Commit 1d42b86d authored by Michael Biebl's avatar Michael Biebl
Browse files

New upstream version 237

parent 52ad194e
......@@ -142,3 +142,10 @@ Lukáš Říha <cedel@centrum.cz>
Alan Robertson <aroberts@zen.iomart.com> <alanjrobertson@gmail.com>
Martin Steuer <martinsteuer@gmx.de>
Matthias-Christian Ott <ott@mirix.org> <ott@users.noreply.github.com>
Larry Bernstone <lbernstone@gmail.com>
Michał Szczepański <skrzatu@hotmail.com> <skrzatu@gmail.com>
Tomasz Bachorski <tomasz.bachorski@x7f.io> <34866781+nulsoh@users.noreply.github.com>
Zachary Winnerman <33329648+winnerman-pythian@users.noreply.github.com>
Vladislav Vishnyakov <split7fire@yandex.ru>
Robert Kolchmeyer <rkolchmeyer@google.com> <rkolchmeyer@users.noreply.github.com>
George Gaydarov <git@gg7.io> <gg7@users.noreply.github.com>
......@@ -50,7 +50,7 @@ BuildPackages=
kmod
libcap
libgcrypt
libidn
libidn2
libmicrohttpd
libseccomp
libtool
......@@ -66,7 +66,6 @@ BuildPackages=
python-lxml
qrencode
xz
# TODO use libidn2 once it's available in official repositories
Packages=
libidn
libidn2
language: c
compiler:
- gcc
before_install:
- sudo apt-get update -qq
- sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libmount-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gperf python2.7-dev
script: ./autogen.sh && ./configure && make V=1 && sudo ./systemd-machine-id-setup && make check && make distcheck
after_failure: cat test-suite.log
sudo: required
services:
- docker
jobs:
include:
- stage: build docker image
env:
# The machine id will be passed to Dockerfile for later checks
- MACHINE_ID=$(cat /var/lib/dbus/machine-id)
before_script: &update
# Ensure the latest version of docker is installed
- sudo apt-get update
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- docker --version
- env > .env
script:
# Copy content of CI_DIR into WORKDIR
- find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} +
- echo "ENV GIT_SHA ${TRAVIS_COMMIT}" >> Dockerfile
- echo "ENV MACHINE_ID ${MACHINE_ID}" >> Dockerfile
- echo "$(git log -1 ${TRAVIS_COMMIT})" >> COMMITINFO
# Build docker container
- $CI_SCRIPT_DIR/build-docker-image.sh
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
- docker push ${DOCKER_REPOSITORY}
- stage: build
language: c
compiler: gcc
env:
# The machine id will be passed to container
- MACHINE_ID=$(cat /var/lib/dbus/machine-id)
before_script: *update
script:
- docker run -dit --name travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
- docker exec -u 0 -ti travis_build bash -c "echo ${MACHINE_ID} > /etc/machine-id"
- docker exec -ti travis_build meson build
- docker exec -ti travis_build ninja -C build
# Commit it to the new image that will be used for testing
- docker commit -m "systemd build state" -a "${AUTHOR_NAME}" travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
- docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
- stage: test
language: c
compiler: gcc
before_script: *update
script:
- docker run --privileged --net=host -dit --name travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
- docker exec -ti travis_test ninja -C build test
- docker commit -m "systemd test state" -a "${AUTHOR_NAME}" travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
- docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
- stage: coverity scan
language: c
compiler: gcc
before_script: *update
env:
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
- COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
- COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
# Disable CCACHE for cov-build to compilation units correctly
- CCACHE_DISABLE=1
# Token for systemd/systemd Coverity Scan Analysis
# The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
# via the "travis encrypt" command using the project repo's public key
- secure: "UNQLspT89GYWuVKFqW5W5RyqqnYg5RvX20IrNraOddhpdV9nhKBtozrfmhGXDGZwfHGWHt6g7YROlD/NIMvDvThVJIEYvSQiXCoo2zRrwkl2siET5MjPfRG8numiLq0KX47KGmyBJISJZCgDUdNGqqGwgf7AhDN78I3XtgqjFT1z0mGl8n0wiFpKPi7i3nECvF4Mk7xCCHqwByaq0z5G9NkVlOvP1EyCxwv3B6I5Umfch7ibp7iH44YnVXILK+yEry5dMuctYwYkDouR80ChEPQQ5fhhpO4++HJmFuSpfMTeCHpucAd2xwSUijejYeN/GNQ177GxSSk/8hRBGcuSK8T/WJ+KiuJPhZObV8mw+a6+qdQssWY4F9jya5ZKbZ/yTbxjtQ0m4AgtL28P9bEze8pLh16zFMX+hIEuoFSNmJqmtNttfbD5TKyYVZml59s9wvhlvMnlNpRSQva88OAOjXtiA41g+XtTxxpfW9mgd7HYhzSBs1efNiK7PfkANgve7KIYMAmCAqasgb1IIAyX7stOlJH06QOFXNH55PmJLkkKyL3SMQzgryMDWegU+XbS8t43r0x14WLuE7sc9JtnOr/G8hthFaMRp8xLy9aCBwyEIkEsyWa50VMoZDa3Spdb4r1CKBwcGdCbyE4rCehwEIznbfrsSovhwiUds7bbhBU="
script:
# Copy content of CI_DIR into WORKDIR
- find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} +
# Build container for current user
- $CI_SCRIPT_DIR/build-docker-image.sh
# For kernel version 4.8+
- sudo sysctl vsyscall=emulate || true
# Prepare environment for Coverity tool
- |
PLATFORM=`uname`
export TOOL_BASE="/tmp/coverity-scan-analysis"
export SCAN_URL="https://scan.coverity.com"
export UPLOAD_URL="https://scan.coverity.com/builds"
export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz"
# Get Coverity tool
- $CI_TOOL_DIR/get-coverity.sh
- TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')"
# Export env variables for Coverity scan
- env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
- |
docker run -dit --env-file .cov-env \
-v ${TOOL_BASE}:${TOOL_BASE}:ro \
--name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
# Make sure Coverity script is executable
- docker cp scripts/coverity.sh travis_coverity_scan:/usr/local/bin
# Preconfigure with meson to prevent Coverity from capturing meson metadata
# Set compiler flag to prevent emit failure
- docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false"
# Run Coverity Analysis
- docker exec -it travis_coverity_scan coverity.sh build
- docker exec -it travis_coverity_scan coverity.sh upload
- stage: clean docker
language: python
# python:
# - "3.6" Probably broken ATM
env:
- SIZE_LIMIT="3000" # Limit in MBs
- TAG_LIMIT="3" # Number of tags to be kept at the time
before-script:
- sudo apt-get -y install python3
script:
# Get docker-remote tool and setup venv
- sudo $CI_TOOL_DIR/get-docker-remote.sh
# Activate virtual environment to be able to use docker-remote safely
- source venv/bin/activate
# Check the size and tag limit of the repo
- REPO_SIZE=$(docker-remote repository --size $DOCKER_REPOSITORY)
- TAG_COUNT=$(docker-remote tags --count $DOCKER_REPOSITORY)
- 'echo -e "\033[33;1mCurrent repository size: $REPO_SIZE in $TAG_COUNT tags \033[0m"'
- |
if [[ ${REPO_SIZE%.*} -gt $SIZE_LIMIT ]] || [[ $TAG_COUNT -gt $TAG_LIMIT ]]
then
docker-remote --login $DOCKER_USERNAME:$DOCKER_PASSWORD \
tags --assumeyes --pop-back --keep $TAG_LIMIT $DOCKER_REPOSITORY
fi
# Specify the order of stages and conditions
stages:
# Helper stage to determine whether coverity stage should be allowed
- name: initialization
- name: build docker image
if: type != cron
- name: build
if: type != cron
- name: test
if: type != cron
# These stages run separately, the resulting container will not be pushed to Docker Hub
# This stage will only run on special conditions
- name: coverity scan
if: type = cron
# Check for repository size and clean Docker repo if necessary
- name: clean Docker
if: type = cron
env:
global:
# Secure Docker Hub credentials
- secure: "TY61ufmEJyxCer8vuAlQ3mYwGRynFZXPCFTxKgIzobAHHyE1Zwx0bZDDwDd88Gdgz7EGnOJtMABfa0axfPOK9il5u7lYmmZ8Usa0HAvKavkpSRnw2b16zz88N98x3DyaIquvg2J8iQpHHoM32+BGiAS7P8BiYTO6r+E0CMPYC0Ylh7eHVSBGfWbR9m+yCo/mDIEAWyop6Jv4rTMN4qP9U7e6Kou7m/AJeiCWMaR7rlanpLFNQi3+qF/Mt5dbE7LVLNSOkmpg/FPw34g4RC5mfLAh+c8YBadqo6kFA6qV1b931or0aZUYVtobI6UwC9U1GGqzfCTjXuVMNgPBBQ6n3JMt91mFFkP0lXdGMxpBNbwFL/btBrt2a359L/wNtqv6PuSJwJ3oTe/FP++X6xjbM7LcAHZMWZiK+0BFefNOUcRzBpaEJ2nGNzcLKHn4Bl0pl4LwZ0uVocN8RBwHnDX+hyUwwQPoQTLJQB9tpwDweIzftt9KmrIHmL9v7KZXR4s/8CKpNfVQ/XSysdtsK+7EKK5AsnbMNrZLjpH7D0Lo/Xp92/eJ2UGyqI7awJbJGPV2FNwyGcojDEXIBUsVssUjb5+B4LpHP1x4UQe/m9SuPJdtRB0R7PKe/tyPD3GTyfVO9K7imQATDdnMY32nkWXmXej8YWo76yA732rTZRZtFAc="
- secure: "NAEzWn5Ru6IqDA1RSyTVhpIp2iQluumg0EOI111EN7qWWGUDNgAZi+QgvRI+OBNyuMpBpN/GX1Ys4YxUDos1F/fhm2vytoB4A/LG463FQsSVP3wnyMFJTSOI8H0jgK41xj79qiww7edbfq93MZ/XS95Ws4tUTi/0etUGvAgIHGgofFCPPdMNkOvSHLgzSnYfydzLuD9FVpCgvpbJnQ+47XHyN+sKoA+OlZ+EfIOVZt+Mk/dqYrsM7MRKEfplk1MvUiJpHvrw+xWTslCIiO03V6ws091fBMgedIFRpsySrsd1KwH8JIeOK6KFn5W7Q53auzZkKYk7ymknlJt4WVBy7Qg33njMQ53t3qMQYTRUIV4dcR60cdII7tatzgpKBcycxHQMAshOYPT6pYhSsO6JEKgiO+ZhOxvqWGwtEeH9Zq7P4ft8Q7GJhRkdi0X0WY7/6RjwinO/1LLj1LODim3mDFfAK7xS7e+nQW/JEOdWohT2+qm97j9IOZeQtPtdqZP9F8HJXgw6WjiGJIXMF3Ov9GkQh4uJyMYJ6hN7T3iRoenV86Dzgg6u5Ku131Ziwvlm+n94qlXF8Jl47wCcAS7VmyYxMft1gH+Zs+4Wq7KO0vysmnEk6rCqb87ZQSDOdTzBfK9HTyyAqmBCgS4Dp5x7/xOBMVXfq/SOb9c3Sh/JItA="
- DOCKER_REPOSITORY=$DOCKER_USERNAME/systemd
- ADMIN_EMAIL=macermak@redhat.com
- AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")"
- AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
- CI_DIR="$TRAVIS_BUILD_DIR/travis-ci"
- CI_TOOL_DIR="$CI_DIR/tools"
- CI_SCRIPT_DIR="$CI_DIR/scripts"
notifications:
email:
recipients:
- ${ADMIN_EMAIL}
- ${AUTHOR_EMAIL}
irc:
channels:
- "irc.freenode.org#systemd"
......
- 8ch indent, no tabs, except for files in man/ which are 2ch indent,
and still no tabs
- We prefer /* comments */ over // comments, please. This is not C++, after
all. (Yes we know that C99 supports both kinds of comments, but still,
please!)
- We prefer /* comments */ over // comments in code you commit, please. This
way // comments are left for developers to use for local, temporary
commenting of code for debug purposes (i.e. uncommittable stuff), making such
comments easily discernable from explanatory, documenting code comments
(i.e. committable stuff).
- Don't break code lines too eagerly. We do *not* force line breaks at
80ch, all of today's screens should be much larger than that. But
......
......@@ -13,10 +13,21 @@ documented in the proper man pages.
All tools:
* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will
refrain from talking to PID 1; this has the same effect as the historical
detection of `chroot()`. Setting this variable to `0` instead has a similar
effect as `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to
communicate with PID 1 even if a `chroot()` environment is detected.
You almost certainly want to set this to `1` if you maintain a package build system
or similar and are trying to use a modern container system and not plain
`chroot()`.
* `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a
chroot() environment. This is particularly relevant for systemctl, as it will
not alter its behaviour for chroot() environments if set. (Normally it
refrains from talking to PID 1 in such a case.)
`chroot()` environment. This is particularly relevant for systemctl, as it
will not alter its behaviour for `chroot()` environments if set. Normally it
refrains from talking to PID 1 in such a case; turning most operations such
as `start` into no-ops. If that's what's explicitly desired, you might
consider setting `SYSTEMD_OFFLINE=1`.
* `$SD_EVENT_PROFILE_DELAYS=1` — if set, the sd-event event loop implementation
will print latency information at runtime.
......
......@@ -79,3 +79,38 @@ for systemd (this example is for Fedora):
And after that, head over to your repo on github and click "Compare & pull request"
Happy hacking!
FUZZERS
systemd includes fuzzers in src/fuzz that use libFuzzer and are automatically
run by OSS-Fuzz (https://github.com/google/oss-fuzz) with sanitizers. To add a
fuzz target, create a new src/fuzz/fuzz-foo.c file with a LLVMFuzzerTestOneInput
function and add it to the list in src/fuzz/meson.build.
Whenever possible, a seed corpus and a dictionary should also be added with new
fuzz targets. The dictionary should be named src/fuzz/fuzz-foo.dict and the seed
corpus should be built and exported as $OUT/fuzz-foo_seed_corpus.zip in
scripts/oss-fuzz.sh.
The fuzzers can be built locally if you have libFuzzer installed by running
scripts/oss-fuzz.sh. You should also confirm that the fuzzer runs in the
OSS-Fuzz environment by checking out the OSS-Fuzz repo, and then running
commands like this:
python infra/helper.py build_image systemd
python infra/helper.py build_fuzzers --sanitizer memory systemd ../systemd
python infra/helper.py run_fuzzer systemd fuzz-foo
If you find a bug that impacts the security of systemd, please follow the
guidance in .github/CONTRIBUTING.md on how to report a security vulnerability.
For more details on building fuzzers and integrating with OSS-Fuzz, visit:
https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md
https://llvm.org/docs/LibFuzzer.html
https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md
https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md
systemd System and Service Manager
CHANGES WITH 237:
* Some keyboards come with a zoom see-saw or rocker which until now got
mapped to the Linux "zoomin/out" keys in hwdb. However, these
keycodes are not recognized by any major desktop. They now produce
Up/Down key events so that they can be used for scrolling.
* INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
slightly: previously, if an argument was specified for lines of this
type (i.e. the right-most column was set) this string was appended to
existing files each time systemd-tmpfiles was run. This behaviour was
different from what the documentation said, and not particularly
useful, as repeated systemd-tmpfiles invocations would not be
idempotent and grow such files without bounds. With this release
behaviour has been altered slightly, to match what the documentation
says: lines of this type only have an effect if the indicated files
don't exist yet, and only then the argument string is written to the
file.
* FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
systemd-tmpfiles behaviour: previously, read-only files owned by root
were always excluded from the file "aging" algorithm (i.e. the
automatic clean-up of directories like /tmp based on
atime/mtime/ctime). We intend to drop this restriction, and age files
by default even when owned by root and read-only. This behaviour was
inherited from older tools, but there have been requests to remove
it, and it's not obvious why this restriction was made in the first
place. Please speak up now, if you are aware of software that reqires
this behaviour, otherwise we'll remove the restriction in v238.
* A new environment variable $SYSTEMD_OFFLINE is now understood by
systemctl. It takes a boolean argument. If on, systemctl assumes it
operates on an "offline" OS tree, and will not attempt to talk to the
service manager. Previously, this mode was implicitly enabled if a
chroot() environment was detected, and this new environment variable
now provides explicit control.
* .path and .socket units may now be created transiently, too.
Previously only service, mount, automount and timer units were
supported as transient units. The systemd-run tool has been updated
to expose this new functionality, you may hence use it now to bind
arbitrary commands to path or socket activation on-the-fly from the
command line. Moreover, almost all properties are now exposed for the
unit types that already supported transient operation.
* The systemd-mount command gained support for a new --owner= parameter
which takes a user name, which is then resolved and included in uid=
and gid= mount options string of the file system to mount.
* A new unit condition ConditionControlGroupController= has been added
that checks whether a specific cgroup controller is available.
* Unit files, udev's .link files, and systemd-networkd's .netdev and
.network files all gained support for a new condition
ConditionKernelVersion= for checking against specific kernel
versions.
* In systemd-networkd, the [IPVLAN] section in .netdev files gained
support for configuring device flags in the Flags= setting. In the
same files, the [Tunnel] section gained support for configuring
AllowLocalRemote=. The [Route] section in .network files gained
support for configuring InitialCongestionWindow=,
InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
understands RapidCommit=.
* systemd-networkd's DHCPv6 support gained support for Prefix
Delegation.
* sd-bus gained support for a new "watch-bind" feature. When this
feature is enabled, an sd_bus connection may be set up to connect to
an AF_UNIX socket in the file system as soon as it is created. This
functionality is useful for writing early-boot services that
automatically connect to the system bus as soon as it is started,
without ugly time-based polling. systemd-networkd and
systemd-resolved have been updated to make use of this
functionality. busctl exposes this functionality in a new
--watch-bind= command line switch.
* sd-bus will now optionally synthesize a local "Connected" signal as
soon as a D-Bus connection is set up fully. This message mirrors the
already existing "Disconnected" signal which is synthesized when the
connection is terminated. This signal is generally useful but
particularly handy in combination with the "watch-bind" feature
described above. Synthesizing of this message has to be requested
explicitly through the new API call sd_bus_set_connected_signal(). In
addition a new call sd_bus_is_ready() has been added that checks
whether a connection is fully set up (i.e. between the "Connected" and
"Disconnected" signals).
* sd-bus gained two new calls sd_bus_request_name_async() and
sd_bus_release_name_async() for asynchronously registering bus
names. Similar, there is now sd_bus_add_match_async() for installing
a signal match asynchronously. All of systemd's own services have
been updated to make use of these calls. Doing these operations
asynchronously has two benefits: it reduces the risk of deadlocks in
case of cyclic dependencies between bus services, and it speeds up
service initialization since synchronization points for bus
round-trips are removed.
* sd-bus gained two new calls sd_bus_match_signal() and
sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
and sd_bus_add_match_async() but instead of taking a D-Bus match
string take match fields as normal function parameters.
* sd-bus gained two new calls sd_bus_set_sender() and
sd_bus_message_set_sender() for setting the sender name of outgoing
messages (either for all outgoing messages or for just one specific
one). These calls are only useful in direct connections as on
brokered connections the broker fills in the sender anyway,
overwriting whatever the client filled in.
* sd-event gained a new pseudo-handle that may be specified on all API
calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
used this refers to the default event loop object of the calling
thread. Note however that this does not implicitly allocate one —
which has to be done prior by using sd_event_default(). Similarly
sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
to the default bus of the specified type of the calling thread. Here
too this does not implicitly allocate bus connection objects, this
has to be done prior with sd_bus_default() and friends.
* sd-event gained a new call pair
sd_event_source_{get|set}_io_fd_own(). This may be used to request
automatic closure of the file descriptor an IO event source watches
when the event source is destroyed.
* systemd-networkd gained support for natively configuring WireGuard
connections.
* In previous versions systemd synthesized user records both for the
"nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
internally. In order to simplify distribution-wide renames of the
"nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
new transitional flag file has been added: if
/etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
user and group record within the systemd codebase is disabled.
* systemd-notify gained a new --uid= option for selecting the source
user/UID to use for notification messages sent to the service
manager.
* journalctl gained a new --grep= option to list only entries in which
the message matches a certain pattern. By default matching is case
insensitive if the pattern is lowercase, and case sensitive
otherwise. Option --case-sensitive=yes|no can be used to override
this an specify case sensitivity or case insensitivity.
* There's now a "systemd-analyze service-watchdogs" command for printing
the current state of the service runtime watchdog, and optionally
enabling or disabling the per-service watchdogs system-wide if given a
boolean argument (i.e. the concept you configure in WatchdogSec=), for
debugging purposes. There's also a kernel command line option
systemd.service_watchdogs= for controlling the same.
* Two new "log-level" and "log-target" options for systemd-analyze were
addded that merge the now deprecated get-log-level, set-log-level and
get-log-target, set-log-target pairs. The deprecated options are still
understood for backwards compatibility. The two new options print the
current value when no arguments are given, and set them when a
level/target is given as an argument.
* sysusers.d's "u" lines now optionally accept both a UID and a GID
specification, separated by a ":" character, in order to create users
where UID and GID do not match.
Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
Палаузов
— Brno, 2018-01-28
CHANGES WITH 236:
* The modprobe.d/ drop-in for the bonding.ko kernel module introduced
......@@ -2074,6 +2264,13 @@ CHANGES WITH 229:
d /run/lock/lockdev 0775 root lock -
* The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
and RebootArgument= have been moved from the [Service] section of
unit files to [Unit], and they are now supported on all unit types,
not just service units. Of course, systemd will continue to
understand these settings also at the old location, in order to
maintain compatibility.
Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
......@@ -5314,7 +5511,7 @@ CHANGES WITH 209:
option as supported by Debian is added. It allows indicating
which LUKS slot to use on disk, speeding up key loading.
* The sd_journald_sendv() API call has been checked and
* The sd_journal_sendv() API call has been checked and
officially declared to be async-signal-safe so that it may
be invoked from signal handlers for logging purposes.
......
......@@ -69,11 +69,10 @@ REQUIREMENTS:
create additional symlinks in /dev/disk/ and /dev/tape:
CONFIG_BLK_DEV_BSG
Required for PrivateNetwork= and PrivateDevices= in service units:
Required for PrivateNetwork= in service units:
CONFIG_NET_NS
CONFIG_DEVPTS_MULTIPLE_INSTANCES
Note that systemd-localed.service and other systemd units use
PrivateNetwork and PrivateDevices so this is effectively required.
PrivateNetwork so this is effectively required.
Required for PrivateUsers= in service units:
CONFIG_USER_NS
......@@ -82,7 +81,7 @@ REQUIREMENTS:
CONFIG_IPV6
CONFIG_AUTOFS4_FS
CONFIG_TMPFS_XATTR
CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL
CONFIG_SECCOMP
CONFIG_SECCOMP_FILTER (required for seccomp support)
CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
......@@ -119,6 +118,9 @@ REQUIREMENTS:
isn't. The next best thing is to make this change through a modprobe.d
drop-in. This is shipped by default, see modprobe.d/systemd.conf.
Required for systemd-nspawn:
CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
Note that kernel auditing is broken when used with systemd's
container code. When using systemd in conjunction with
containers, please make sure to either turn off auditing at
......
......@@ -24,6 +24,38 @@ Janitorial Clean-ups:
Features:
* maybe rework get_user_creds() to query the user database if $SHELL is used
for root, but only then.
* there should be path_hash_ops and we should use it in tmpfiles' hashmap object to deal with identical but differently spelt paths
* be stricter with fds we receive for the fdstore: close them asynchronously
* calenderspec: add support for week numbers and day numbers within a
year. This would allow us to define "bi-weekly" triggers safely.
* add support for recursive bpf firewalling as supported by the newest kernel
* add bpf-based implementation of devices cgroup controller logic for compat with cgroupsv2 as supported by newest kernel
* introduce sd_id128_get_boot_app_specific() which is like
sd_id128_get_machine_app_specific(). After all on long-running systems both
IDs have similar properties.
* emulate properties of the root cgroup on controllers that don't support such
properties natively on cpu/io/memory, the way we already do it for
"pids". Also, add the same logic to cgtop.
* set TasksAccounting=1 on the root slice if we are running on the root cgroup,
and similar for the others, as soon as we emulate them properly. After all,
Linux keeps these system-wide stats anyway, and it costs nothing to expose
them.
* sd-bus: add vtable flag, that may be used to request client creds implicitly
and asynchronously before dispatching the operation
* implement transient socket unit.
* make use of ethtool veth peer info in machined, for automatically finding out
host-side interface pointing to the container.
......@@ -41,10 +73,6 @@ Features:
the runtime dir as we maintain for the fdstore: i.e. keep it around as long
as the unit is running or has a job queued.
* hook up sd-bus' creds stuff with SO_PEERGROUPS
* add async version of sd_bus_add_match and make use of that
* support projid-based quota in machinectl for containers, and then drop
implicit btrfs loopback magic in machined
......@@ -136,9 +164,6 @@ Features:
O_NONBLOCK on it. That way people can control if and when to block for
logging.
* tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e.
PIDs not managed by the service manager)
* hostnamed: populate form factor data from a new hwdb database, so that old
yogas can be recognized as "convertible" too, even if they predate the DMI
"convertible" form factor
......@@ -165,9 +190,6 @@ Features:
"systemd-gdb" for attaching to the start-up of any system service in its
natural habitat.
* replace all canonicalize_file_name() invocations by chase_symlinks(), in
particulr those where a rootdir is relevant.
* maybe introduce gpt auto discovery for /var/tmp?
* maybe add gpt-partition-based user management: each user gets his own
......@@ -291,10 +313,6 @@ Features:
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
* mounting and unmounting mount points manually with different source
devices will result in collected on all devices used.
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030225.html
* add a job mode that will fail if a transaction would mean stopping
running units. Use this in timedated to manage the NTP service
state.
......@@ -315,7 +333,7 @@ Features:
* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
* Port various tools to make use of verbs.[ch], where applicable: busctl,
coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl
coredumpctl, hostnamectl, localectl, timedatectl
* hostnamectl: show root image uuid
......@@ -482,14 +500,12 @@ Features:
- see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself
- see if we can drop more message validation on the sending side
- add API to clone sd_bus_message objects
- make AddMatch calls on dbus1 transports async?
- longer term: priority inheritance
- dbus spec updates:
- NameLost/NameAcquired obsolete
- GVariant
- path escaping
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- test bloom filter generation indexes
* sd-event
- allow multiple signal handlers per signal?
......@@ -588,8 +604,6 @@ Features:
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
* service: watchdog logic: for testing purposes allow ping, but do not require pong
* journal:
- consider introducing implicit _TTY= + _PPID= + _EUID= + _EGID= + _FSUID= + _FSGID= fields
- import and delete pstore filesystem content at startup
......