[arch-general] [arch-dev-public] FYI: systemd 198
lisaev at umail.iu.edu
Sat Mar 9 16:38:10 EST 2013
On Fri, 8 Mar 2013 09:35:39 +0900
Tom Gundersen <teg at jklm.no> wrote:
> Hi guys,
> A new systemd release is out (not yet packaged though), and there are
> several features which might be of interest to us.
> ---------- Forwarded message ----------
> From: Lennart Poettering <lennart at poettering.net>
> Date: Fri, Mar 8, 2013 at 8:12 AM
> Subject: [systemd-devel] [ANNOUNCE] systemd 198
> To: systemd Mailing List <systemd-devel at lists.freedesktop.org>
> Finally, here's 198, with many big changes:
> In detail:
> * Configuration of unit files may now be extended via drop-in
> files without having to edit/override the unit files
> themselves. More specifically, if the administrator wants to
> change one value for a service file foobar.service he can
> now do so by dropping in a configuration snippet into
> /etc/systemd/systemd/foobar.service.d/*.conf. The unit logic
> will load all these snippets and apply them on top of the
> main unit configuration file, possibly extending or
> overriding its settings. Using these drop-in snippets is
> generally nicer than the two earlier options for changing
> unit files locally: copying the files from
> /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
> them there; or creating a new file in /etc/systemd/system/
> that incorporates the original one via ".include". Drop-in
> snippets into these .d/ directories can be placed in any
> directory systemd looks for units in, and the usual
> overriding semantics between /usr/lib, /etc and /run apply
> for them too.
> * Most unit file settings which take lists of items can now be
> reset by assigning the empty string to them. For example,
> normally, settings such as Environment=FOO=BAR append a new
> environment variable assignment to the environment block,
> each time they are used. By assigning Environment= the empty
> string the environment block can be reset to empty. This is
> particularly useful with the .d/*.conf drop-in snippets
> mentioned above, since this adds the ability to reset list
> settings from vendor unit files via these drop-ins.
> * systemctl gained a new "list-dependencies" command for
> listing the dependencies of a unit recursively.
> * Inhibitors are now honored and listed by "systemctl
> suspend", "systemctl poweroff" (and similar) too, not only
> GNOME. These commands will also list active sessions by
> other users.
> * Resource limits (as exposed by the various control group
> controllers) can now be controlled dynamically at runtime
> for all units. More specifically, you can now use a command
> like "systemctl set-cgroup-attr foobar.service cpu.shares
> 2000" to alter the CPU shares a specific service gets. These
> settings are stored persistently on disk, and thus allow the
> administrator to easily adjust the resource usage of
> services with a few simple commands. This dynamic resource
> management logic is also available to other programs via the
> bus. Almost any kernel cgroup attribute and controller is
> * systemd-vconsole-setup will now copy all font settings to
> all allocated VTs, where it previously applied them only to
> the foreground VT.
> * libsystemd-login gained the new sd_session_get_tty() API
> * This release drops support for a few legacy or
> distribution-specific LSB facility names when parsing init
> scripts: $x-display-manager, $mail-transfer-agent,
> $mail-transport-agent, $mail-transfer-agent, $smtp,
> $null. Also, the mail-transfer-agent.target unit backing
> this has been removed. Distributions which want to retain
> compatibility with this should carry the burden for
> supporting this themselves and patch support for these back
> in, if they really need to. Also, the facilities $syslog and
> $local_fs are now ignored, since systemd does not support
> early-boot LSB init scripts anymore, and these facilities
> are implied anyway for normal services. syslog.target has
> also been removed.
> * There are new bus calls on PID1's Manager object for
> cancelling jobs, and removing snapshot units. Previously,
> both calls were only available on the Job and Snapshot
> objects themselves.
> * systemd-journal-gatewayd gained SSL support.
> * The various "environment" files, such as /etc/locale.conf
> now support continuation lines with a backslash ("\") as
> last character in the line, similar in style (but different)
> to how this is supported in shells.
> * For normal user processes the _SYSTEMD_USER_UNIT= field is
> now implicitly appended to every log entry logged. systemctl
> has been updated to filter by this field when operating on a
> user systemd instance.
> * nspawn will now implicitly add the CAP_AUDIT_WRITE and
> CAP_AUDIT_CONTROL capabilities to the capabilities set for
> the container. This makes it easier to boot unmodified
> Fedora systems in a container, which however still requires
> audit=0 to be passed on the kernel command line. Auditing in
> kernel and userspace is unfortunately still too broken in
> context of containers, hence we recommend compiling it out
> of the kernel or using audit=0. Hopefully this will be fixed
> one day for good in the kernel.
> * nspawn gained the new --bind= and --bind-ro= parameters to
> bind mount specific directories from the host into the
> * nspawn will now mount its own devpts file system instance
> into the container, in order not to leak pty devices from
> the host into the container.
> * systemd will now read the firmware boot time performance
> information from the EFI variables, if the used boot loader
> supports this, and takes it into account for boot performance
> analysis via "systemd-analyze". This is currently supported
> only in conjunction with Gummiboot, but could be supported
> by other boot loaders too. For details see:
> * A new generator has been added that automatically mounts the
> EFI System Partition (ESP) to /boot, if that directory
> exists, is empty, and no other file system has been
> configured to be mounted there.
> * logind will now send out PrepareForSleep(false) out
> unconditionally, after coming back from suspend. This may be
> used by applications as asynchronous notification for
> system resume events.
> * "systemctl unlock-sessions" has been added, that allows
> unlocking the screens of all user sessions at once, similar
> how "systemctl lock-sessions" already locked all users
> sessions. This is backed by a new D-Bus call UnlockSessions().
> * "loginctl seat-status" will now show the master device of a
> seat. (i.e. the device of a seat that needs to be around for
> the seat to be considered available, usually the graphics
> * tmpfiles gained a new "X" line type, that allows
> configuration of files and directories (with wildcards) that
> shall be excluded from automatic cleanup ("aging").
> * udev default rules set the device node permissions now only
> at "add" events, and do not change them any longer with a
> later "change" event.
> * The log messages for lid events and power/sleep keypresses
> now carry a message ID.
> * We now have a substantially larger unit test suite, but this
> continues to be work in progress.
> * udevadm hwdb gained a new --root= parameter to change the
> root directory to operate relative to.
> * logind will now issue a background sync() request to the kernel
> early at shutdown, so that dirty buffers are flushed to disk early
> instead of at the last moment, in order to optimize shutdown
> times a little.
> * A new bootctl tool has been added that is an interface for
> certain boot loader operations. This is currently a preview
> and is likely to be extended into a small mechanism daemon
> like timedated, localed, hostnamed, and can be used by
> graphical UIs to enumerate available boot options, and
> request boot into firmware operations.
> * systemd-bootchart has been relicensed to LGPLv2.1+ to match
> the rest of the package. It also has been updated to work
> correctly in initrds.
> * Policykit previously has been runtime optional, and is now
> also compile time optional via a configure switch.
> * systemd-analyze has been reimplemented in C. Also "systemctl
> dot" has moved into systemd-analyze.
> * "systemctl status" with no further parameters will now print
> the status of all active or failed units.
> * Operations such as "systemctl start" can now be executed
> with a new mode "--irreversible" which may be used to queue
> operations that cannot accidentally be reversed by a later
> job queuing. This is by default used to make shutdown
> requests more robust.
> * The Python API of systemd now gained a new module for
> reading journal files.
> * A new tool kernel-install has been added that can install
> kernel images according to the Boot Loader Specification:
> * Boot time console output has been improved to provide
> animated boot time output for hanging jobs.
> * A new tool systemd-activate has been added which can be used
> to test socket activation with, directly from the command
> line. This should make it much easier to test and debug
> socket activation in daemons.
> * journalctl gained a new "--reverse" (or -r) option to show
> journal output in reverse order (i.e. newest line first).
> * journalctl gained a new "--pager-end" (or -e) option to jump
> to immediately jump to the end of the journal in the
> pager. This is only supported in conjunction with "less".
> * journalctl gained a new "--user-unit=" option, that works
> similar to "--unit=" but filters for user units rather than
> system units.
> * A number of unit files to ease adoption of systemd in
> initrds has been added. This moves some minimal logic from
> the various initrd implementations into systemd proper.
> * The journal files are now owned by a new group
> "systemd-journal", which exists specifically to allow access
> to the journal, and nothing else. Previously, we used the
> "adm" group for that, which however possibly covers more
> than just journal/log file access. This new group is now
> already used by systemd-journal-gatewayd to ensure this
> daemon gets access to the journal files and as little else
> as possible. Note that "make install" will also set FS ACLs
> up for /var/log/journal to give "adm" and "wheel" read
> access to it, in addition to "systemd-journal" which owns
> the journal files. We recommend that packaging scripts also
> add read access to "adm" + "wheel" to /var/log/journal, and
> all existing/future journal files. To normal users and
> administrators little changes, however packagers need to
> ensure to create the "systemd-journal" system group at
> package installation time.
> * The systemd-journal-gatewayd now runs as unprivileged user
> systemd-journal-gateway:systemd-journal-gateway. Packaging
> scripts need to create these system user/group at
> installation time.
> * timedated now exposes a new boolean property CanNTP that
> indicates whether a local NTP service is available or not.
> * systemd-detect-virt will now also detect xen PVs
> * The pstore file system is now mounted by default, if it is
> * In addition to the SELinux and IMA policies we will now also
> load SMACK policies at early boot.
> Contributions from: Adel Gadllah, Aleksander Morgado, Auke
> Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
> Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
> Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
> Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
> Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
> Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
> Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
> Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
> Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
> Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
> Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
> Gundersen, Umut Tezduyar, William Giokas, Zbigniew
> Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
> Lennart Poettering - Red Hat, Inc.
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
With this release, I have a minor issue with shutdown/reboot as a normal user
from tty, if the _same_ tty saw a root login and subsequent logout earlier. I
_guess_, this is also true for any other user, not only root. So:
1. Power on -> login as a user to tty -> systemctl poweroff works OK.
2. Power on -> login as root to tty; do something; logout -> login as user to
same tty -> systemctl poweroff yields
:User root is logged in on tty1.
:Please retry operation after closing inhibitors and logging out other
:users. Alternatively, ignore inhibitors and users with 'systemctl poweroff
Meanwhile, systemd-inhibit --list says there are 0 inhibitors, ps shows no
root shells, and loginctl shows no leftover root sessions. I have all default
configs... So what am I missing here?
Thanks in advance,
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the arch-general