systemd 230->243 in ROSA

gistfile1.txt

231:
KillUserProcesses

When using systemd's default tmp.mount unit for /tmp, the mount point will now be established with the "nosuid" and "nodev" options. This avoids privilege escalation attacks that put traps and exploits into /tmp.

* A new rpm macro %systemd_ordering is provided by the macros.systemd file. It can be used in lieu of %systemd_requires in packages which don't use any systemd functionality and are intended to be installed in minimal containers without systemd present. This macro provides ordering dependencies to ensure that if the package is installed in the same rpm transaction as systemd, systemd will be installed before the scriptlets for the package are executed, allowing unit presets to be handled. New macros %_systemdgeneratordir and %_systemdusergeneratordir have been added to simplify packaging of generators.

* The os-release file gained VERSION_CODENAME field for the distribution nickname (e.g. VERSION_CODENAME=woody).

libsystemd-shared-231.so в отдельный пакет

* configure learned the --with-support-url= option to specify the distribution's bugtracker.

232:
* udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and RestrictAddressFamilies= enabled. These sandboxing options should generally be compatible with the various external udev call-out binaries we are aware of, however there may be exceptions, in particular when exotic languages for these call-outs are used. In this case, consider turning off these settings locally.

Включить nss-systemd

* Two new user session targets have been added to support running graphical sessions under the systemd --user instance: graphical-session.target and graphical-session-pre.target. See systemd.special(7) for a description of how those targets should be used.
// проверить xdg-user-dirs

* The nss-resolve module has been changed to strictly return UNAVAIL when communication via D-Bus with resolved failed, and NOTFOUND when a lookup completed but was negative. This means it is now possible to neatly configure fallbacks using nsswitch.conf result checking expressions. Taking benefit of this, the new recommended configuration line for the "hosts" entry in /etc/nsswitch.conf is: hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

* The PAM configuration fragment file for "user@.service" shipped with systemd (i.e. the --user instance of systemd) has been stripped to the minimum necessary to make the system boot. Previously, it contained Fedora-specific stanzas that did not apply to other distributions. It is expected that downstream distributions add additional configuration lines, matching their needs to this file, using it only as rough template of what systemd itself needs. Note that this reduced fragment does not even include an invocation of pam_limits which most distributions probably want to add, even though systemd itself does not need it. (There's also the new build time option --with-pamconfdir=no to disable installation of the PAM fragment entirely.)


233:
* The default control group setup mode may be selected both a boot-time via a set of kernel command line parameters (specifically: systemd.unified_cgroup_hierarchy= and systemd.legacy_systemd_cgroup_controller=), as well as a compile-time default selected on the configure command line (--with-default-hierarchy=). The upstream default is "hybrid" (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but this will change in a future systemd version to be "unified" (pure cgroups-v2 mode). The third option for the compile time option is "legacy", to enter pure cgroups-v1 mode. We recommend downstream distributions to default to "hybrid" mode for release distributions, starting with v233. We recommend "unified" for development distributions (specifically: distributions such as Fedora's rawhide) as that's where things are headed in the long run. Use "legacy" for greatest stability and compatibility only. * Note one current limitation of "unified" and "hybrid" control group setup modes: the kernel currently does not permit the systemd --user instance (i.e. unprivileged code) to migrate processes between two disconnected cgroup subtrees, even if both are managed and owned by the user. This effectively means "systemd-run --user --scope" doesn't work when invoked from outside of any "systemd --user" service or scope. Specifically, it is not supported from session scopes. We are working on fixing this in a future systemd version. (See #3388 for further details about this.)

* systemd unit tests can now run standalone (without the source or build directories), and can be installed into /usr/lib/systemd/tests/ with 'make install-tests'.
// пакет systemd-tests

* Note that from this version on, CONFIG_CRYPTO_USER_API_HASH, CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the kernel.
// проверить и в явном виде включить/проверять

* Support for the %c, %r, %R specifiers in unit files has been removed. Specifiers are not supposed to be dependent on configuration in the unit file itself (so that they resolve the same regardless where used in the unit files), but these specifiers were influenced by the Slice= option.
// грепнуть в зеркале


Specifically, "systemd.volatile" is used, the root directory will be mounted as tmpfs, and only /usr is mounted from the actual root file system.
// надо еще bin sbin, написать в апстрим

* The "configure" script gained a new option --with-fallback-hostname= for specifying the fallback hostname to use if none is configured in /etc/hostname.

234:

* The code to call libnss_dns as a fallback from libnss_resolve when the communication with systemd-resolved fails was removed. This fallback was redundant and interfered with the [!UNAVAIL=return] suffix. See nss-resolve(8) for the recommended configuration.

systemd-logind may now be restarted without losing state. It stores the file descriptors for devices it manages in the system manager using the FDSTORE= mechanism. Please note that further changes in other components may be required to make use of this (for example Xorg has code to listen for stops of systemd-logind and terminate itself when logind is stopped or restarted, in order to avoid using stale file descriptors for graphical devices, which is now counterproductive and must be reverted in order for restarts of systemd-logind to be safe. See https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)

235:

* INCOMPATIBILITY: systemd-logind.service and other long-running services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP communication with the outside. This generally improves security of the system, and is in almost all cases a safe and good choice, as these services do not and should not provide any network-facing functionality. However, systemd-logind uses the glibc NSS API to query the user database. This creates problems on systems where NSS is set up to directly consult network services for user database lookups. In particular, this creates incompatibilities with the "nss-nis" module, which attempts to directly contact the NIS/YP network servers it is configured for, and will now consistently fail. In such cases, it is possible to turn off IP sandboxing for systemd-logind.service (set IPAddressDeny= in its [Service] section to the empty string, via a .d/ unit file drop-in). Downstream distributions might want to update their nss-nis packaging to include such a drop-in snippet, accordingly, to hide this incompatibility from the user.

When a service sends RELOAD=1 via sd_notify() and reload propagation using ReloadPropagationTo= is configured, a reload is now propagated to configured units. (Previously this was only done on explicitly requested reloads, using "systemctl reload" or an equivalent command.)
// где исп.？

236:

* "DynamicUser=yes" has been enabled for systemd-timesyncd.service, systemd-journal-gatewayd.service and systemd-journal-upload.service. This means "nss-systemd" must be enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these services are resolved properl
//！выключить, проверив, что sysusers создает этих пользователей？и это проверять в %check
Включить в nsswitch.conf 2019.x

* A new document doc/UIDS-GIDS.md has been added to the source tree, that documents the UID/GID range and assignment assumptions and requirements of systemd.

237:

* In previous versions systemd synthesized user records both for the "nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and internally. In order to simplify distribution-wide renames of the "nobody" user (like it is planned in Fedora: nfsnobody → nobody), a new transitional flag file has been added: if /etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534 user and group record within the systemd codebase is disabled.
// есть ли они в setup？

238:

* The MemoryAccounting= unit property now defaults to on. After discussions with the upstream control group maintainers we learnt that the negative impact of cgroup memory accounting on current kernels is finally relatively minimal, so that it should be safe to enable this by default without affecting system performance. Besides memory accounting only task accounting is turned on by default, all other forms of resource accounting (CPU, IO, IP) remain off for now, because it's not clear yet that their impact is small enough to move from opt-in to opt-out. We recommend downstreams to leave memory accounting on by default if kernel 4.14 or higher is primarily used. On very resource constrained systems or when support for old kernels is a necessity, -Dmemory-accounting-default=false can be used to revert this change.
// off in rosa2016.1 only


A transfiletrigger for sysusers.d configuration is now installed, which means that it should be unnecessary to call systemd-sysusers from package installation scripts, unless the package installs any files owned by those newly-created users, in which case %sysusers_create_package should be used.
A transfiletrigger is installed for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles from package installation scripts
// filetrigger for rpm5, upstreamize

* A new -Dsplit-bin= build configuration switch may be used to specify whether bin and sbin directories are merged, or if they should be included separately in $PATH and various listings of executable directories. The build configuration scripts will try to autodetect the proper values of -Dsplit-usr= and -Dsplit-bin= based on build system, but distributions are encouraged to configure this explicitly.

239:
* Note that all long-running system services shipped with systemd will now default to a system call whitelist (rather than a blacklist, as before). In particular, systemd-udevd will now enforce one too. For most cases this should be safe, however downstream distributions which disabled sandboxing of systemd-udevd (specifically the MountFlags= setting), might want to disable this security feature too, as the default whitelisting will prohibit all mount, swap, reboot and clock changing operations from udev rules.
// disable in rosa2016.1

* systemd-resolved.service and systemd-networkd.service now set DynamicUser=yes. The users systemd-resolve and systemd-network are not created by systemd-sysusers anymore. NOTE: This has a chance of breaking nss-ldap and similar NSS modules that embed a network facing module into any process using getpwuid() or related call
// restore allocating those users, drop dynamicuser, check nss ldap configure options

* The resolvectl/systemd-resolve tool also provides 'resolvconf' compatibility. It may be symlinked under the 'resolvconf' name, in which case it will take arguments and input compatible with the Debian and FreeBSD resolvconf tool.

Check systemd-path search-binaries-default

240:

* DynamicUser=yes is dropped from systemd-networkd.service, systemd-resolved.service and systemd-timesyncd.service, which was enabled in v239 for systemd-networkd.service and systemd-resolved.service, and since v236 for systemd-timesyncd.service. The users and groups systemd-network, systemd-resolve and systemd-timesync are created by systemd-sysusers again.

Also, the clock file for systemd-timesyncd may need to move from /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.

* /etc/os-release gained two new standardized fields DOCUMENTATION_URL= and LOGO

* sd-event gained the new APIs sd_event_source_get_floating() and sd_event_source_set_floating() for controlling whether a specific event source is "floating", i.e. destroyed along with the even loop object itself.
// что пересобрать для поддержки этого апи

$DBUS_SESSION_BUS_ADDRESS environment variable is not set by pam_systemd anymore.
// почему? изучить и откатить для 2016.1
В 241 это вернули

241:

The default locale can now be configured at compile time. Otherwise, a suitable default will be selected automatically (one of C.UTF-8, en_US.UTF-8, and C).
// явно задать UTF

A new network device NamePolicy "keep" is implemented for link files, and used by default in 99-default.link (the fallback configuration provided by systemd). With this policy, if the network device name was already set by userspace, the device will not be renamed again. This matches the naming scheme that was implemented before systemd-240. If naming-scheme < 240 is specified, the "keep" policy is also enabled by default, even if not specified. Effectively, this means that if naming-scheme >= 240 is specified, network devices will be renamed according to the configuration, even if they have been renamed already, if "keep" is not specified as the naming policy in the .link file. The 99-default.link file provided by systemd includes "keep" for backwards compatibility, but it is recommended for user installed .link files to *not* include it.
// в 2016.1 сохранить старую схему

* -fPIE is dropped from compiler and linker options. Please specify -Db_pie=true option to meson to build position-independent executables. Note that the meson option is supported since meson-0.49.

* The fs.protected_regular and fs.protected_fifos sysctls, which were added in Linux 4.19 to make some data spoofing attacks harder, are now enabled by default. While this will hopefully improve the security of most installations, it is technically a backwards incompatible change; to disable these sysctls again, place the following lines in /etc/sysctl.d/60-protected.conf or a similar file: fs.protected_regular = 0 fs.protected_fifos = 0 Note that the similar hardlink and symlink protection has been enabled since v199, and may be disabled likewise.
// не трогать, ядер 4.19+ официально не было

242:

* During package installation (with `ninja install`), we would create symlinks for getty@tty1.service, systemd-networkd.service, systemd-networkd.socket, systemd-resolved.service, remote-cryptsetup.target, remote-fs.target, systemd-networkd-wait-online.service, and systemd-timesyncd.service in /etc, as if `systemctl enable` was called for those units, to make the system usable immediately after installation. Now this is not done anymore, and instead calling `systemctl preset-all` is recommended after the first installation of systemd.

243:

libseccomp version (>= 2.4.0)

* On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to 4194304 by default, i.e. the full 22bit range the kernel allows, up from the old 16bit range. This should improve security and robustness, as PID collisions are made less likely (though certainly still possible). There are rumours this might create compatibility problems, though at this moment no practical ones are known to us. Downstream distributions are hence advised to undo this change in their builds if they are concerned about maximum compatibility, but for everybody else we recommend leaving the value bumped. Besides improving security and robustness this should also simplify things as the maximum number of allowed concurrent tasks was previously bounded by both "kernel.pid_max" and "kernel.threads-max" and now effectively only a single knob is left ("kernel.threads-max"). There have been concerns that usability is affected by this change because larger PID numbers are harder to type, but we believe the change from 5 digits to 7 digits doesn't hamper usability.
// откатить в 2016.1

* systemd now defaults to the "unified" cgroup hierarchy setup during build-time, i.e. -Ddefault-hierarchy=unified is now the build-time default. Previously, -Ddefault-hierarchy=hybrid was the default. This change reflects the fact that cgroupsv2 support has matured substantially in both systemd and in the kernel, and is clearly the way forward. Downstream production distributions might want to continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for their builds as unfortunately the popular container managers have not caught up with the kernel API changes.

* libidn2 is used by default if both libidn2 and libidn are installed. Please use -Dlibidn=true if libidn is preferred.

* systemd-resolved "Cache=" configuration option in resolved.conf has been extended to also accept the 'no-negative' value. Previously, only a boolean option was allowed (yes/no), having yes as the default. If this option is set to 'no-negative', negative answers are not cached while the old cache heuristics are used positive answers. The default remains unchanged. * The predictable naming scheme for network devices now supports generating predictable names for "netdevsim" devices. Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD udev property. Those two changes form a new net.naming-policy-scheme= entry. Distributions which want to preserve naming stability may want to set the -Ddefault-net-naming-scheme= configuration option

#----------------------------
Посмотреть компоты в git после v243

10-imx.rules: fbX

listen.conf
https://abf.io/import/systemd/commit/90985ec50b3266007709b249a99566291d269451

-- 
Простите за краткость, создано в K-9 Mail.