forked from systemd/systemd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
9528 lines (7758 loc) · 494 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
systemd System and Service Manager
CHANGES WITH 243 in spe:
* The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
i.e. the full 22bit range the kernel allows, up from the old 16bit
range. This should improve security and robustness a bit, as PID
collisions are made less likely (though certainly still
possible). There are rumours this might create compatibility
problems, though at this moment no practical ones are known to
us. Downstream distributions are hence advised to undo this change in
their builds if they are concerned about maximum compatibility, but
for everybody else we recommend leaving the value bumped. Besides
improving security and robustness this should also simplify things as
the maximum number of allowed concurrent tasks was previously bounded
by both "kernel.pid_max" and "kernel.threads-max" and now only a
single knob is left ("kernel.threads-max"). There have been concerns
that usability is affected by this change because larger PID numbers
are harder to type, but we believe the change from 5 digit PIDs to 7
digit PIDs is not too hampering for usability.
* MemoryLow and MemoryMin gained hierarchy-aware counterparts,
DefaultMemoryLow and DefaultMemoryMin, which can be used to
hierarchically set default memory protection values for a particular
subtree of the unit hierarchy.
* Memory protection directives can now take a value of zero, allowing
explicit opting out of a default value propagated by an ancestor.
…
CHANGES WITH 242:
* In .link files, MACAddressPolicy=persistent (the default) is changed
to cover more devices. For devices like bridges, tun, tap, bond, and
similar interfaces that do not have other identifying information,
the interface name is used as the basis for persistent seed for MAC
and IPv4LL addresses. The way that devices that were handled
previously is not changed, and this change is about covering more
devices then previously by the "persistent" policy.
MACAddressPolicy=random may be used to force randomized MACs and
IPv4LL addresses for a device if desired.
Hint: the log output from udev (at debug level) was enhanced to
clarify what policy is followed and which attributes are used.
`SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
may be used to view this.
* The .device units generated by systemd-fstab-generator and other
generators do not automatically pull in the corresponding .mount unit
as a Wants= dependency. This means that simply plugging in the device
will not cause the mount unit to be started automatically. But please
note that the mount unit may be started for other reasons, in
particular if it is part of local-fs.target, and any unit which
(transitively) depends on local-fs.target is started.
* networkctl list/status/lldp now accept globbing wildcards for network
interface names to match against all existing interfaces.
* The $PIDFILE environment variable is set to point the absolute path
configured with PIDFile= for processes of that service.
* The fallback DNS server list was augmented with Cloudflare public DNS
servers. Use `-Ddns-servers=` to set a different fallback.
* A new special target usb-gadget.target will be started automatically
when a USB Device Controller is detected (which means that the system
is a USB peripheral).
* A new unit setting CPUQuotaPeriodSec= assigns the time period
relatively to which the CPU time quota specified by CPUQuota= is
measured.
* A new unit setting ProtectHostname= may be used to prevent services
from modifying hostname information (even if they otherwise would
have privileges to do so).
* A new unit setting NetworkNamespacePath= may be used to specify a
namespace for service or socket units through a path referring to a
Linux network namespace pseudo-file.
* The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
have an effect on .socket units: when used the listening socket is
created within the configured network namespace instead of the host
namespace.
* ExecStart= command lines in unit files may now be prefixed with ':'
in which case environment variable substitution is
disabled. (Supported for the other ExecXYZ= settings, too.)
* .timer units gained two new boolean settings OnClockChange= and
OnTimezoneChange= which may be used to also trigger a unit when the
system clock is changed or the local timezone is
modified. systemd-run has been updated to make these options easily
accessible from the command line for transient timers.
* Two new conditions for units have been added: ConditionMemory= may be
used to conditionalize a unit based on installed system
RAM. ConditionCPUs= may be used to conditionalize a unit based on
installed CPU cores.
* The @default system call filter group understood by SystemCallFilter=
has been updated to include the new rseq() system call introduced in
kernel 4.15.
* A new time-set.target has been added that indicates that the system
time has been set from a local source (possibly imprecise). The
existing time-sync.target is stronger and indicates that the time has
been synchronized with a precise external source. Services where
approximate time is sufficient should use the new target.
* "systemctl start" (and related commands) learnt a new
--show-transaction option. If specified brief information about all
jobs queued because of the requested operation is shown.
* systemd-networkd recognizes a new operation state 'enslaved', used
(instead of 'degraded' or 'carrier') for interfaces which form a
bridge, bond, or similar, and an new 'degraded-carrier' operational
state used for the bond or bridge master interface when one of the
enslaved devices is not operational.
* .network files learnt the new IgnoreCarrierLoss= option for leaving
networks configured even if the carrier is lost.
* The RequiredForOnline= setting in .network files may now specify a
minimum operational state required for the interface to be considered
"online" by systemd-networkd-wait-online. Related to this
systemd-networkd-wait-online gained a new option --operational-state=
to configure the same, and its --interface= option was updated to
optionally also take an operational state specific for an interface.
* systemd-networkd-wait-online gained a new setting --any for waiting
for only one of the requested interfaces instead of all of them.
* systemd-networkd now implements L2TP tunnels.
* Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
may be used to cause autonomous and onlink prefixes received in IPv6
Router Advertisements to be ignored.
* New MulticastFlood=, NeighborSuppression=, and Learning= .network
file settings may be used to tweak bridge behaviour.
* The new TripleSampling= option in .network files may be used to
configure CAN triple sampling.
* A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
used to point to private or preshared key for a WireGuard interface.
* /etc/crypttab now supports the same-cpu-crypt and
submit-from-crypt-cpus options to tweak encryption work scheduling
details.
* systemd-tmpfiles will now take a BSD file lock before operating on a
contents of directory. This may be used to temporarily exclude
directories from aging by taking the same lock (useful for example
when extracting a tarball into /tmp or /var/tmp as a privileged user,
which might create files with really old timestamps, which
nevertheless should not be deleted). For further details, see:
https://systemd.io/TEMPORARY_DIRECTORIES
* systemd-tmpfiles' h line type gained support for the
FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
controlling project quota inheritance.
* sd-boot and bootctl now implement support for an Extended Boot Loader
(XBOOTLDR) partition, that is intended to be mounted to /boot, in
addition to the ESP partition mounted to /efi or /boot/efi.
Configuration file fragments, kernels, initrds and other EFI images
to boot will be loaded from both the ESP and XBOOTLDR partitions.
The XBOOTLDR partition was previously described by the Boot Loader
Specification, but implementation was missing in sd-boot. Support for
this concept allows using the sd-boot boot loader in more
conservative scenarios where the boot loader itself is placed in the
ESP but the kernels to boot (and their metadata) in a separate
partition.
* A system may now be booted with systemd.volatile=overlay on the
kernel command line, which causes the root file system to be set up
an overlayfs mount combining the root-only root directory with a
writable tmpfs. In this setup, the underlying root device is not
modified, and any changes are lost at reboot.
* Similar, systemd-nspawn can now boot containers with a volatile
overlayfs root with the new --volatile=overlay switch.
* systemd-nspawn can now consume OCI runtime bundles using a new
--oci-bundle= option. This implementation is fully usable, with most
features in the specification implemented, but since this a lot of
new code and functionality, this feature should most likely not
be used in production yet.
* systemd-nspawn now supports various options described by the OCI
runtime specification on the command-line and in .nspawn files:
--inaccessible=/Inaccessible= may be used to mask parts of the file
system tree, --console=/--pipe may be used to configure how standard
input, output, and error are set up.
* busctl learned the `emit` verb to generate D-Bus signals.
* systemd-analyze cat-config may be used to gather and display
configuration spread over multiple files, for example system and user
presets, tmpfiles.d, sysusers.d, udev rules, etc.
* systemd-analyze calendar now takes an optional new parameter
--iterations= which may be used to show a maximum number of iterations
the specified expression will elapse next.
* The sd-bus C API gained support for naming method parameters in the
introspection data.
* systemd-logind gained D-Bus APIs to specify the "reboot parameter"
the reboot() system call expects.
* journalctl learnt a new --cursor-file= option that points to a file
from which a cursor should be loaded in the beginning and to which
the updated cursor should be stored at the end.
* ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
detected by systemd-detect-virt (and may also be used in
ConditionVirtualization=).
* The behaviour of systemd-logind may now be modified with environment
variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
skip the relevant operation completely (when set to false), or to
create a flag file in /run/systemd (when set to true), instead of
actually commencing the real operation when requested. The presence
of /run/systemd/reboot-to-firmware-setup,
/run/systemd/reboot-to-boot-loader-menu, and
/run/systemd/reboot-to-boot-loader-entry, may be used by alternative
boot loader implementations to replace some steps logind performs
during reboot with their own operations.
* systemctl can be used to request a reboot into the boot loader menu
or a specific boot loader entry with the new --boot-load-menu= and
--boot-loader-entry= options to a reboot command. (This requires a
boot loader that supports this, for example sd-boot.)
* kernel-install will no longer unconditionally create the output
directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
snippets, but will do only if the machine-specific parent directory
(i.e. /efi/<machine-id>/) already exists. bootctl has been modified
to create this parent directory during sd-boot installation.
This makes it easier to use kernel-install with plugins which support
a different layout of the bootloader partitions (for example grub2).
* During package installation (with `ninja install`), we would create
symlinks for [email protected], systemd-networkd.service,
systemd-networkd.socket, systemd-resolved.service,
remote-cryptsetup.target, remote-fs.target,
systemd-networkd-wait-online.service, and systemd-timesyncd.service
in /etc, as if `systemctl enable` was called for those units, to make
the system usable immediately after installation. Now this is not
done anymore, and instead calling `systemctl preset-all` is
recommended after the first installation of systemd.
* A new boolean sandboxing option RestrictSUIDSGID= has been added that
is built on seccomp. When turned on creation of SUID/SGID files is
prohibited.
* The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
implied if DynamicUser= is turned on for a service. This hardens
these services, so that they neither can benefit from nor create
SUID/SGID executables. This is a minor compatibility breakage, given
that when DynamicUser= was first introduced SUID/SGID behaviour was
unaffected. However, the security benefit of these two options is
substantial, and the setting is still relatively new, hence we opted
to make it mandatory for services with dynamic users.
Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Warsaw, 2019-04-11
CHANGES WITH 241:
* The default locale can now be configured at compile time. Otherwise,
a suitable default will be selected automatically (one of C.UTF-8,
en_US.UTF-8, and C).
* The version string shown by systemd and other tools now includes the
git commit hash when built from git. An override may be specified
during compilation, which is intended to be used by distributions to
include the package release information.
* systemd-cat can now filter standard input and standard error streams
for different syslog priorities using the new --stderr-priority=
option.
* systemd-journald and systemd-journal-remote reject entries which
contain too many fields (CVE-2018-16865) and set limits on the
process' command line length (CVE-2018-16864).
* $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
again.
* A new network device NamePolicy "keep" is implemented for link files,
and used by default in 99-default.link (the fallback configuration
provided by systemd). With this policy, if the network device name
was already set by userspace, the device will not be renamed again.
This matches the naming scheme that was implemented before
systemd-240. If naming-scheme < 240 is specified, the "keep" policy
is also enabled by default, even if not specified. Effectively, this
means that if naming-scheme >= 240 is specified, network devices will
be renamed according to the configuration, even if they have been
renamed already, if "keep" is not specified as the naming policy in
the .link file. The 99-default.link file provided by systemd includes
"keep" for backwards compatibility, but it is recommended for user
installed .link files to *not* include it.
The "kernel" policy, which keeps kernel names declared to be
"persistent", now works again as documented.
* kernel-install script now optionally takes the paths to one or more
initrd files, and passes them to all plugins.
* The mincore() system call has been dropped from the @system-service
system call filter group, as it is pretty exotic and may potentially
used for side-channel attacks.
* -fPIE is dropped from compiler and linker options. Please specify
-Db_pie=true option to meson to build position-independent
executables. Note that the meson option is supported since meson-0.49.
* The fs.protected_regular and fs.protected_fifos sysctls, which were
added in Linux 4.19 to make some data spoofing attacks harder, are
now enabled by default. While this will hopefully improve the
security of most installations, it is technically a backwards
incompatible change; to disable these sysctls again, place the
following lines in /etc/sysctl.d/60-protected.conf or a similar file:
fs.protected_regular = 0
fs.protected_fifos = 0
Note that the similar hardlink and symlink protection has been
enabled since v199, and may be disabled likewise.
* The files read from the EnvironmentFile= setting in unit files now
parse backslashes inside quotes literally, matching the behaviour of
POSIX shells.
* udevadm trigger, udevadm control, udevadm settle and udevadm monitor
now automatically become NOPs when run in a chroot() environment.
* The tmpfiles.d/ "C" line type will now copy directory trees not only
when the destination is so far missing, but also if it already exists
as a directory and is empty. This is useful to cater for systems
where directory trees are put together from multiple separate mount
points but otherwise empty.
* A new function sd_bus_close_unref() (and the associated
sd_bus_close_unrefp()) has been added to libsystemd, that combines
sd_bus_close() and sd_bus_unref() in one.
* udevadm control learnt a new option for --ping for testing whether a
systemd-udevd instance is running and reacting.
* udevadm trigger learnt a new option for --wait-daemon for waiting
systemd-udevd daemon to be initialized.
Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
— Berlin, 2019-02-14
CHANGES WITH 240:
* NoNewPrivileges=yes has been set for all long-running services
implemented by systemd. Previously, this was problematic due to
SELinux (as this would also prohibit the transition from PID1's label
to the service's label). This restriction has since been lifted, but
an SELinux policy update is required.
(See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
* DynamicUser=yes is dropped from systemd-networkd.service,
systemd-resolved.service and systemd-timesyncd.service, which was
enabled in v239 for systemd-networkd.service and systemd-resolved.service,
and since v236 for systemd-timesyncd.service. The users and groups
systemd-network, systemd-resolve and systemd-timesync are created
by systemd-sysusers again. Distributors or system administrators
may need to create these users and groups if they not exist (or need
to re-enable DynamicUser= for those units) while upgrading systemd.
Also, the clock file for systemd-timesyncd may need to move from
/var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
* When unit files are loaded from disk, previously systemd would
sometimes (depending on the unit loading order) load units from the
target path of symlinks in .wants/ or .requires/ directories of other
units. This meant that unit could be loaded from different paths
depending on whether the unit was requested explicitly or as a
dependency of another unit, not honouring the priority of directories
in search path. It also meant that it was possible to successfully
load and start units which are not found in the unit search path, as
long as they were requested as a dependency and linked to from
.wants/ or .requires/. The target paths of those symlinks are not
used for loading units anymore and the unit file must be found in
the search path.
* A new service type has been added: Type=exec. It's very similar to
Type=simple but ensures the service manager will wait for both fork()
and execve() of the main service binary to complete before proceeding
with follow-up units. This is primarily useful so that the manager
propagates any errors in the preparation phase of service execution
back to the job that requested the unit to be started. For example,
consider a service that has ExecStart= set to a file system binary
that doesn't exist. With Type=simple starting the unit would be
considered instantly successful, as only fork() has to complete
successfully and the manager does not wait for execve(), and hence
its failure is seen "too late". With the new Type=exec service type
starting the unit will fail, as the manager will wait for the
execve() and notice its failure, which is then propagated back to the
start job.
NOTE: with the next release 241 of systemd we intend to change the
systemd-run tool to default to Type=exec for transient services
started by it. This should be mostly safe, but in specific corner
cases might result in problems, as the systemd-run tool will then
block on NSS calls (such as user name look-ups due to User=) done
between the fork() and execve(), which under specific circumstances
might cause problems. It is recommended to specify "-p Type=simple"
explicitly in the few cases where this applies. For regular,
non-transient services (i.e. those defined with unit files on disk)
we will continue to default to Type=simple.
* The Linux kernel's current default RLIMIT_NOFILE resource limit for
userspace processes is set to 1024 (soft) and 4096
(hard). Previously, systemd passed this on unmodified to all
processes it forked off. With this systemd release the hard limit
systemd passes on is increased to 512K, overriding the kernel's
defaults and substantially increasing the number of simultaneous file
descriptors unprivileged userspace processes can allocate. Note that
the soft limit remains at 1024 for compatibility reasons: the
traditional UNIX select() call cannot deal with file descriptors >=
1024 and increasing the soft limit globally might thus result in
programs unexpectedly allocating a high file descriptor and thus
failing abnormally when attempting to use it with select() (of
course, programs shouldn't use select() anymore, and prefer
poll()/epoll, but the call unfortunately remains undeservedly popular
at this time). This change reflects the fact that file descriptor
handling in the Linux kernel has been optimized in more recent
kernels and allocating large numbers of them should be much cheaper
both in memory and in performance than it used to be. Programs that
want to take benefit of the increased limit have to "opt-in" into
high file descriptors explicitly by raising their soft limit. Of
course, when they do that they must acknowledge that they cannot use
select() anymore (and neither can any shared library they use — or
any shared library used by any shared library they use and so on).
Which default hard limit is most appropriate is of course hard to
decide. However, given reports that ~300K file descriptors are used
in real-life applications we believe 512K is sufficiently high as new
default for now. Note that there are also reports that using very
high hard limits (e.g. 1G) is problematic: some software allocates
large arrays with one element for each potential file descriptor
(Java, …) — a high hard limit thus triggers excessively large memory
allocations in these applications. Hopefully, the new default of 512K
is a good middle ground: higher than what real-life applications
currently need, and low enough for avoid triggering excessively large
allocations in problematic software. (And yes, somebody should fix
Java.)
* The fs.nr_open and fs.file-max sysctls are now automatically bumped
to the highest possible values, as separate accounting of file
descriptors is no longer necessary, as memcg tracks them correctly as
part of the memory accounting anyway. Thus, from the four limits on
file descriptors currently enforced (fs.file-max, fs.nr_open,
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
and keep only the latter two. A set of build-time options
(-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
has been added to revert this change in behaviour, which might be
an option for systems that turn off memcg in the kernel.
* When no /etc/locale.conf file exists (and hence no locale settings
are in place), systemd will now use the "C.UTF-8" locale by default,
and set LANG= to it. This locale is supported by various
distributions including Fedora, with clear indications that upstream
glibc is going to make it available too. This locale enables UTF-8
mode by default, which appears appropriate for 2018.
* The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
default. This effectively switches the RFC3704 Reverse Path filtering
from Strict mode to Loose mode. This is more appropriate for hosts
that have multiple links with routes to the same networks (e.g.
a client with a Wi-Fi and Ethernet both connected to the internet).
Consult the kernel documentation for details on this sysctl:
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
* CPUAccounting=yes no longer enables the CPU controller when using
kernel 4.15+ and the unified cgroup hierarchy, as required accounting
statistics are now provided independently from the CPU controller.
* Support for disabling a particular cgroup controller within a sub-tree
has been added through the DisableControllers= directive.
* cgroup_no_v1=all on the kernel command line now also implies
using the unified cgroup hierarchy, unless one explicitly passes
systemd.unified_cgroup_hierarchy=0 on the kernel command line.
* The new "MemoryMin=" unit file property may now be used to set the
memory usage protection limit of processes invoked by the unit. This
controls the cgroup v2 memory.min attribute. Similarly, the new
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
cgroup v2 io.latency cgroup property for configuring per-service I/O
latency.
* systemd now supports the cgroup v2 devices BPF logic, as counterpart
to the cgroup v1 "devices" cgroup controller.
* systemd-escape now is able to combine --unescape with --template. It
also learnt a new option --instance for extracting and unescaping the
instance part of a unit name.
* sd-bus now provides the sd_bus_message_readv() which is similar to
sd_bus_message_read() but takes a va_list object. The pair
sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
has been added for configuring the default method call timeout to
use. sd_bus_error_move() may be used to efficiently move the contents
from one sd_bus_error structure to another, invalidating the
source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
be used to control whether a bus connection object is automatically
flushed when an sd-event loop is exited.
* When processing classic BSD syslog log messages, journald will now
save the original time-stamp string supplied in the new
SYSLOG_TIMESTAMP= journal field. This permits consumers to
reconstruct the original BSD syslog message more correctly.
* StandardOutput=/StandardError= in service files gained support for
new "append:…" parameters, for connecting STDOUT/STDERR of a service
to a file, and appending to it.
* The signal to use as last step of killing of unit processes is now
configurable. Previously it was hard-coded to SIGKILL, which may now
be overridden with the new KillSignal= setting. Note that this is the
signal used when regular termination (i.e. SIGTERM) does not suffice.
Similarly, the signal used when aborting a program in case of a
watchdog timeout may now be configured too (WatchdogSignal=).
* The XDG_SESSION_DESKTOP environment variable may now be configured in
the pam_systemd argument line, using the new desktop= switch. This is
useful to initialize it properly from a display manager without
having to touch C code.
* Most configuration options that previously accepted percentage values
now also accept permille values with the '‰' suffix (instead of '%').
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
DNS-over-TLS.
* systemd-resolved's configuration file resolved.conf gained a new
option ReadEtcHosts= which may be used to turn off processing and
honoring /etc/hosts entries.
* The "--wait" switch may now be passed to "systemctl
is-system-running", in which case the tool will synchronously wait
until the system finished start-up.
* hostnamed gained a new bus call to determine the DMI product UUID.
* On x86-64 systemd will now prefer using the RDRAND processor
instruction over /dev/urandom whenever it requires randomness that
neither has to be crypto-grade nor should be reproducible. This
should substantially reduce the amount of entropy systemd requests
from the kernel during initialization on such systems, though not
reduce it to zero. (Why not zero? systemd still needs to allocate
UUIDs and such uniquely, which require high-quality randomness.)
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
for forcing the "Other Information" bit in IPv6 RA messages. The
bonding logic gained four new options AdActorSystemPriority=,
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
shuffling of flows. The tunnel logic gained a new
IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
Deployment. The policy rule logic gained four new options IPProtocol=,
SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
support for the MulticastToUnicast= option. networkd also gained
support for configuring static IPv4 ARP or IPv6 neighbor entries.
* .preset files (as read by 'systemctl preset') may now be used to
instantiate services.
* /etc/crypttab now understands the sector-size= option to configure
the sector size for an encrypted partition.
* Key material for encrypted disks may now be placed on a formatted
medium, and referenced from /etc/crypttab by the UUID of the file
system, followed by "=" suffixed by the path to the key file.
* The "collect" udev component has been removed without replacement, as
it is neither used nor maintained.
* When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
LogsDirectory=, ConfigurationDirectory= settings are used in a
service the executed processes will now receive a set of environment
variables containing the full paths of these directories.
Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
are used. Note that these options may be used multiple times per
service in which case the resulting paths will be concatenated and
separated by colons.
* Predictable interface naming has been extended to cover InfiniBand
NICs. They will be exposed with an "ib" prefix.
* tmpfiles.d/ line types may now be suffixed with a '-' character, in
which case the respective line failing is ignored.
* .link files may now be used to configure the equivalent to the
"ethtool advertise" commands.
* The sd-device.h and sd-hwdb.h APIs are now exported, as an
alternative to libudev.h. Previously, the latter was just an internal
wrapper around the former, but now these two APIs are exposed
directly.
* sd-id128.h gained a new function sd_id128_get_boot_app_specific()
which calculates an app-specific boot ID similar to how
sd_id128_get_machine_app_specific() generates an app-specific machine
ID.
* A new tool systemd-id128 has been added that can be used to determine
and generate various 128bit IDs.
* /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
and LOGO=.
* systemd-hibernate-resume-generator will now honor the "noresume"
kernel command line option, in which case it will bypass resuming
from any hibernated image.
* The systemd-sleep.conf configuration file gained new options
AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
AllowHybridSleep= for prohibiting specific sleep modes even if the
kernel exports them.
* portablectl is now officially supported and has thus moved to
/usr/bin/.
* bootctl learnt the two new commands "set-default" and "set-oneshot"
for setting the default boot loader item to boot to (either
persistently or only for the next boot). This is currently only
compatible with sd-boot, but may be implemented on other boot loaders
too, that follow the boot loader interface. The updated interface is
now documented here:
https://systemd.io/BOOT_LOADER_INTERFACE
* A new kernel command line option systemd.early_core_pattern= is now
understood which may be used to influence the core_pattern PID 1
installs during early boot.
* busctl learnt two new options -j and --json= for outputting method
call replies, properties and monitoring output in JSON.
* journalctl's JSON output now supports simple ANSI coloring as well as
a new "json-seq" mode for generating RFC7464 output.
* Unit files now support the %g/%G specifiers that resolve to the UNIX
group/GID of the service manager runs as, similar to the existing
%u/%U specifiers that resolve to the UNIX user/UID.
* systemd-logind learnt a new global configuration option
UserStopDelaySec= that may be set in logind.conf. It specifies how
long the systemd --user instance shall remain started after a user
logs out. This is useful to speed up repetitive re-connections of the
same user, as it means the user's service manager doesn't have to be
stopped/restarted on each iteration, but can be reused between
subsequent options. This setting defaults to 10s. systemd-logind also
exports two new properties on its Manager D-Bus objects indicating
whether the system's lid is currently closed, and whether the system
is on AC power.
* systemd gained support for a generic boot counting logic, which
generically permits automatic reverting to older boot loader entries
if newer updated ones don't work. The boot loader side is implemented
in sd-boot, but is kept open for other boot loaders too. For details
see:
https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
* The SuccessAction=/FailureAction= unit file settings now learnt two
new parameters: "exit" and "exit-force", which result in immediate
exiting of the service manager, and are only useful in systemd --user
and container environments.
* Unit files gained support for a pair of options
FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
exit status to use as service manager exit status when
SuccessAction=/FailureAction= is set to exit or exit-force.
* A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
options may now be used to configure the log rate limiting applied by
journald per-service.
* systemd-analyze gained a new verb "timespan" for parsing and
normalizing time span values (i.e. strings like "5min 7s 8us").
* systemd-analyze also gained a new verb "security" for analyzing the
security and sand-boxing settings of services in order to determine an
"exposure level" for them, indicating whether a service would benefit
from more sand-boxing options turned on for them.
* "systemd-analyze syscall-filter" will now also show system calls
supported by the local kernel but not included in any of the defined
groups.
* .nspawn files now understand the Ephemeral= setting, matching the
--ephemeral command line switch.
* sd-event gained the new APIs sd_event_source_get_floating() and
sd_event_source_set_floating() for controlling whether a specific
event source is "floating", i.e. destroyed along with the even loop
object itself.
* Unit objects on D-Bus gained a new "Refs" property that lists all
clients that currently have a reference on the unit (to ensure it is
not unloaded).
* The JoinControllers= option in system.conf is no longer supported, as
it didn't work correctly, is hard to support properly, is legacy (as
the concept only exists on cgroup v1) and apparently wasn't used.
* Journal messages that are generated whenever a unit enters the failed
state are now tagged with a unique MESSAGE_ID. Similarly, messages
generated whenever a service process exits are now made recognizable,
too. A tagged message is also emitted whenever a unit enters the
"dead" state on success.
* systemd-run gained a new switch --working-directory= for configuring
the working directory of the service to start. A shortcut -d is
equivalent, setting the working directory of the service to the
current working directory of the invoking program. The new --shell
(or just -S) option has been added for invoking the $SHELL of the
caller as a service, and implies --pty --same-dir --wait --collect
--service-type=exec. Or in other words, "systemd-run -S" is now the
quickest way to quickly get an interactive in a fully clean and
well-defined system service context.
* machinectl gained a new verb "import-fs" for importing an OS tree
from a directory. Moreover, when a directory or tarball is imported
and single top-level directory found with the OS itself below the OS
tree is automatically mangled and moved one level up.
* systemd-importd will no longer set up an implicit btrfs loop-back
file system on /var/lib/machines. If one is already set up, it will
continue to be used.
* A new generator "systemd-run-generator" has been added. It will
synthesize a unit from one or more program command lines included in
the kernel command line. This is very useful in container managers
for example:
# systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
This will run "systemd-nspawn" on an image, invoke the specified
command line and immediately shut down the container again, returning
the command line's exit code.
* The block device locking logic is now documented:
https://systemd.io/BLOCK_DEVICE_LOCKING
* loginctl and machinectl now optionally output the various tables in
JSON using the --output= switch. It is our intention to add similar
support to systemctl and all other commands.
* udevadm's query and trigger verb now optionally take a .device unit
name as argument.
* systemd-udevd's network naming logic now understands a new
net.naming-scheme= kernel command line switch, which may be used to
pick a specific version of the naming scheme. This helps stabilizing
interface names even as systemd/udev are updated and the naming logic
is improved.
* sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
SD_ID128_ALLF to test if a 128bit ID is set to all 0xFF bytes, and to
initialize one to all 0xFF.
* After loading the SELinux policy systemd will now recursively relabel
all files and directories listed in
/run/systemd/relabel-extra.d/*.relabel (which should be simple
newline separated lists of paths) in addition to the ones it already
implicitly relabels in /run, /dev and /sys. After the relabelling is
completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
removed. This is useful to permit initrds (i.e. code running before
the SELinux policy is in effect) to generate files in the host
filesystem safely and ensure that the correct label is applied during
the transition to the host OS.
* KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
mknod() handling in user namespaces. Previously mknod() would always
fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
but device nodes generated that way cannot be opened, and attempts to
open them result in EPERM. This breaks the "graceful fallback" logic
in systemd's PrivateDevices= sand-boxing option. This option is
implemented defensively, so that when systemd detects it runs in a
restricted environment (such as a user namespace, or an environment
where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
where device nodes cannot be created the effect of PrivateDevices= is
bypassed (following the logic that 2nd-level sand-boxing is not
essential if the system systemd runs in is itself already sand-boxed
as a whole). This logic breaks with 4.18 in container managers where
user namespacing is used: suddenly PrivateDevices= succeeds setting
up a private /dev/ file system containing devices nodes — but when
these are opened they don't work.
At this point is is recommended that container managers utilizing
user namespaces that intend to run systemd in the payload explicitly
block mknod() with seccomp or similar, so that the graceful fallback
logic works again.
We are very sorry for the breakage and the requirement to change
container configurations for newer kernels. It's purely caused by an
incompatible kernel change. The relevant kernel developers have been
notified about this userspace breakage quickly, but they chose to
ignore it.
* PermissionsStartOnly= setting is deprecated (but is still supported
for backwards compatibility). The same functionality is provided by
the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
commands.
* $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
pam_systemd anymore.
* The naming scheme for network devices was changed to always rename
devices, even if they were already renamed by userspace. The "kernel"
policy was changed to only apply as a fallback, if no other naming
policy took effect.
* The requirements to build systemd is bumped to meson-0.46 and
python-3.5.
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
(FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
— Warsaw, 2018-12-21
CHANGES WITH 239:
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
builtin will name network interfaces differently than in previous
versions for virtual network interfaces created with SR-IOV and NPAR
and for devices where the PCI network controller device does not have
a slot number associated.
SR-IOV virtual devices are now named based on the name of the parent
interface, with a suffix of "v<N>", where <N> is the virtual device
number. Previously those virtual devices were named as if completely
independent.
The ninth and later NPAR virtual devices will be named following the
scheme used for the first eight NPAR partitions. Previously those
devices were not renamed and the kernel default (eth<n>) was used.
"net_id" will also generate names for PCI devices where the PCI
network controller device does not have an associated slot number
itself, but one of its parents does. Previously those devices were
not renamed and the kernel default (eth<n>) was used.
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
systemd-logind.service. Since v235, IPAddressDeny=any has been set to
the unit. So, it is expected that the default behavior of
systemd-logind is not changed. However, if distribution packagers or
administrators disabled or modified IPAddressDeny= setting by a
drop-in config file, then it may be necessary to update the file to
re-enable AF_INET and AF_INET6 to support network user name services,
e.g. NIS.
* When the RestrictNamespaces= unit property is specified multiple
times, then the specified types are merged now. Previously, only the
last assignment was used. So, if distribution packagers or
administrators modified the setting by a drop-in config file, then it
may be necessary to update the file.
* When OnFailure= is used in combination with Restart= on a service
unit, then the specified units will no longer be triggered on
failures that result in restarting. Previously, the specified units
would be activated each time the unit failed, even when the unit was
going to be restarted automatically. This behaviour contradicted the
documentation. With this release the code is adjusted to match the
documentation.
* systemd-tmpfiles will now print a notice whenever it encounters
tmpfiles.d/ lines referencing the /var/run/ directory. It will
recommend reworking them to use the /run/ directory instead (for
which /var/run/ is simply a symlinked compatibility alias). This way
systemd-tmpfiles can properly detect line conflicts and merge lines
referencing the same file by two paths, without having to access
them.
* systemctl disable/unmask/preset/preset-all cannot be used with
--runtime. Previously this was allowed, but resulted in unintuitive
behaviour that wasn't useful. systemctl disable/unmask will now undo
both runtime and persistent enablement/masking, i.e. it will remove
any relevant symlinks both in /run and /etc.
* Note that all long-running system services shipped with systemd will
now default to a system call whitelist (rather than a blacklist, as
before). In particular, systemd-udevd will now enforce one too. For
most cases this should be safe, however downstream distributions
which disabled sandboxing of systemd-udevd (specifically the
MountFlags= setting), might want to disable this security feature
too, as the default whitelisting will prohibit all mount, swap,
reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
reboot-into-firmware menu items. It is also able to pick a better
screen resolution for HiDPI systems, and now provides loader
configuration settings to change the resolution explicitly.
* systemd-resolved now supports DNS-over-TLS. It's still
turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.