[arch-general] [arch-dev-public] FYI: systemd 198

Leonid Isaev lisaev at umail.iu.edu
Sat Mar 9 16:38:10 EST 2013

On Fri, 8 Mar 2013 09:35:39 +0900
Tom Gundersen <teg at jklm.no> wrote:

> Hi guys,
> A new systemd release is out (not yet packaged though), and there are
> several features which might be of interest to us.
> Cheers,
> Tom
> ---------- Forwarded message ----------
> From: Lennart Poettering <lennart at poettering.net>
> Date: Fri, Mar 8, 2013 at 8:12 AM
> Subject: [systemd-devel] [ANNOUNCE] systemd 198
> To: systemd Mailing List <systemd-devel at lists.freedesktop.org>
> Hey!
> Finally, here's 198, with many big changes:
> http://www.freedesktop.org/software/systemd/systemd-198.tar.xz
> In detail:
>         * Configuration of unit files may now be extended via drop-in
>           files without having to edit/override the unit files
>           themselves. More specifically, if the administrator wants to
>           change one value for a service file foobar.service he can
>           now do so by dropping in a configuration snippet into
>           /etc/systemd/systemd/foobar.service.d/*.conf. The unit logic
>           will load all these snippets and apply them on top of the
>           main unit configuration file, possibly extending or
>           overriding its settings. Using these drop-in snippets is
>           generally nicer than the two earlier options for changing
>           unit files locally: copying the files from
>           /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
>           them there; or creating a new file in /etc/systemd/system/
>           that incorporates the original one via ".include". Drop-in
>           snippets into these .d/ directories can be placed in any
>           directory systemd looks for units in, and the usual
>           overriding semantics between /usr/lib, /etc and /run apply
>           for them too.
>         * Most unit file settings which take lists of items can now be
>           reset by assigning the empty string to them. For example,
>           normally, settings such as Environment=FOO=BAR append a new
>           environment variable assignment to the environment block,
>           each time they are used. By assigning Environment= the empty
>           string the environment block can be reset to empty. This is
>           particularly useful with the .d/*.conf drop-in snippets
>           mentioned above, since this adds the ability to reset list
>           settings from vendor unit files via these drop-ins.
>         * systemctl gained a new "list-dependencies" command for
>           listing the dependencies of a unit recursively.
>         * Inhibitors are now honored and listed by "systemctl
>           suspend", "systemctl poweroff" (and similar) too, not only
>           GNOME. These commands will also list active sessions by
>           other users.
>         * Resource limits (as exposed by the various control group
>           controllers) can now be controlled dynamically at runtime
>           for all units. More specifically, you can now use a command
>           like "systemctl set-cgroup-attr foobar.service cpu.shares
>           2000" to alter the CPU shares a specific service gets. These
>           settings are stored persistently on disk, and thus allow the
>           administrator to easily adjust the resource usage of
>           services with a few simple commands. This dynamic resource
>           management logic is also available to other programs via the
>           bus. Almost any kernel cgroup attribute and controller is
>           supported.
>         * systemd-vconsole-setup will now copy all font settings to
>           all allocated VTs, where it previously applied them only to
>           the foreground VT.
>         * libsystemd-login gained the new sd_session_get_tty() API
>           call.
>         * This release drops support for a few legacy or
>           distribution-specific LSB facility names when parsing init
>           scripts: $x-display-manager, $mail-transfer-agent,
>           $mail-transport-agent, $mail-transfer-agent, $smtp,
>           $null. Also, the mail-transfer-agent.target unit backing
>           this has been removed. Distributions which want to retain
>           compatibility with this should carry the burden for
>           supporting this themselves and patch support for these back
>           in, if they really need to. Also, the facilities $syslog and
>           $local_fs are now ignored, since systemd does not support
>           early-boot LSB init scripts anymore, and these facilities
>           are implied anyway for normal services. syslog.target has
>           also been removed.
>         * There are new bus calls on PID1's Manager object for
>           cancelling jobs, and removing snapshot units. Previously,
>           both calls were only available on the Job and Snapshot
>           objects themselves.
>         * systemd-journal-gatewayd gained SSL support.
>         * The various "environment" files, such as /etc/locale.conf
>           now support continuation lines with a backslash ("\") as
>           last character in the line, similar in style (but different)
>           to how this is supported in shells.
>         * For normal user processes the _SYSTEMD_USER_UNIT= field is
>           now implicitly appended to every log entry logged. systemctl
>           has been updated to filter by this field when operating on a
>           user systemd instance.
>         * nspawn will now implicitly add the CAP_AUDIT_WRITE and
>           CAP_AUDIT_CONTROL capabilities to the capabilities set for
>           the container. This makes it easier to boot unmodified
>           Fedora systems in a container, which however still requires
>           audit=0 to be passed on the kernel command line. Auditing in
>           kernel and userspace is unfortunately still too broken in
>           context of containers, hence we recommend compiling it out
>           of the kernel or using audit=0. Hopefully this will be fixed
>           one day for good in the kernel.
>         * nspawn gained the new --bind= and --bind-ro= parameters to
>           bind mount specific directories from the host into the
>           container.
>         * nspawn will now mount its own devpts file system instance
>           into the container, in order not to leak pty devices from
>           the host into the container.
>         * systemd will now read the firmware boot time performance
>           information from the EFI variables, if the used boot loader
>           supports this, and takes it into account for boot performance
>           analysis via "systemd-analyze". This is currently supported
>           only in conjunction with Gummiboot, but could be supported
>           by other boot loaders too. For details see:
>           http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
>         * A new generator has been added that automatically mounts the
>           EFI System Partition (ESP) to /boot, if that directory
>           exists, is empty, and no other file system has been
>           configured to be mounted there.
>         * logind will now send out PrepareForSleep(false) out
>           unconditionally, after coming back from suspend. This may be
>           used by applications as asynchronous notification for
>           system resume events.
>         * "systemctl unlock-sessions" has been added, that allows
>           unlocking the screens of all user sessions at once, similar
>           how "systemctl lock-sessions" already locked all users
>           sessions. This is backed by a new D-Bus call UnlockSessions().
>         * "loginctl seat-status" will now show the master device of a
>           seat. (i.e. the device of a seat that needs to be around for
>           the seat to be considered available, usually the graphics
>           card).
>         * tmpfiles gained a new "X" line type, that allows
>           configuration of files and directories (with wildcards) that
>           shall be excluded from automatic cleanup ("aging").
>         * udev default rules set the device node permissions now only
>           at "add" events, and do not change them any longer with a
>           later "change" event.
>         * The log messages for lid events and power/sleep keypresses
>           now carry a message ID.
>         * We now have a substantially larger unit test suite, but this
>           continues to be work in progress.
>         * udevadm hwdb gained a new --root= parameter to change the
>           root directory to operate relative to.
>         * logind will now issue a background sync() request to the kernel
>           early at shutdown, so that dirty buffers are flushed to disk early
>           instead of at the last moment, in order to optimize shutdown
>           times a little.
>         * A new bootctl tool has been added that is an interface for
>           certain boot loader operations. This is currently a preview
>           and is likely to be extended into a small mechanism daemon
>           like timedated, localed, hostnamed, and can be used by
>           graphical UIs to enumerate available boot options, and
>           request boot into firmware operations.
>         * systemd-bootchart has been relicensed to LGPLv2.1+ to match
>           the rest of the package. It also has been updated to work
>           correctly in initrds.
>         * Policykit previously has been runtime optional, and is now
>           also compile time optional via a configure switch.
>         * systemd-analyze has been reimplemented in C. Also "systemctl
>           dot" has moved into systemd-analyze.
>         * "systemctl status" with no further parameters will now print
>           the status of all active or failed units.
>         * Operations such as "systemctl start" can now be executed
>           with a new mode "--irreversible" which may be used to queue
>           operations that cannot accidentally be reversed by a later
>           job queuing. This is by default used to make shutdown
>           requests more robust.
>         * The Python API of systemd now gained a new module for
>           reading journal files.
>         * A new tool kernel-install has been added that can install
>           kernel images according to the Boot Loader Specification:
>           http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
>         * Boot time console output has been improved to provide
>           animated boot time output for hanging jobs.
>         * A new tool systemd-activate has been added which can be used
>           to test socket activation with, directly from the command
>           line. This should make it much easier to test and debug
>           socket activation in daemons.
>         * journalctl gained a new "--reverse" (or -r) option to show
>           journal output in reverse order (i.e. newest line first).
>         * journalctl gained a new "--pager-end" (or -e) option to jump
>           to immediately jump to the end of the journal in the
>           pager. This is only supported in conjunction with "less".
>         * journalctl gained a new "--user-unit=" option, that works
>           similar to "--unit=" but filters for user units rather than
>           system units.
>         * A number of unit files to ease adoption of systemd in
>           initrds has been added. This moves some minimal logic from
>           the various initrd implementations into systemd proper.
>         * The journal files are now owned by a new group
>           "systemd-journal", which exists specifically to allow access
>           to the journal, and nothing else. Previously, we used the
>           "adm" group for that, which however possibly covers more
>           than just journal/log file access. This new group is now
>           already used by systemd-journal-gatewayd to ensure this
>           daemon gets access to the journal files and as little else
>           as possible. Note that "make install" will also set FS ACLs
>           up for /var/log/journal to give "adm" and "wheel" read
>           access to it, in addition to "systemd-journal" which owns
>           the journal files. We recommend that packaging scripts also
>           add read access to "adm" + "wheel" to /var/log/journal, and
>           all existing/future journal files. To normal users and
>           administrators little changes, however packagers need to
>           ensure to create the "systemd-journal" system group at
>           package installation time.
>         * The systemd-journal-gatewayd now runs as unprivileged user
>           systemd-journal-gateway:systemd-journal-gateway. Packaging
>           scripts need to create these system user/group at
>           installation time.
>         * timedated now exposes a new boolean property CanNTP that
>           indicates whether a local NTP service is available or not.
>         * systemd-detect-virt will now also detect xen PVs
>         * The pstore file system is now mounted by default, if it is
>           available.
>         * In addition to the SELinux and IMA policies we will now also
>           load SMACK policies at early boot.
>         Contributions from: Adel Gadllah, Aleksander Morgado, Auke
>         Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
>         Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
>         Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
>         Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
>         Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
>         Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
>         Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
>         Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
>         Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
>         Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
>         Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
>         Gundersen, Umut Tezduyar, William Giokas, Zbigniew
>         Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
> Lennart
> --
> Lennart Poettering - Red Hat, Inc.
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

With this release, I have a minor issue with shutdown/reboot as a normal user
from tty, if the _same_ tty saw a root login and subsequent logout earlier. I
_guess_, this is also true for any other user, not only root. So:
1. Power on -> login as a user to tty -> systemctl poweroff works OK.
2. Power on -> login as root to tty; do something; logout -> login as user to
   same tty -> systemctl poweroff yields
   :User root is logged in on tty1.
   :Please retry operation after closing inhibitors and logging out other
   :users. Alternatively, ignore inhibitors and users with 'systemctl poweroff
Meanwhile, systemd-inhibit --list says there are 0 inhibitors, ps shows no
root shells, and loginctl shows no leftover root sessions. I have all default
configs... So what am I missing here? 

Thanks in advance,
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20130309/b6e52fc4/attachment-0001.asc>

More information about the arch-general mailing list