ProHoster > Blog > internet news > systemd system manager release 244

systemd system manager release 244

After three months of development submitted system manager release systemd 244.

Major changes:

  • Added support for the cpuset resource controller based on cgroups v2, which provides a mechanism for binding processes to specific CPUs (the “AllowedCPUs” setting) and NUMA memory nodes (the “AllowedMemoryNodes” setting);
  • Added support for loading settings from the SystemdOptions EFI variable for systemd configuration, which allows you to customize systemd behavior in situations where changing kernel command line options is problematic and the configuration from disk is read too late (for example, when you need to configure options related to the cgroup hierarchy). To set a variable in EFI, you can use the command 'bootctl systemd-efi-options';
  • Added support to units for loading settings from “{unit_type}.d/” directories associated with unit types (for example, “service.d/”), which can be used to add settings that cover all unit files of a given type at once;
  • For service units, a new sandbox isolation mode ProtectKernelLogs has been added, which allows you to deny program access to the kernel log buffer, accessible through the syslog system call (not to be confused with the API of the same name provided in libc). If the mode is activated, application access to /proc/kmsg, /dev/kmsg and CAP_SYSLOG will be blocked;
  • For units, a RestartKillSignal setting has been proposed, which allows you to redefine the number of the signal used to terminate the process during task restart (you can change the behavior of stopping the process at the stage of preparation for restarting);
  • The “systemctl clean” command has been adapted for use with socket, mount, and swap units;
  • At the early stage of loading, restrictions on the intensity of the kernel's output of messages via the printk call are disabled, which allows more complete logs about the loading progress to be accumulated at a stage when the log storage is not yet connected (the log is accumulated in the kernel's ring buffer). Setting printk limits from the kernel command line takes precedence and allows you to override systemd behavior. Systemd programs that directly output logs to /dev/kmsg (this is done only early in the boot phase) use separate internal restrictions to protect against buffer clog;
  • The 'stop --job-mode=triggering' command has been added to the systemctl utility, which allows you to stop both the unit specified on the command line and all units that can call it;
  • Unit state information now includes information about calling and called units;
  • It is possible to use the “RuntimeMaxSec” setting in scope units (previously it was used only in service units). For example, "RuntimeMaxSec" can now be used to limit the time of PAM sessions through the creation of a scope unit
    for a user account. The time limit can also be set via the systemd.runtime_max_sec option in the parameters of the pam_systemd PAM module;

  • Added a new group of system calls “@pkey”, when limiting containers and services, making it easier to whitelist system calls related to memory protection;
  • Added "w+" flag to systemd-tmpfiles for writing in file append mode;
  • Added information to systemd-analyze output about whether the kernel memory configuration matches systemd settings (for example, if some third-party program has changed kernel parameters);
  • The “--base-time” option has been added to systemd-analyze, when specified, calendar data is calculated relative to the time specified in this option, and not relative to the current system time;
  • “journalctl —update-catalog” ensures consistency in the sequence of elements in the output (useful for organizing repeatable builds);
  • Added the ability to specify a default value for the "WatchdogSec" setting used in systemd services. At compile time, the base value can be determined via the "-Dservice-watchdog" option (if set to empty, watchdog will be disabled);
  • Added build option "-Duser-path" to override $PATH value;
  • Added "-u" ("--uuid") option to systemd-id128 to output 128-bit identifiers in UUID (canonical representation of UUID);
  • Build now requires at least libcryptsetup version 2.0.1.

Changes related to network settings:

  • Systemd-networkd has added support for reconfiguring a link on the fly, for which the “reload” and “reconfigure DEVICE...” commands have been added to networkctl to reload settings and reconfigure devices;
  • systemd-networkd has stopped creating default routes for local IPv4 links with intranet addresses 169.254.0.0/16 (Link-local). Previously, automatically creating default routes for such links resulted in unexpected behavior and routing problems in some cases. To return the old behavior, use the “DefaultRouteOnDevice=yes” setting. Similarly, the assignment of local IPv6 addresses is stopped if local IPv6 routing is not enabled for the link;
  • In systemd-networkd, when connecting to wireless networks in ad-hoc mode, the default configuration is implemented with link-local addressing (link-local);
  • Added parameters RxBufferSiz and TxBufferSize to configure the size of the receiving and sending buffers of the network interface;
  • systemd-networkd implements the advertisement of additional IPv6 routes, regulated through the Route and LifetimeSec options in the “[IPv6RoutePrefix]” section;
  • systemd-networkd has added the ability to configure “next hop” routes using the “Gateway” and “Id” options in the “[NextHop]” section;
  • systemd-networkd and networkctl for DHCP provide on-the-fly updating of IP address bindings (leases), implemented by the 'networkctl renew' command;
  • systemd-networkd ensures that DHCP configuration is reset on restart (use the KeepConfiguration option to save settings). The default value of the SendRelease setting has been changed to “true”;
  • The DHCPv4 client ensures that the OPTION_INFORMATION_REFRESH_TIME option value sent by the server is used. To request specific options from the server, the “RequestOptions” parameter is proposed, and to send options to the server - “SendOption”. To configure the type of IP service by the DHCP client, the “IPServiceType” parameter has been added;
  • To substitute the list of SIP (Session Initiation Protocol) servers for DHCPv4 servers, the “EmitSIP” and “SIP” parameters have been added. On the client side, receiving SIP parameters from the server can be enabled using the “UseSIP=yes” setting;
  • Added "PrefixDelegationHint" parameter to the DHCPv6 client to request an address prefix;
  • .network files provide support for mapping wireless networks by SSID and BSSID, for example to bind to an access point name and MAC address. The SSID and BSSID values ​​are displayed in the networkctl output for wireless interfaces. Additionally, the ability to compare by wireless network type has been added (WLANInterfaceType parameter);
  • systemd-networkd has added the ability to configure queuing disciplines to control traffic using new Parent parameters,
    NetworkEmulatorDelaySec, NetworkEmulatorDelayJitterSec,
    NetworkEmulatorPacketLimit and NetworkEmulatorLossRate,
    NetworkEmulatorDuplicateRate in the “[TrafficControlQueueingDiscipline]” section;

  • systemd-resolved provides verification of IP addresses in certificates when building with GnuTLS.

udev related changes:

  • Systemd-udevd has removed the 30 second timeout to force stuck handlers to terminate. Systemd-udevd now waits for the completion of handlers for which 30 seconds was not enough to complete operations normally in large installations (for example, a timeout could interrupt driver initialization during the process of switching the mounted partition for the root file system). When using systemd, the timeout that systemd-udevd will wait before exiting can be set via the TimeoutStopSec setting in systemd-udevd.service. When running without systemd, the timeout is controlled by the udev.event_timeout parameter;
  • Added fido_id program for udev, which identifies FIDO CTAP1 tokens
    (“U2F”)/CTAP2 based on data about their past use and displays the necessary environment variables (the program allows you to do without external white lists of all known tokens that were used previously);

  • Implemented automatic generation of udev autosuspend rules for devices from the white list imported from Chromium OS (the change allows you to expand the use of power-saving modes for additional devices);
  • A new "CONST{key}=value" setting has been added to udev to allow mappings of system constant values ​​directly without running separate check handlers. Currently only the "arch" and "virt" keys are supported;
  • Enabled CDROM to open in non-exclusive mode when performing a request operation for supported modes (the change solves problems with programs accessing the CDROM and reduces the risk of interruption of disk writing programs that do not use the exclusive access mode).

Source: opennet.ru

Add a comment