect
whether execution takes place in a chroot() environment. whether execution takes place in a chroot() environment.
* CPUAffinity= now takes CPU index ranges in addition to * CPUAffinity= now takes CPU index ranges in addition to
individual indexes. individual indexes.
* The various memory-related resource limit settings (such as * The various memory-related resource limit settings (such as
LimitAS=) now understand the usual K, M, G, ... suffixes to LimitAS=) now understand the usual K, M, G, suffixes to
the base of 1024 (IEC). Similar, the time-related resource the base of 1024 (IEC). Similar, the time-related resource
limit settings understand the usual min, h, day, ... limit settings understand the usual min, h, day, suffixes
suffixes now. now.
* There's a new system.conf setting DefaultTasksMax= to * There's a new system.conf setting DefaultTasksMax= to
control the default TasksMax= setting for services and control the default TasksMax= setting for services and
scopes running on the system. (TasksMax= is the primary scopes running on the system. (TasksMax= is the primary
setting that exposes the "pids" cgroup controller on systemd setting that exposes the "pids" cgroup controller on systemd
and was introduced in the previous systemd release.) The and was introduced in the previous systemd release.) The
setting now defaults to 512, which means services that are setting now defaults to 512, which means services that are
not explicitly configured otherwise will only be able to not explicitly configured otherwise will only be able to
create 512 processes or threads at maximum, from this create 512 processes or threads at maximum, from this
version on. Note that this means that thread- or version on. Note that this means that thread- or
skipping to change at line 6910 skipping to change at line 7390
units. (Also available as x-systemd.idle-timeout= in /etc/fstab). units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
* The EFI System Partition (ESP) as mounted to /boot by * The EFI System Partition (ESP) as mounted to /boot by
systemd-efi-boot-generator will now be unmounted systemd-efi-boot-generator will now be unmounted
automatically after 2 minutes of not being used. This should automatically after 2 minutes of not being used. This should
minimize the risk of ESP corruptions. minimize the risk of ESP corruptions.
* New /etc/fstab options x-systemd.requires= and * New /etc/fstab options x-systemd.requires= and
x-systemd.requires-mounts-for= are now supported to express x-systemd.requires-mounts-for= are now supported to express
additional dependencies for mounts. This is useful for additional dependencies for mounts. This is useful for
journalling file systems that support external journal journaling file systems that support external journal
devices or overlay file systems that require underlying file devices or overlay file systems that require underlying file
systems to be mounted. systems to be mounted.
* systemd does not support direct live-upgrades (via systemctl * systemd does not support direct live-upgrades (via systemctl
daemon-reexec) from versions older than v44 anymore. As no daemon-reexec) from versions older than v44 anymore. As no
distribution we are aware of shipped such old versions in a distribution we are aware of shipped such old versions in a
stable release this should not be problematic. stable release this should not be problematic.
* When systemd forks off a new per-connection service instance * When systemd forks off a new per-connection service instance
it will now set the $REMOTE_ADDR environment variable to the it will now set the $REMOTE_ADDR environment variable to the
skipping to change at line 7069 skipping to change at line 7549
* systemd-journald will now translate audit message types to * systemd-journald will now translate audit message types to
human readable identifiers when writing them to the human readable identifiers when writing them to the
journal. This should improve readability of audit messages. journal. This should improve readability of audit messages.
* The LUKS logic gained support for the offset= and skip= * The LUKS logic gained support for the offset= and skip=
options in /etc/crypttab, as previously implemented by options in /etc/crypttab, as previously implemented by
Debian. Debian.
* /usr/lib/os-release gained a new optional field VARIANT= for * /usr/lib/os-release gained a new optional field VARIANT= for
distributions that support multiple variants (such as a distributions that support multiple variants (such as a
desktop edition, a server edition, ...) desktop edition, a server edition, )
Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy, Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel, Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
Mack, Daniel Mustieles, daurnimator, Davide Bettio, David Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov, Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke, Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
skipping to change at line 7524 skipping to change at line 8004
friendly way. friendly way.
* busctl gained a new --augment-creds= argument that controls * busctl gained a new --augment-creds= argument that controls
whether the tool shall augment credential information it whether the tool shall augment credential information it
gets from the bus with data from /proc, in a possibly gets from the bus with data from /proc, in a possibly
race-ful way. race-ful way.
* nspawn's --link-journal= switch gained two new values * nspawn's --link-journal= switch gained two new values
"try-guest" and "try-host" that work like "guest" and "try-guest" and "try-host" that work like "guest" and
"host", but do not fail if the host has no persistent "host", but do not fail if the host has no persistent
journalling enabled. -j is now equivalent to journaling enabled. -j is now equivalent to
--link-journal=try-guest. --link-journal=try-guest.
* macvlan network devices created by nspawn will now have * macvlan network devices created by nspawn will now have
stable MAC addresses. stable MAC addresses.
* A new SmackProcessLabel= unit setting has been added, which * A new SmackProcessLabel= unit setting has been added, which
controls the SMACK security label processes forked off by controls the SMACK security label processes forked off by
the respective unit shall use. the respective unit shall use.
* If compiled with --enable-xkbcommon, systemd-localed will * If compiled with --enable-xkbcommon, systemd-localed will
skipping to change at line 7568 skipping to change at line 8048
journald.conf, sleep.conf, bootchart.conf, coredump.conf, journald.conf, sleep.conf, bootchart.conf, coredump.conf,
resolved.conf, timesyncd.conf, journal-remote.conf, and resolved.conf, timesyncd.conf, journal-remote.conf, and
journal-upload.conf. Note that distributions should use the journal-upload.conf. Note that distributions should use the
configuration directories in /usr/lib/; the directories in configuration directories in /usr/lib/; the directories in
/etc/ are reserved for the system administrator. /etc/ are reserved for the system administrator.
* systemd-rfkill will no longer take the rfkill device name * systemd-rfkill will no longer take the rfkill device name
into account when storing rfkill state on disk, as the name into account when storing rfkill state on disk, as the name
might be dynamically assigned and not stable. Instead, the might be dynamically assigned and not stable. Instead, the
ID_PATH udev variable combined with the rfkill type (wlan, ID_PATH udev variable combined with the rfkill type (wlan,
bluetooth, ...) is used. bluetooth, ) is used.
* A new service systemd-machine-id-commit.service has been * A new service systemd-machine-id-commit.service has been
added. When used on systems where /etc is read-only during added. When used on systems where /etc is read-only during
boot, and /etc/machine-id is not initialized (but an empty boot, and /etc/machine-id is not initialized (but an empty
file), this service will copy the temporary machine ID file), this service will copy the temporary machine ID
created as replacement into /etc after the system is fully created as replacement into /etc after the system is fully
booted up. This is useful for systems that are freshly booted up. This is useful for systems that are freshly
installed with a non-initialized machine ID, but should get installed with a non-initialized machine ID, but should get
a fixed machine ID for subsequent boots. a fixed machine ID for subsequent boots.
skipping to change at line 7798 skipping to change at line 8278
placing the rebuilt hardware database in /usr instead of placing the rebuilt hardware database in /usr instead of
/etc. When used only hardware database entries stored in /etc. When used only hardware database entries stored in
/usr will be used, and any user database entries in /etc are /usr will be used, and any user database entries in /etc are
ignored. This functionality is useful for vendors to ship a ignored. This functionality is useful for vendors to ship a
pre-built database on systems where local configuration is pre-built database on systems where local configuration is
unnecessary or unlikely. unnecessary or unlikely.
* Calendar time specifications in .timer units now also * Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting "minutely" as shortcuts (in addition to the preexisting
"annually", "hourly", ...). "annually", "hourly", ).
* systemd-tmpfiles will now correctly create files in /dev * systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is at boot which are marked for creation only at boot. It is
recommended to always create static device nodes with 'c!' recommended to always create static device nodes with 'c!'
and 'b!', so that they are created only at boot and not and 'b!', so that they are created only at boot and not
overwritten at runtime. overwritten at runtime.
* When the watchdog logic is used for a service (WatchdogSec=) * When the watchdog logic is used for a service (WatchdogSec=)
and the watchdog timeout is hit the service will now be and the watchdog timeout is hit the service will now be
terminated with SIGABRT (instead of just SIGTERM), in order terminated with SIGABRT (instead of just SIGTERM), in order
skipping to change at line 9018 skipping to change at line 9498
* udev learned a new SECLABEL{} construct to label device * udev learned a new SECLABEL{} construct to label device
nodes with a specific security label when they appear. For nodes with a specific security label when they appear. For
now, only SECLABEL{selinux} is supported, but the syntax is now, only SECLABEL{selinux} is supported, but the syntax is
prepared for additional security frameworks. prepared for additional security frameworks.
* udev gained a new scheme to configure link-level attributes * udev gained a new scheme to configure link-level attributes
from files in /etc/systemd/network/*.link. These files can from files in /etc/systemd/network/*.link. These files can
match against MAC address, device path, driver name and type, match against MAC address, device path, driver name and type,
and will apply attributes like the naming policy, link speed, and will apply attributes like the naming policy, link speed,
MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
address assignment policy (randomized, ...). address assignment policy (randomized, ).
* The configuration of network interface naming rules for * The configuration of network interface naming rules for
"permanent interface names" has changed: a new NamePolicy= "permanent interface names" has changed: a new NamePolicy=
setting in the [Link] section of .link files determines the setting in the [Link] section of .link files determines the
priority of possible naming schemes (onboard, slot, MAC, priority of possible naming schemes (onboard, slot, MAC,
path). The default value of this setting is determined by path). The default value of this setting is determined by
/usr/lib/net/links/99-default.link. Old /usr/lib/net/links/99-default.link. Old
80-net-name-slot.rules udev configuration file has been 80-net-name-slot.rules udev configuration file has been
removed, so local configuration overriding this file should removed, so local configuration overriding this file should
be adapted to override 99-default.link instead. be adapted to override 99-default.link instead.
skipping to change at line 9095 skipping to change at line 9575
* The FsckPassNo= compatibility option in mount/service units * The FsckPassNo= compatibility option in mount/service units
has been removed. The fstab generator will now add the has been removed. The fstab generator will now add the
necessary dependencies automatically, and does not require necessary dependencies automatically, and does not require
PID1's support for that anymore. PID1's support for that anymore.
* journalctl gained a new switch, --list-boots, that lists * journalctl gained a new switch, --list-boots, that lists
recent boots with their times and boot IDs. recent boots with their times and boot IDs.
* The various tools like systemctl, loginctl, timedatectl, * The various tools like systemctl, loginctl, timedatectl,
busctl, systemd-run, ... have gained a new switch "-M" to busctl, systemd-run, have gained a new switch "-M" to
connect to a specific, local OS container (as direct connect to a specific, local OS container (as direct
connection, without requiring SSH). This works on any connection, without requiring SSH). This works on any
container that is registered with machined, such as those container that is registered with machined, such as those
created by libvirt-lxc or nspawn. created by libvirt-lxc or nspawn.
* systemd-run and systemd-analyze also gained support for "-H" * systemd-run and systemd-analyze also gained support for "-H"
to connect to remote hosts via SSH. This is particularly to connect to remote hosts via SSH. This is particularly
useful for systemd-run because it enables queuing of jobs useful for systemd-run because it enables queuing of jobs
onto remote systems. onto remote systems.
skipping to change at line 9844 skipping to change at line 10324
files from the system, as opening individual files only is files from the system, as opening individual files only is
racy due to journal file rotation. racy due to journal file rotation.
* systemd gained the new DefaultEnvironment= setting in * systemd gained the new DefaultEnvironment= setting in
/etc/systemd/system.conf to set environment variables for /etc/systemd/system.conf to set environment variables for
all services. all services.
* If a privileged process logs a journal message with the * If a privileged process logs a journal message with the
OBJECT_PID= field set, then journald will automatically OBJECT_PID= field set, then journald will automatically
augment this with additional OBJECT_UID=, OBJECT_GID=, augment this with additional OBJECT_UID=, OBJECT_GID=,
OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if OBJECT_COMM=, OBJECT_EXE=, fields. This is useful if
system services want to log events about specific client system services want to log events about specific client
processes. journactl/systemctl has been updated to make use processes. journactl/systemctl has been updated to make use
of this information if all log messages regarding a specific of this information if all log messages regarding a specific
unit is requested. unit is requested.
Contributions from: Auke Kok, Chengwei Yang, Colin Walters, Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
Reisner, David Coppa, David King, David Strauss, Eelco Reisner, David Coppa, David King, David Strauss, Eelco
Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
skipping to change at line 10048 skipping to change at line 10528
configured mount points automatic dependencies will now be configured mount points automatic dependencies will now be
generated to ensure the specific mount is established first generated to ensure the specific mount is established first
before the key file is attempted to be read. before the key file is attempted to be read.
* 'systemctl status' will now show information about the * 'systemctl status' will now show information about the
network sockets a socket unit is listening on. network sockets a socket unit is listening on.
* 'systemctl status' will also shown information about any * 'systemctl status' will also shown information about any
drop-in configuration file for units. (Drop-In configuration drop-in configuration file for units. (Drop-In configuration
files in this context are files such as files in this context are files such as
/etc/systemd/systemd/foobar.service.d/*.conf) /etc/systemd/system/foobar.service.d/*.conf)
* systemd-cgtop now optionally shows summed up CPU times of * systemd-cgtop now optionally shows summed up CPU times of
cgroups. Press '%' while running cgtop to switch between cgroups. Press '%' while running cgtop to switch between
percentage and absolute mode. This is useful to determine percentage and absolute mode. This is useful to determine
which cgroups use up the most CPU time over the entire which cgroups use up the most CPU time over the entire
runtime of the system. systemd-cgtop has also been updated runtime of the system. systemd-cgtop has also been updated
to be 'pipeable' for processing with further shell tools. to be 'pipeable' for processing with further shell tools.
* 'hostnamectl set-hostname' will now allow setting of FQDN * 'hostnamectl set-hostname' will now allow setting of FQDN
hostnames. hostnames.
skipping to change at line 10984 skipping to change at line 11464
is changed. is changed.
* logind's inhibition logic has been updated. By default, * logind's inhibition logic has been updated. By default,
logind will now handle the lid switch, the power and sleep logind will now handle the lid switch, the power and sleep
keys all the time, even in graphical sessions. If DEs want keys all the time, even in graphical sessions. If DEs want
to handle these events on their own they should take the new to handle these events on their own they should take the new
handle-power-key, handle-sleep-key and handle-lid-switch handle-power-key, handle-sleep-key and handle-lid-switch
inhibitors during their runtime. A simple way to achieve inhibitors during their runtime. A simple way to achieve
that is to invoke the DE wrapped in an invocation of: that is to invoke the DE wrapped in an invocation of:
systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-sw itch ... systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-sw itch
* Access to unit operations is now checked via SELinux taking * Access to unit operations is now checked via SELinux taking
the unit file label and client process label into account. the unit file label and client process label into account.
* systemd will now notify the administrator in the journal * systemd will now notify the administrator in the journal
when he over-mounts a non-empty directory. when he over-mounts a non-empty directory.
* There are new specifiers that are resolved in unit files, * There are new specifiers that are resolved in unit files,
for the hostname (%H), the machine ID (%m) and the boot ID for the hostname (%H), the machine ID (%m) and the boot ID
(%b). (%b).
skipping to change at line 11391 skipping to change at line 11871
All future udev development will happen in the systemd tree. It All future udev development will happen in the systemd tree. It
is still fully supported to use the udev daemon and tools without is still fully supported to use the udev daemon and tools without
systemd running, like in initramfs or other init systems. Building systemd running, like in initramfs or other init systems. Building
udev though, will require the *build* of the systemd tree, but udev though, will require the *build* of the systemd tree, but
udev can be properly *run* without systemd. udev can be properly *run* without systemd.
* udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
should be used to create dead device nodes as workarounds for broken should be used to create dead device nodes as workarounds for broken
subsystems. subsystems.
* udev: RUN+="socket:..." and udev_monitor_new_from_socket() is * udev: RUN+="socket:" and udev_monitor_new_from_socket() is
no longer supported. udev_monitor_new_from_netlink() needs to be no longer supported. udev_monitor_new_from_netlink() needs to be
used to subscribe to events. used to subscribe to events.
* udev: when udevd is started by systemd, processes which are left * udev: when udevd is started by systemd, processes which are left
behind by forking them off of udev rules, are unconditionally cleaned behind by forking them off of udev rules, are unconditionally cleaned
up and killed now after the event handling has finished. Services or up and killed now after the event handling has finished. Services or
daemons must be started as systemd services. Services can be daemons must be started as systemd services. Services can be
pulled-in by udev to get started, but they can no longer be directly pulled-in by udev to get started, but they can no longer be directly
forked by udev rules. forked by udev rules.
 End of changes. 19 change blocks. 
19 lines changed or deleted 501 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)