On Fri, 8 Mar 2013 09:35:39 +0900 Tom Gundersen <teg@xxxxxxx> wrote: > Hi guys, > > A new systemd release is out (not yet packaged though), and there are > several features which might be of interest to us. > > Cheers, > > Tom > > ---------- Forwarded message ---------- > From: Lennart Poettering <lennart@xxxxxxxxxxxxxx> > Date: Fri, Mar 8, 2013 at 8:12 AM > Subject: [systemd-devel] [ANNOUNCE] systemd 198 > To: systemd Mailing List <systemd-devel@xxxxxxxxxxxxxxxxxxxxx> > > > Hey! > > Finally, here's 198, with many big changes: > > http://www.freedesktop.org/software/systemd/systemd-198.tar.xz > > In detail: > > * Configuration of unit files may now be extended via drop-in > files without having to edit/override the unit files > themselves. More specifically, if the administrator wants to > change one value for a service file foobar.service he can > now do so by dropping in a configuration snippet into > /etc/systemd/systemd/foobar.service.d/*.conf. The unit logic > will load all these snippets and apply them on top of the > main unit configuration file, possibly extending or > overriding its settings. Using these drop-in snippets is > generally nicer than the two earlier options for changing > unit files locally: copying the files from > /usr/lib/systemd/system/ to /etc/systemd/system/ and editing > them there; or creating a new file in /etc/systemd/system/ > that incorporates the original one via ".include". Drop-in > snippets into these .d/ directories can be placed in any > directory systemd looks for units in, and the usual > overriding semantics between /usr/lib, /etc and /run apply > for them too. > > * Most unit file settings which take lists of items can now be > reset by assigning the empty string to them. For example, > normally, settings such as Environment=FOO=BAR append a new > environment variable assignment to the environment block, > each time they are used. By assigning Environment= the empty > string the environment block can be reset to empty. This is > particularly useful with the .d/*.conf drop-in snippets > mentioned above, since this adds the ability to reset list > settings from vendor unit files via these drop-ins. > > * systemctl gained a new "list-dependencies" command for > listing the dependencies of a unit recursively. > > * Inhibitors are now honored and listed by "systemctl > suspend", "systemctl poweroff" (and similar) too, not only > GNOME. These commands will also list active sessions by > other users. > > * Resource limits (as exposed by the various control group > controllers) can now be controlled dynamically at runtime > for all units. More specifically, you can now use a command > like "systemctl set-cgroup-attr foobar.service cpu.shares > 2000" to alter the CPU shares a specific service gets. These > settings are stored persistently on disk, and thus allow the > administrator to easily adjust the resource usage of > services with a few simple commands. This dynamic resource > management logic is also available to other programs via the > bus. Almost any kernel cgroup attribute and controller is > supported. > > * systemd-vconsole-setup will now copy all font settings to > all allocated VTs, where it previously applied them only to > the foreground VT. > > * libsystemd-login gained the new sd_session_get_tty() API > call. > > * This release drops support for a few legacy or > distribution-specific LSB facility names when parsing init > scripts: $x-display-manager, $mail-transfer-agent, > $mail-transport-agent, $mail-transfer-agent, $smtp, > $null. Also, the mail-transfer-agent.target unit backing > this has been removed. Distributions which want to retain > compatibility with this should carry the burden for > supporting this themselves and patch support for these back > in, if they really need to. Also, the facilities $syslog and > $local_fs are now ignored, since systemd does not support > early-boot LSB init scripts anymore, and these facilities > are implied anyway for normal services. syslog.target has > also been removed. > > * There are new bus calls on PID1's Manager object for > cancelling jobs, and removing snapshot units. Previously, > both calls were only available on the Job and Snapshot > objects themselves. > > * systemd-journal-gatewayd gained SSL support. > > * The various "environment" files, such as /etc/locale.conf > now support continuation lines with a backslash ("\") as > last character in the line, similar in style (but different) > to how this is supported in shells. > > * For normal user processes the _SYSTEMD_USER_UNIT= field is > now implicitly appended to every log entry logged. systemctl > has been updated to filter by this field when operating on a > user systemd instance. > > * nspawn will now implicitly add the CAP_AUDIT_WRITE and > CAP_AUDIT_CONTROL capabilities to the capabilities set for > the container. This makes it easier to boot unmodified > Fedora systems in a container, which however still requires > audit=0 to be passed on the kernel command line. Auditing in > kernel and userspace is unfortunately still too broken in > context of containers, hence we recommend compiling it out > of the kernel or using audit=0. Hopefully this will be fixed > one day for good in the kernel. > > * nspawn gained the new --bind= and --bind-ro= parameters to > bind mount specific directories from the host into the > container. > > * nspawn will now mount its own devpts file system instance > into the container, in order not to leak pty devices from > the host into the container. > > * systemd will now read the firmware boot time performance > information from the EFI variables, if the used boot loader > supports this, and takes it into account for boot performance > analysis via "systemd-analyze". This is currently supported > only in conjunction with Gummiboot, but could be supported > by other boot loaders too. For details see: > > http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface > > * A new generator has been added that automatically mounts the > EFI System Partition (ESP) to /boot, if that directory > exists, is empty, and no other file system has been > configured to be mounted there. > > * logind will now send out PrepareForSleep(false) out > unconditionally, after coming back from suspend. This may be > used by applications as asynchronous notification for > system resume events. > > * "systemctl unlock-sessions" has been added, that allows > unlocking the screens of all user sessions at once, similar > how "systemctl lock-sessions" already locked all users > sessions. This is backed by a new D-Bus call UnlockSessions(). > > * "loginctl seat-status" will now show the master device of a > seat. (i.e. the device of a seat that needs to be around for > the seat to be considered available, usually the graphics > card). > > * tmpfiles gained a new "X" line type, that allows > configuration of files and directories (with wildcards) that > shall be excluded from automatic cleanup ("aging"). > > * udev default rules set the device node permissions now only > at "add" events, and do not change them any longer with a > later "change" event. > > * The log messages for lid events and power/sleep keypresses > now carry a message ID. > > * We now have a substantially larger unit test suite, but this > continues to be work in progress. > > * udevadm hwdb gained a new --root= parameter to change the > root directory to operate relative to. > > * logind will now issue a background sync() request to the kernel > early at shutdown, so that dirty buffers are flushed to disk early > instead of at the last moment, in order to optimize shutdown > times a little. > > * A new bootctl tool has been added that is an interface for > certain boot loader operations. This is currently a preview > and is likely to be extended into a small mechanism daemon > like timedated, localed, hostnamed, and can be used by > graphical UIs to enumerate available boot options, and > request boot into firmware operations. > > * systemd-bootchart has been relicensed to LGPLv2.1+ to match > the rest of the package. It also has been updated to work > correctly in initrds. > > * Policykit previously has been runtime optional, and is now > also compile time optional via a configure switch. > > * systemd-analyze has been reimplemented in C. Also "systemctl > dot" has moved into systemd-analyze. > > * "systemctl status" with no further parameters will now print > the status of all active or failed units. > > * Operations such as "systemctl start" can now be executed > with a new mode "--irreversible" which may be used to queue > operations that cannot accidentally be reversed by a later > job queuing. This is by default used to make shutdown > requests more robust. > > * The Python API of systemd now gained a new module for > reading journal files. > > * A new tool kernel-install has been added that can install > kernel images according to the Boot Loader Specification: > > http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec > > * Boot time console output has been improved to provide > animated boot time output for hanging jobs. > > * A new tool systemd-activate has been added which can be used > to test socket activation with, directly from the command > line. This should make it much easier to test and debug > socket activation in daemons. > > * journalctl gained a new "--reverse" (or -r) option to show > journal output in reverse order (i.e. newest line first). > > * journalctl gained a new "--pager-end" (or -e) option to jump > to immediately jump to the end of the journal in the > pager. This is only supported in conjunction with "less". > > * journalctl gained a new "--user-unit=" option, that works > similar to "--unit=" but filters for user units rather than > system units. > > * A number of unit files to ease adoption of systemd in > initrds has been added. This moves some minimal logic from > the various initrd implementations into systemd proper. > > * The journal files are now owned by a new group > "systemd-journal", which exists specifically to allow access > to the journal, and nothing else. Previously, we used the > "adm" group for that, which however possibly covers more > than just journal/log file access. This new group is now > already used by systemd-journal-gatewayd to ensure this > daemon gets access to the journal files and as little else > as possible. Note that "make install" will also set FS ACLs > up for /var/log/journal to give "adm" and "wheel" read > access to it, in addition to "systemd-journal" which owns > the journal files. We recommend that packaging scripts also > add read access to "adm" + "wheel" to /var/log/journal, and > all existing/future journal files. To normal users and > administrators little changes, however packagers need to > ensure to create the "systemd-journal" system group at > package installation time. > > * The systemd-journal-gatewayd now runs as unprivileged user > systemd-journal-gateway:systemd-journal-gateway. Packaging > scripts need to create these system user/group at > installation time. > > * timedated now exposes a new boolean property CanNTP that > indicates whether a local NTP service is available or not. > > * systemd-detect-virt will now also detect xen PVs > > * The pstore file system is now mounted by default, if it is > available. > > * In addition to the SELinux and IMA policies we will now also > load SMACK policies at early boot. > > Contributions from: Adel Gadllah, Aleksander Morgado, Auke > Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch, > Daniel Wallace, Dave Reisner, David Herrmann, David Strauss, > Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer, > Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering, > Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin > Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael > Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil, > Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor > Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob > Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven > Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom > Gundersen, Umut Tezduyar, William Giokas, Zbigniew > Jędrzejewski-Szmek, Zeeshan Ali (Khattak) > > Lennart > > -- > Lennart Poettering - Red Hat, Inc. > _______________________________________________ > systemd-devel mailing list > systemd-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/systemd-devel With this release, I have a minor issue with shutdown/reboot as a normal user from tty, if the _same_ tty saw a root login and subsequent logout earlier. I _guess_, this is also true for any other user, not only root. So: 1. Power on -> login as a user to tty -> systemctl poweroff works OK. 2. Power on -> login as root to tty; do something; logout -> login as user to same tty -> systemctl poweroff yields :User root is logged in on tty1. :Please retry operation after closing inhibitors and logging out other :users. Alternatively, ignore inhibitors and users with 'systemctl poweroff :-i'. Meanwhile, systemd-inhibit --list says there are 0 inhibitors, ps shows no root shells, and loginctl shows no leftover root sessions. I have all default configs... So what am I missing here? Thanks in advance, -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Attachment:
signature.asc
Description: PGP signature
