summaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-02-02 15:45:09 +0100
committerLennart Poettering <lennart@poettering.net>2023-02-02 15:45:09 +0100
commit1ee3720e76c4406afdc45a91b8777247b647abfe (patch)
treea79ba43744fbea9489a3120cb30f7c8631638144 /NEWS
parentNEWS: update for v253-rc2 (diff)
downloadsystemd-1ee3720e76c4406afdc45a91b8777247b647abfe.tar.xz
systemd-1ee3720e76c4406afdc45a91b8777247b647abfe.zip
NEWS: various fixes
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS339
1 files changed, 177 insertions, 162 deletions
diff --git a/NEWS b/NEWS
index 2592c6a3d2..53cce20160 100644
--- a/NEWS
+++ b/NEWS
@@ -2,12 +2,12 @@ systemd System and Service Manager
CHANGES WITH 253 in spe:
- Deprecations and incompatible changes
+ Deprecations and incompatible changes:
- * systemctl will now warn when invoked without /proc mounted (e.g. when
- invoked after chroot into an image without the API mount points like
- /proc being set up.) Operation in such an environment is not fully
- supported.
+ * systemctl will now warn when invoked without /proc/ mounted
+ (e.g. when invoked after chroot() into an directory tree without the
+ API mount points like /proc/ being set up.) Operation in such an
+ environment is not fully supported.
* The return value of 'systemctl is-active|is-enabled|is-failed' for
unknown units is changed: previously 1 or 3 were returned, but now 4
@@ -16,14 +16,15 @@ CHANGES WITH 253 in spe:
* 'udevadm hwdb' subcommand is deprecated and will emit a warning.
systemd-hwdb (added in 2014) should be used instead.
- * 'bootctl --json' now outputs well-formed JSON, instead of a stream
+ * 'bootctl --json' now outputs a single JSON array, instead of a stream
of newline-separated JSON objects.
- * Udev rules in 60-evdev.rules have been changed to load hwdb properties
- for all modalias patterns. Previously only the first matching pattern
- was used. This could change what properties are assigned if the user
- has more and less specific patterns that could match the same device,
- but it is expected that the change will have no effect for most users.
+ * Udev rules in 60-evdev.rules have been changed to load hwdb
+ properties for all modalias patterns. Previously only the first
+ matching pattern was used. This could change what properties are
+ assigned if the user has more and less specific patterns that could
+ match the same device, but it is expected that the change will have
+ no effect for most users.
* systemd-networkd-wait-online exits successfully when all interfaces
are ready or unmanaged. Previously, if neither '--any' nor
@@ -34,99 +35,102 @@ CHANGES WITH 253 in spe:
manager is also enabled and used.
* Some compatibility helpers were dropped: EmergencyAction= in the user
- manager, measuring kernel command line into PCR 8 along with the
- -Defi-tpm-pcr-compat compile-time option.
+ manager, as well as measuring kernel command line into PCR 8 in
+ systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
+ option.
- * The '-Dupdate-helper-user-timeout=' build-time option has been renamed
- to '-Dupdate-helper-user-timeout-sec=', and now takes an integer as
- parameter instead of a string.
+ * The '-Dupdate-helper-user-timeout=' build-time option has been
+ renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
+ integer as parameter instead of a string.
New components:
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
(UKIs) has been added. This replaces functionality provided by
- 'dracut --uefi' and extends it with automatic calculation of offsets,
- insertion of signed PCR policies generated by systemd-measure,
- support for initrd concatenation, signing of the embedded Linux image
- and the combined image with sbsign, and heuristics to autodetect the
- kernel uname and verify the splash image.
+ 'dracut --uefi' and extends it with automatic calculation of PE file
+ offsets, insertion of signed PCR policies generated by
+ systemd-measure, support for initrd concatenation, signing of the
+ embedded Linux image and the combined image with sbsign, and
+ heuristics to autodetect the kernel uname and verify the splash
+ image.
Changes in systemd and units:
- * A new unit type Type=notify-reload is defined. When such a unit is
- reloaded via a signal, the manager will wait until it receives a
- "READY=1" notification from the unit. Otherwise, this type is the
- same as Type=notify.
+ * A new service type Type=notify-reload is defined. When such a unit is
+ reloaded a signal (typically SIGHUP) is sent to the main service
+ process. The manager will then wait until it receives a "RELOADING=1"
+ followed by a "READY=1" notification from the unit as response (via
+ sd_notify()). Otherwise, this type is the same as Type=notify.
user@.service, systemd-networkd.service, systemd-udevd.service, and
- systemd-logind have been updated to this type; their reloads are now
- synchronous.
-
- * Initrd environments which are not on a temporary file system (for
- example an overlayfs combination) are now supported. Systemd will only
- skip removal of the files in the initrd if it doesn't detect a
- temporary file system.
-
- * New MemoryZSwapMax= option has been added to configure
- memory.zswap.max cgroup properties (the maximum amount of zswap used).
-
- * New LogFilterPatterns= option can be used to specify regexp
- accept/deny patterns for log entries generated by the unit. Based on
- the option value, the manager sets the
- user.journald_log_filter_patterns extended attribute on the unit
- cgroup. systemd-journald checks for this attribute when receiving
- messages, and will filter messages by matching the MESSAGE= part.
+ systemd-logind have been updated to this type.
+
+ * Initrd environments which are not on a pure memory file system (e.g.
+ overlayfs combination as opposed to tmpfs) are now supported. With
+ this change, during the initrd → host transition ("switch root")
+ systemd will no longer erase all files of the initrd unless it's
+ backed by a memory file system such as tmpfs.
+
+ * New per-unit MemoryZSwapMax= option has been added to configure
+ memory.zswap.max cgroup properties (the maximum amount of zswap
+ used).
+
+ * A new LogFilterPatterns= option has been added for units. It may be
+ used to specify accept/deny regular expressions for log messages
+ generated by the unit, that shall be enforced by systemd-journald.
Rejected messages are neither stored in the journal nor forwarded.
- This option can be used to filter noisy or uninteresting messages
+ This option may be used to suppress noisy or uninteresting messages
from units.
* The manager has a new
- org.freedesktop.systemd1.Manager.GetUnitByPIDFD() method to query
- process ownership via a PIDFD, which is more resilient against PID
- recycling issues.
+ org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
+ query process ownership via a PIDFD, which is more resilient against
+ PID recycling issues.
* Scope units now support OOMPolicy=. Login session scopes default to
OOMPolicy=continue, allowing login scopes to survive the OOM killer
terminating some processes in the scope.
* systemd-fstab-generator now supports x-systemd.makefs option for
- /sysroot (in the initrd).
+ /sysroot/ (in the initrd).
* The maximum rate at which daemon reloads are executed can now be
limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
options. (Or the equivalent on the kernel command line:
- systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=).
- In addition, systemd now logs the originating unit and PID when
- a reload request is received over D-Bus.
-
- * When enabling a swap device, instead of failing, systemd will now
- reinitialize the device when the page size of the swap space does not
- match the page size of the running kernel.
-
- * Systemd now executes generators in a mount namespace "sandbox" with
- most of the file system read-only, but with write access to the
- output directories, and with a temporary /tmp/ mount provided. This
- provides a safeguard against programming errors in the generators,
- but also fixes here-docs in shells, which previously didn't work in
- early boot when /tmp/ wasn't available yet. (This feature has no
- security implications, because the code is still privileged and can
- trivially exit the sandbox.)
-
- * The manager will load the vmm.notify_socket credential. If found,
- it will send a "READY=1" notification on the specified socket after
- boot is complete. This allows readiness notification to be sent
- from a VM guest to the host over a VSOCK socket.
+ systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
+ addition, systemd now logs the originating unit and PID when a reload
+ request is received over D-Bus.
+
+ * When enabling a swap device systemd will now reinitialize the device
+ when the page size of the swap space does not match the page size of
+ the running kernel.
+
+ * systemd now executes generator programs in a mount namespace
+ "sandbox" with most of the file system read-only and write access
+ restricted to the output directories, and with a temporary /tmp/
+ mount provided. This provides a safeguard against programming errors
+ in the generators, but also fixes here-docs in shells, which
+ previously didn't work in early boot when /tmp/ wasn't available
+ yet. (This feature has no security implications, because the code is
+ still privileged and can trivially exit the sandbox.)
+
+ * The system manager manager will now parse a new "vmm.notify_socket"
+ system credential, which may be supplied to a VM via SMBIOS. If
+ found, it will send a "READY=1" notification on the specified socket
+ after boot is complete. This allows readiness notification to be sent
+ from a VM guest to the VM host over a VSOCK socket.
* The sample PAM configuration file for systemd-user@.service now
includes a call to pam_namespace. This puts children of user@.service
in the expected namespace. (Many distributions replace their file
with something custom, so this change has limited effect.)
- * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST can
- can be used to override the mount units burst late limit for parsing
- '/proc/self/mountinfo', which was introduced in v249. Defaults to 5.
+ * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
+ can can be used to override the mount units burst late limit for
+ parsing '/proc/self/mountinfo', which was introduced in
+ v249. Defaults to 5.
- * Drop-ins for init.scope changing control cgroup resource limits are
+ * Drop-ins for init.scope changing control group resource limits are
now applied, while they were previously ignored.
* New build-time configuration options '-Ddefault-timeout-sec=' and
@@ -144,7 +148,7 @@ CHANGES WITH 253 in spe:
The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
a more informative path on some embedded systems.
- * Block partitions will now also get symlinks in
+ * Partition block devices will now also get symlinks in
/dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
block device nodes via the kernel's "diskseq" value. Previously those
symlinks were only created for the main block device.
@@ -162,16 +166,15 @@ CHANGES WITH 253 in spe:
means the RNG gets seeded very early in boot before userspace has
started.
- * systemd-boot will pass a random seed when secure boot is enabled if
- it can additionally get a random seed from EFI itself, via EFI's RNG
- protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
- preceding bootloader.
+ * systemd-boot will pass a disk-backed random seed – even when secure
+ boot is enabled – if it can additionally get a random seed from EFI
+ itself (via EFI's RNG protocol), or a prior seed in
+ LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
* systemd-boot-system-token.service was renamed to
- systemd-boot-random-seed.service and extended to always save the
- random seed to ESP on every boot when a compatible boot loader is
- used. This allows a refreshed random seed to be used in the boot
- loader.
+ systemd-boot-random-seed.service and extended to always save a random
+ seed to ESP on every boot when a compatible boot loader is used. This
+ allows a refreshed random seed to be used in the boot loader.
* systemd-boot handles various seed inputs using a domain- and
field-separated hashing scheme.
@@ -180,77 +183,85 @@ CHANGES WITH 253 in spe:
token is now always required to be present for random seeds to be
used.
- * systemd-boot now supports being loaded not from the ESP, for example
- for direct kernel boot under QEMU or when embedded into the firmware.
+ * systemd-boot now supports being loaded from other locations than the
+ ESP, for example for direct kernel boot under QEMU or when embedded
+ into the firmware.
- * systemd-boot now parses SMBIOS info to detect virtualization. This
- information is used to skip some warnings which are not useful in a
- VM and to conditionalize other aspects of behaviour.
+ * systemd-boot now parses SMBIOS information to detect
+ virtualization. This information is used to skip some warnings which
+ are not useful in a VM and to conditionalize other aspects of
+ behaviour.
* systemd-boot now supports a new 'if-safe' mode that will perform UEFI
Secure Boot automated certificate enrollment from the ESP only if it
- is considered 'safe' to do so. At the moment 'safe' means running in a
- virtual machine.
+ is considered 'safe' to do so. At the moment 'safe' means running in
+ a virtual machine.
* systemd-stub now processes random seeds in the same way as
- systemd-boot, in case a unified kernel image is being used from a
- different bootloader than systemd-boot.
+ systemd-boot already does, in case a unified kernel image is being
+ used from a different bootloader than systemd-boot, or without any
+ boot load at all.
* bootctl will now generate a system token on all EFI systems, even
virtualized ones, and is activated in the case that the system token
is missing from either sd-boot and sd-stub booted systems.
* bootctl now implements two new verbs: 'kernel-identify' prints the
- type of a kernel image, and 'kernel-inspect' provides information
- about the embedded command line and kernel version.
+ type of a kernel image file, and 'kernel-inspect' provides
+ information about the embedded command line and kernel version of
+ UKIs.
* bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
as for kernel-install.
Changes in kernel-install:
- * A new "installation layout" can be configured as layout=uki. With this
- setting, a Boot Loader Specification Type#1 entry will not be created.
- Instead, a new kernel-install plugin 90-uki-copy.install will copy any
- .efi files from the staging area into the boot partition. A plugin to
- generate the UKI .efi file must be provided separately.
+ * A new "installation layout" can be configured as layout=uki. With
+ this setting, a Boot Loader Specification Type#1 entry will not be
+ created. Instead, a new kernel-install plugin 90-uki-copy.install
+ will copy any .efi files from the staging area into the boot
+ partition. A plugin to generate the UKI .efi file must be provided
+ separately.
Changes in systemctl:
* 'systemctl reboot' has dropped support for accepting a positional
argument as the argument to the reboot(2) syscall. Please use the
- --reboot-argument option instead.
+ --reboot-argument= option instead.
- * 'systemctl disable' will now warn when called on units without install
- information. A new --no-warn option has been added that silences this
- warning.
+ * 'systemctl disable' will now warn when called on units without
+ install information. A new --no-warn option has been added that
+ silences this warning.
* New option '--drop-in=' can be used to tell 'systemctl edit' the name
- of the drop-in to edit. (Previously, 'override.conf' was always used.
+ of the drop-in to edit. (Previously, 'override.conf' was always
+ used.)
* 'systemctl list-dependencies' now respects --type= and --state=.
- * 'systemctl kexec' now supports XEN.
+ * 'systemctl kexec' now supports XEN VMM environments.
Changes in systemd-networkd and related tools:
* The [DHCPv4] section in .network file gained new SocketPriority=
- setting that assigns the Linux socket priority used by the DHCPv4
- raw socket. Can be used in conjunction with the EgressQOSMaps=setting
- in [VLAN] section of .netdev file to send the desired ethernet 802.1Q
- frame priority for DHCPv4 initial packets. This cannot be achieved
- with netfilter mangle tables because of the raw socket bypass.
-
- * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained new
- QuickAck= boolean setting that enables the TCP quick ACK mode for the
- routes configured by the acquired DHCPv4 lease or received router
+ setting that assigns the Linux socket priority used by the DHCPv4 raw
+ socket. This may be used in conjunction with the
+ EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
+ desired ethernet 802.1Q frame priority for DHCPv4 initial
+ packets. This cannot be achieved with netfilter mangle tables because
+ of the raw socket bypass.
+
+ * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
+ new QuickAck= boolean setting that enables the TCP quick ACK mode for
+ the routes configured by the acquired DHCPv4 lease or received router
advertisements (RAs).
* The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
routes) now accepts three values, for high, medium, and low preference
of the router (which can be set with the RouterPreference=) setting.
- * systemd-networkd-wait-online now supports alternative interface names.
+ * systemd-networkd-wait-online now supports matching via alternative
+ interface names.
* The [DHCPv6] section in .network file gained new SendRelease=
setting which enables the DHCPv6 client to send release when
@@ -265,18 +276,21 @@ CHANGES WITH 253 in spe:
Changes in systemd-dissect:
- * systemd-dissect gained a new option --list, to print the paths fo the
- files and directories in the image.
+ * systemd-dissect gained a new option --list, to print the paths off
+ all files and directories in a DDI.
- * systemd-dissect gained a new option --mtree, to generate output
- compatible with BSD mtree(5).
+ * systemd-dissect gained a new option --mtree, to generate a file
+ manifest compatible with BSD mtree(5) of a DDI
- * systemd-dissect gained a new option --with, to execute a command in
- the image temporarily mounted.
+ * systemd-dissect gained a new option --with, to execute a command with
+ the specified DDI temporarily mounted and used as working
+ directory. This is for example useful to convert a DDI to "tar"
+ simply by running it within a "systemd-dissect --with" invocation.
* systemd-dissect gained a new option --discover, to search for
- Discoverable Disk Images (DDIs) in well-known directories. This will
- list machine, portable service and system extension disk images.
+ Discoverable Disk Images (DDIs) in well-known directories of the
+ system. This will list machine, portable service and system extension
+ disk images.
* systemd-dissect now understands 2nd stage initrd images stored as a
Discoverable Disk Image (DDI).
@@ -292,13 +306,14 @@ CHANGES WITH 253 in spe:
* systemd-repart also gained a --defer-partitions= option that is
similar to --exclude-partitions=, but the size of the partition is
- taken into account without populating it.
+ still taken into account when sizing partitions, but without
+ populating it.
* systemd-repart gained a new --sector-size= option to specify what
sector size should be used when an image is created.
- * systemd-repart now supports erofs (a read-only file system similar to
- squashfs).
+ * systemd-repart now supports generating erofs file systems via
+ CopyFiles= (a read-only file system similar to squashfs).
* The Minimize= option was extended to accept "best" (which means the
most minimal image possible, but may require multiple attempts) and
@@ -313,20 +328,22 @@ CHANGES WITH 253 in spe:
about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
Details of what is logged and when are subject to change.
- * The systemd-journald-audit.socket can now be normally disabled to stop
- collection of audit messages. Please note that it is not enabled
- statically anymore and must be handled by the preset/enablement logic
- in package installation scripts.
+ * The systemd-journald-audit.socket can now be disabled via the usual
+ "systemctl disable" mechanism to stop collection of audit
+ messages. Please note that it is not enabled statically anymore and
+ must be handled by the preset/enablement logic in package
+ installation scripts.
* New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
be used to curtail disk use by systemd-journal-remote. This is
similar to the options supported by systemd-journald.
Changes in systemd-cryptenroll, systemd-cryptsetup, and related
- components
+ components:
- * systemd-cryptenroll now supports unlocking via FIDO2 tokens (option
- --unlock-fido2-device=).
+ * When enrolling new keys systemd-cryptenroll now supports unlocking
+ via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
+ password was strictly required to be specified.
* systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
(except for tokens with user verification, UV) to identify tokens
@@ -334,24 +351,18 @@ CHANGES WITH 253 in spe:
the same time, and systemd-cryptsetup will automatically select one
that corresponds to one of the available LUKS key slots.
- * systemd-cryptsetup now supports new options tpm2-measure-pcr= and
- tpm2-measure-bank= in crypttab(5). These allow specifying the
- PCR bank and number into which the volume key should be measured.
-
- * When measuring data into a PCR, an authenticated hash (HMAC) is used
- on the CPU, to further protect the data before it leaves the CPU.
+ * systemd-cryptsetup now supports new options tpm2-measure-bank= and
+ tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
+ bank and number into which the volume key should be measured.
* systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
"noexec,nosuid,nodev".
* systemd-pcrphase gained new options --machine-id and --file-system=
- to measure the machine-id and mount point information into a PCR.
-
- * The machine-id is measured into PCR 15 during early boot.
-
- * For the root and /var/ volumes, the mount point information and
- options, and volume encryption keys in case encryption is used, will
- be measured into PCR 15.
+ to measure the machine-id and mount point information into PCR 15. New
+ service unit files systemd-pcrmachine.service and
+ systemd-pcrfs@.service have been added that invoke the tool with
+ these switches during early boot.
* systemd-cryptenroll now stores the user-supplied PIN with a salt,
making it harder to brute-force.
@@ -363,7 +374,7 @@ CHANGES WITH 253 in spe:
* Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
$SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
- can be used to specify additional arguments for mkfs when
+ may now be used to specify additional arguments for mkfs when
systemd-homed formats a file system.
* systemd-hostnamed now exports the contents of
@@ -372,7 +383,7 @@ CHANGES WITH 253 in spe:
unprivileged code to access those values.
systemd-hostnamed also exports the SUPPORT_END= field from
- os-release(5) as OperatingSystemSupportEnd. timedatectl make uses of
+ os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
this to show the status of the installed system.
* systemd-measure gained an --append= option to sign multiple phase
@@ -382,14 +393,14 @@ CHANGES WITH 253 in spe:
* systemd-timesyncd will now write a structured log message with
MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
- on a disk timestamp, similarly to what it did when reaching
+ on a on-disk timestamp, similarly to what it did when reaching
synchronization via NTP.
- systemd-timesyncd will now also update the timestamp file on each
- boot, making it more likely that the system time increases in
- subsequent boots.
+ * systemd-timesyncd will now update the on-disk timestamp file on each
+ boot at least once, making it more likely that the system time
+ increases in subsequent boots.
- * systemd-vconsole-setup gained support for credentials:
+ * systemd-vconsole-setup gained support for system/service credentials:
vconsole.keymap/vconsole.keymap_toggle and
vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
the similarly-named options in vconsole.conf.
@@ -420,7 +431,7 @@ CHANGES WITH 253 in spe:
Similarly, 'machinectl start|stop' gained a --now option to enable or
disable the machine unit when starting or stopping it.
- * systemd-sysusers will now create /etc if it is missing.
+ * systemd-sysusers will now create /etc/ if it is missing.
* systemd-sleep 'HibernateDelaySec=' setting is changed back to
pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
@@ -440,9 +451,10 @@ CHANGES WITH 253 in spe:
sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
* sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
- id128_t parameter has an invalid format. They also accept NULL as
- output parameter in more places, which is useful when the caller only
- wants to check the inputs and does not need the output value.
+ 128bit ID in files such as /etc/machine-id has an invalid
+ format. They also accept NULL as output parameter in more places,
+ which is useful when the caller only wants to validate the inputs and
+ does not need the output value.
* sd-login gained new functions sd_pidfd_get_session(),
sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
@@ -458,21 +470,24 @@ CHANGES WITH 253 in spe:
SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
* sd-notify now supports AF_VSOCK, in the "vsock:CID:port" format, for
- the notify_socket parameter/environment variable/credential.
+ the $NOTIFY_SOCKET parameter/environment variable/credential.
- * Detection of chroot environments now works if /proc/ is not mounted.
- This affects systemd-detect-virt --chroot, but also means that systemd
- tools will silently skip various operations in such an environment.
+ * Detection of chroot() environments now works if /proc/ is not
+ mounted. This affects systemd-detect-virt --chroot, but also means
+ that systemd tools will silently skip various operations in such an
+ environment.
* "Lockheed Matrin Hardened Security for Intel Processors" (HS SRE)
virtualization is now detected.
Changes in the build system:
- * Standalone variant of systemd-repart is built (if -Dstandalone=true).
+ * A standalone variant of systemd-repart may now be built (if
+ -Dstandalone=true).
- * systemd-ac-power has been moved to /usr/bin/, to, for example, allow
- scripts to conditionalize execution on AC power supply.
+ * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
+ example, allow scripts to conditionalize execution on AC power
+ supply.
* The libp11kit library is now loaded through dlopen(3).