morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

NEWS: cleanups and rewordings, extend the section about musl

Browse Source 
I think we should make it clear that the "incomplete musl support" does not
mean that it'll for certain be completed later. The feedback from users will be
an important consideration.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
2025-11-17 15:17:23 +01:00
parent cfb6c54324
commit 652dc1125a
1 changed files with 125 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
NEWS
View File

@@ -44,21 +44,13 @@ CHANGES WITH 259 in spe:
* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
have been used to retain a pristine copy of the downloaded image,
while modifications are made to a 2nd, local writable copy of the
image. Hence, effectively they have been read-only anyway already,
this change makes this official.
were already used to retain a pristine copy of the downloaded image,
while modifications were made to a 2nd, local writable copy of the
image. Hence, effectively they were read-only already, and this is
now official.
Service manager/PID1:
* The service manager will now show the wallclock time a service ran
for when it exits in the same log message where it previously only
showed the consumed CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills by the kernel or systemd-oomd.
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
@@ -74,26 +66,34 @@ CHANGES WITH 259 in spe:
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
* The log message made when a service exists will now show the
wallclock time the service took in addition to the previously shown
CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills made by the kernel or systemd-oomd.
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
rather than a path the new root directory to use.
rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
NetworkNamespacePath= settings, but applies to Linux user
namespaces.
NetworkNamespacePath= options, but applies to Linux user namespaces.
* The service manager gained a new setting ExecReloadPost= for
configuring commands to execute after reloading of the configuration
of service has completed.
* The service manager gained a new ExecReloadPost= setting to configure
commands to execute after reloading of the configuration of the
service has completed.
* Service manager job activation transactions now get a per-system
unique 64bit numeric ID assigned. This ID is logged as additional log
fields for any log messages related to the transaction. Moreover, PID 1
will now keep track of transactions with ordering cycles and expose
them in the TransactionsWithOrderingCycle D-Bus property, listed by
their IDs.
unique 64-bit numeric ID assigned. This ID is logged as an additional
log field for in messages related to the transaction.
* The service manager now keeps track of transactions with ordering
cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
property.
systemd-sysext/systemd-confext:
@@ -102,12 +102,12 @@ CHANGES WITH 259 in spe:
which can be used to configure mutability or the image policy to
apply to DDI images.
* systemd-sysext's --mutable= switch now accepts a new value "help" for
listing available mutability modes. (Similar: systemd-confext)
* systemd-sysext's and systemd-confext's --mutable= switch now accepts
a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
variable. Similar systemd-confext now supports
variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
@@ -127,11 +127,11 @@ CHANGES WITH 259 in spe:
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
inside the VM, in a simple one-step operation.
inside the VM in a simple one-step operation.
* Both systemd-vmspawn and systemd-nspawn gained a new
--bind-user-group= switch for adding a user bound via --bind-user= to
the specified group (for example the 'wheel' or 'empower' group).
* systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
switch to add a user bound via --bind-user= to the specified group
(useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
@@ -144,23 +144,23 @@ CHANGES WITH 259 in spe:
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
settable via the systemd-repart command line. Similar, KeyFile= has
settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
* systemd-repart may now be invoked with a device node path specified as
"-". If so instead of operating on a block device it will just
* systemd-repart may now be invoked with a device node path specified
as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
partitions on, and exit.
partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-partitions= but instead of expecting a list of partitions to
defer will blanket defer all partitions marked via Format=empty or
defer will defer all partitions marked via Format=empty or
FactoryReset=yes. This functionality is useful for installers, as
partitions marked empty or marked for factory reset should typically
be left out at install time, but in on first boot.
be left out at install time, but not on first boot.
* The Subvolumes= values in repart.d/ drop-ins may now be suffixed with
:nodatacow, in order to create subvolumes with data Copy-on-Write
@@ -173,23 +173,22 @@ CHANGES WITH 259 in spe:
similar to "udevadm test --json=short".
* The net_id builtin for systemd-udevd now can generate predictable
interface names for Wifi devices on Devicetree systems.
interface names for Wifi devices on DeviceTree systems.
* systemd-udevd and systemd-repart will now reread partition tables on
block devices in a more graceful, incremental fashion. Specifically, it
no longer uses the kernel BLKRRPART ioctl() which removes all
in-memory partition objects loaded into the kernel, and then
recreates them as new objects. Instead it will use the BLKPG ioctl()
to make minimal changes, and individually add, remove or grow
modified partition objects, avoiding removal/readding where the
partitions were left unmodified on disk. This should greatly improve
behaviour on systems that make modifications to partition tables on
disk while using them.
block devices in a more graceful, incremental fashion. Specifically,
they no longer use the kernel BLKRRPART ioctl() which removes all
in-memory partition objects loaded into the kernel and then recreates
them as new objects. Instead they will use the BLKPG ioctl() to make
minimal changes, and individually add, remove, or grow modified
partitions, avoiding removal/readding where the partitions were left
unmodified on disk. This should greatly improve behaviour on systems
that make modifications to partition tables on disk while using them.
* A new udev property ID_BLOCK_SUBSYSTEM is now exposed on block devices
reporting a short identifier for the subsystem a block device belongs
to. This only applies to block devices not connected to a regular bus,
i.e. virtual block devices such as loopback, DM, MD, zram.
i.e. virtual block devices such as loopback, DM, MD, or zram.
* systemd-udevd will now generate /dev/gpio/by-id/… symlinks for GPIO
devices.
@@ -200,20 +199,21 @@ CHANGES WITH 259 in spe:
command to add recovery keys to existing user accounts. Previously,
recovery keys could only be configured during initial user creation.
* Two new switches have been added to homectl to control whether to
query the user interactively for a login shell and supplementary
groups memberships when interactive firstboot operation is requested
(--prompt-shell= + --prompt-groups=). The invocation in
* Two new --prompt-shell= and --prompt-groups= options have been added
to homectl to control whether to query the user interactively for a
login shell and supplementary groups memberships when interactive
firstboot operation is requested. The invocation in
systemd-homed-firstboot.service now turns both off by default.
systemd-boot/systemd-stub:
* systemd-boot now supports a log level concept. The level may be set
via log-level= in loader.conf and via the SMBIOS Type 11 field
* systemd-boot now supports log levels. The level may be set via
log-level= in loader.conf and via the SMBIOS Type 11 field
'io.systemd.boot.loglevel='.
* systemd-boot's loader.conf file gained support for configuring the
SecureBoot key enrollment time-out via secure-boot-enroll-timeout-sec=.
SecureBoot key enrollment time-out via
secure-boot-enroll-timeout-sec=.
* Boot Loader Specification Type #1 entries now support a "profile"
field which may be used to explicitly select a profile in
@@ -221,8 +221,8 @@ CHANGES WITH 259 in spe:
sd-varlink/varlinkctl:
* sd-varlink's sd_varlink_set_relative_timeout() call will now
reset the time-out to the default if 0 is passed.
* sd-varlink's sd_varlink_set_relative_timeout() call will now reset
the timeout to the default if 0 is passed.
* sd-varlink's sd_varlink_server_new() call learned two new flags
SD_VARLINK_SERVER_HANDLE_SIGTERM + SD_VARLINK_SERVER_HANDLE_SIGINT,
@@ -244,20 +244,20 @@ CHANGES WITH 259 in spe:
weak, which is useful to reduce footprint inside of containers and
such, where Linux audit doesn't really work anyway.
* Similar PAM support is now implemented via dlopen() too (except for
* Similarly PAM support is now implemented via dlopen() too (except for
the PAM modules pam_systemd + pam_systemd_home + pam_systemd_loadkey,
which are loaded by PAM and hence need PAM anyway to operate).
* Similar, libacl support is now implemented via dlopen().
* Similarly, libacl support is now implemented via dlopen().
* Similar, libblkid support is now implemented via dlopen().
* Similarly, libblkid support is now implemented via dlopen().
* Similar, libseccomp support is now implemented via dlopen().
* Similarly, libseccomp support is now implemented via dlopen().
* Similar, libselinux support is now implemented via dlopen().
* Similarly, libselinux support is now implemented via dlopen().
* Similar, libmount support is now implemented via dlopen(). Note, that
libmount still must be installed in order to invoke the service
* Similarly, libmount support is now implemented via dlopen(). Note,
that libmount still must be installed in order to invoke the service
manager itself. However, libsystemd.so no longer requires it, and
neither do various ways to invoke the systemd service manager binary
short of using it to manage a system.
@@ -278,20 +278,19 @@ CHANGES WITH 259 in spe:
* systemd-machined may now also run in a per-user instance, in addition
to the per-system instance. systemd-vmspawn and systemd-nspawn have
been updated to register their invocations with both the calling
user's per-user instance of systemd-machined and the per-system one,
if permissions allow it. machinectl now knows --user and --system
switches that control which daemon instance to operate
on. systemd-ssh-proxy now will query both instances for the AF_VSOCK
CID.
user's instance of systemd-machined and the system one, if
permissions allow it. machinectl now accepts --user and --system
switches that control which daemon instance to operate on.
systemd-ssh-proxy now will query both instances for the AF_VSOCK CID.
* systemd-machined implements a resolve hook now, so that the names of
local containers and VMs can be resolved locally to their respective
IP addresses.
* systemd-importd's tar extraction logic has been reimplemented based
on libarchive, instead of shelling out to GNU tar. This completes
work begun earlier which already ported systemd-importd's tar
generation.
on libarchive, replacing the previous implementation calling GNU tar.
This completes work begun earlier which already ported
systemd-importd's tar generation.
* systemd-importd now may also be run as a per-user service, in
addition to the existing per-system instance. It will place the
@@ -309,18 +308,18 @@ CHANGES WITH 259 in spe:
* systemd-firstboot's and homectl's interactive boot-time interface
will now temporarily mute the kernel's and PID1's own console output
while running, in order to not mix the tool's own output with the
kernel's or PID 1's. This logic can be controlled via the new
other sources. This logic can be controlled via the new
--mute-console= switches to both tools. This is implemented via a new
systemd-mute-console component (which provides a simple Varlink
interface).
* systemd-firstboot gained a new switch --prompt-keymap-auto. If
* systemd-firstboot gained a new switch --prompt-keymap-auto. When
specified, the tool will interactively query the user for a keymap
when running on a real local VT console (i.e. on a user device where
the keymap would actually be respected), but not if invoked on other
TTYs (such as a serial port, hypervisor console, SSH, …), where the
keymap setting would have no effect anyway. The invocation in
systemd-firstboot.service now defaults to this.
systemd-firstboot.service now uses this.
systemd-creds:
@@ -330,27 +329,27 @@ CHANGES WITH 259 in spe:
command line.
* systemd-creds now allow explicit control of whether to accept
encryption with a NULL key when decrypting, via the pair --allow-null
and --refuse-null switches. Previously only the former existed, but
null keys were also accepted if UEFI SecureBoot was reported
off. This automatism is retained, but only if neither of the two
switches are specified. The systemd-creds Varlink IPC API learned
similar parameters on the Decrypt() call.
encryption with a NULL key when decrypting, via the --allow-null and
--refuse-null switches. Previously only the former existed, but null
keys were also accepted if UEFI SecureBoot was reported off. This
automatism is retained, but only if neither of the two switches are
specified. The systemd-creds Varlink IPC API learned similar
parameters on the Decrypt() call.
systemd-networkd:
* systemd-networkd's DHCP sever support gained two settings EmitDomain=
and Domain= for controlling whether leases handed out should report a
domain, and which. It also gained a per-static lease Hostname=
setting for setting the hostname for the client.
setting for the hostname of the client.
* systemd-networkd now exposes a Describe() method call for showing
network interface properties.
* systemd-networkd now exposes a Describe() method call to show network
interface properties.
* systemd-networkd now implements a resolve hook for its internal DHCP
server, so that the hostnames tracked in DHCP leases can be resolved
locally. This is now enabled by default for the DHCP server running on
the host side of local systemd-nspawn or systemd-vmspawn networking.
locally. This is now enabled by default for the DHCP server running
on the host side of local systemd-nspawn or systemd-vmspawn networks.
systemd-resolved:
@@ -388,16 +387,16 @@ CHANGES WITH 259 in spe:
(i.e. initrd userspace creates them and initializes them), including
in the pre-kernel firmware world; moreover, they require an explicit
"anchor" initialization of a privileged per-system secret (in order
to prevent attackers from removing/recreating the backing NV
indexes to reset them). This makes them predictable only if the
result of the anchor measurement is known ahead of time, which will
differ on each installed system. Initialization of defined NvPCRs is
done in systemd-tpm2-setup.service, in the initrd. Information about
the initialization of NvPCRs is measured into PCR 9, and finalized by
a separator measurement. The NV index base handle is configurable at
to prevent attackers from removing/recreating the backing NV indexes
to reset them). This makes them predictable only if the result of the
anchor measurement is known ahead of time, which will differ on each
installed system. Initialization of defined NvPCRs is done in
systemd-tpm2-setup.service in the initrd. Information about the
initialization of NvPCRs is measured into PCR 9, and finalized by a
separator measurement. The NV index base handle is configurable at
build time via the "tpm2-nvpcr-base" meson setting. It currently
defaults to a value the TCG has shown intention to assign to Linux,
but this has not officially been done yet. systemd-pcrextend and its
defaults to a value the TCG has shown intent to assign to Linux, but
this has not officially been done yet. systemd-pcrextend and its
Varlink APIs have been extended to optionally measure into an NvPCR
instead of a classic PCR.
@@ -422,17 +421,18 @@ CHANGES WITH 259 in spe:
systemd-run/run0:
* run0 gained a new --empower switch. It will invoke a new session with
elevated privileges without switching to the root user. Specifically,
it sets the full ambient capabilities mask (including CAP_SYS_ADMIN),
which ensures that privileged system calls will typically be permitted.
Moreover, it adds the session processes to the new "empower" system
group, which is respected by polkit and allows most polkit actions to
be accessed fully privileged. This should be a much less invasive way
to acquire privileges, as it will not switch over $HOME or the UID and
hence risk creation of files owned by the wrong UID in there. (Note
that --empower is not perfect, there's still various software around
that does access checks purely based on the UID, without Linux process
capabilities or polkit policies having any effect on them.)
elevated privileges without switching to the root user.
Specifically, it sets the full ambient capabilities mask (including
CAP_SYS_ADMIN), which ensures that privileged system calls will
typically be permitted. Moreover, it adds the session processes to
the new "empower" system group, which is respected by polkit and
allows privileged access to most polkit actions. This provides a much
less invasive way to acquire privileges, as it will not change $HOME
or the UID and hence risk creation of files owned by the wrong UID in
the user's home. (Note that --empower might not work in all cases, as
many programs still do access checks purely based on the UID, without
Linux process capabilities or polkit policies having any effect on
them.)
* systemd-run gained support for --root-directory= to invoke the service
in the specified root directory. It also gained --same-root-dir (with
@@ -460,10 +460,10 @@ CHANGES WITH 259 in spe:
the same name systemd-sysusers already supports.
* systemd-cryptsetup has been updated to understand a new
tpm2-measure-keyslot-nvpcr= switch which takes an NvPCR name to
measure information about the used LUKS keyslot
into. systemd-gpt-auto-generator enables this by default for a new
"cryptsetup" NvPCR.
tpm2-measure-keyslot-nvpcr= option which takes an NvPCR name to
measure information about the used LUKS keyslot into.
systemd-gpt-auto-generator now uses this for a new "cryptsetup"
NvPCR.
* systemd will now ignore configuration file drop-ins suffixed with
".ignore" in most places, similar to how it already ignores files
@@ -473,16 +473,6 @@ CHANGES WITH 259 in spe:
* systemd-modules-load will now load configured kernel modules in
parallel.
* Incomplete support for musl libc is now available by setting the
"libc" meson option to "musl". Note that we do not recommend usage of
musl, due to various limitations. i.e. since NSS or equivalent
functionality is not available nss-systemd, nss-resolve,
DynamicUser=, systemd-homed, systemd-userdbd, the foreign UID ID,
unprivileged systemd-nspawn, systemd-nsresourced, and so on will not
work. It's also not recommended for devices with constrained
resources as the usual memory pressure behaviour of long-running
systemd services has no effect on musl.
* systemd-integrity-setup now supports HMAC-SHA256, PHMAC-SHA256,
PHMAC-SHA512.
@@ -499,6 +489,22 @@ CHANGES WITH 259 in spe:
* system-alloc-{uid,gid}-min are now exported in systemd.pc.
* Incomplete support for musl libc is now available by setting the
"libc" meson option to "musl". Note that systemd compiled with musl
has various limitations: since NSS or equivalent functionality is not
available, nss-systemd, nss-resolve, DynamicUser=, systemd-homed,
systemd-userdbd, the foreign UID ID, unprivileged systemd-nspawn,
systemd-nsresourced, and so on will not work. Also, the usual memory
pressure behaviour of long-running systemd services has no effect on
musl. We also implemented a bunch of shims and workarounds to
support compiling and running with musl. Caveat emptor.
This support for musl is provided without a promise of continued
support in future releases. We'll make the decision based on the
amount of work required to maintain the compatibility layer in
systemd, how many musl-specific bugs are reported, and feedback on
the desirability of this effort provided by users and distributions.
Contributions from: Alan Brady, Alberto Planas, Aleksandr Mezin,
Allison Karlitskaya, Andreas Schneider, Anton Tiurin,
Antonio Alvarez Feijoo, Arian van Putten, Armin Wolf,