NEWS: add some notes for v243

Let's get this ball rolling.

1 files changed, 190 insertions, 13 deletions

diff --git a/NEWS b/NEWS
index a7a2574762..f476c853cd 100644
--- a/NEWS
+++ b/NEWS
@@ -35,14 +35,18 @@ CHANGES WITH 243 in spe:
           are harder to type, but we believe the change from 5 digit PIDs to 7
           digit PIDs is not too hampering for usability.
 
-        * MemoryLow and MemoryMin gained hierarchy-aware counterparts,
-          DefaultMemoryLow and DefaultMemoryMin, which can be used to
+        * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
+          DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
           hierarchically set default memory protection values for a particular
           subtree of the unit hierarchy.
 
         * Memory protection directives can now take a value of zero, allowing
           explicit opting out of a default value propagated by an ancestor.
 
+        * A new setting DisableControllers= has been added that may be used to
+          explicitly disable one or more cgroups controllers for a unit and all
+          its children.
+
         * systemd now defaults to the "unified" cgroup hierarchy setup during
           build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
           default. Previously, -Ddefault-hierarchy=hybrid was the default. This
@@ -73,23 +77,23 @@ CHANGES WITH 243 in spe:
         * libidn2 is used by default if both libidn2 and libidn are installed.
           Please use -Dlibidn=true when libidn is favorable.
 
-        * The D-Bus "wire format" for CPUAffinity attribute is changed on
+        * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
           big-endian machines. Before, bytes were written and read in native
           machine order as exposed by the native libc __cpu_mask interface.
           Now, little-endian order is always used (CPUs 0–7 are described by
           bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
           This change fixes D-Bus calls that cross endianness boundary.
 
-          The presentation format used for CPUAffinity by systemctl show and
-          systemd-analyze dump is changed to present CPU indices instead of the
-          raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be shown
-          as CPUAffinity=03000000000000000000000000000… (on little-endian) or
-          CPUAffinity=00000000000000300000000000000… (on 64-bit big-endian),
-          and is now shown as CPUAffinity=0-1, matching the input format. The
-          maximum integer that will be printed in new format is 8191 (four
-          digits), while the old format always used a very long number (with
-          the length varying by architecture), so they can be unambiguously
-          distinguished.
+          The presentation format used for CPUAffinity= by "systemctl show" and
+          "systemd-analyze dump" is changed to present CPU indices instead of
+          the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
+          shown as CPUAffinity=03000000000000000000000000000… (on
+          little-endian) or CPUAffinity=00000000000000300000000000000… (on
+          64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
+          input format. The maximum integer that will be printed in the new
+          format is 8191 (four digits), while the old format always used a very
+          long number (with the length varying by architecture), so they can be
+          unambiguously distinguished.
 
         * /usr/sbin/halt.local is no longer supported. Implementation in
           distributions was inconsistent and it seems this functionality was
@@ -113,6 +117,179 @@ CHANGES WITH 243 in spe:
           overridden on per-service basis. Related setting NUMAMask= is used to
           specify NUMA node mask that should be associated with the selected
           policy.
+
+        * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
+          generates when processes it manages a reaching their memory limits,
+          and will place their units in a special state, and optionally kill or
+          stop the whole unit.
+
+        * The service manager will now expose bus properties for the IO
+          resources used by units. This information is also shown in "systemctl
+          status" now (for services that have IOAccounting=yes set). Moreover,
+          the IO accounting data is included in the resource log message
+          generated whenever a unit stops.
+
+        * units may now configure an explicit time-out to apply to when killed
+          with SIGABRT, for example when a service watchdog is hit. Previously,
+          the regular TimeoutStopSec= time-out was applied in this case too —
+          now a separate time-out may be set using TimeoutAbortSec=.
+
+        * Services may now send a special WATCHDOG=trigger message with
+          sd_notify() to trigger an immediate "watchdog missed" event, and thus
+          request service take down. This is useful both for testing watchdog
+          handling, but also for defining error paths in services, that shall
+          be handled the same way as watchdog events.
+
+        * There are two new per-unit settings IPIngressFilterPath= and
+          IPEgressFilterPath= which allow configuration of a BPF program
+          (usually by specifying a path to a program uploaded to /sys/fs/bpf/)
+          to apply to the IP packet ingress/egress path of all processes of a
+          unit. This is useful to allow running systemd services with BPF
+          programs set up externally.
+
+        * systemctl gained a new "clean" verb for removing the state, cache,
+          runtime or logs directories of a service while it is terminated. The
+          new verb may also be used to remove the state maintained on disk for
+          timer units that have Persistent= configured.
+
+        * During the last phase of shutdown systemd will now automatically
+          increase the log level configured in the "kernel.printk" sysctl so
+          that any relevant loggable events happening during late shutdown are
+          made visible. Previously, loggable events happening so late during
+          shutdown were generally lost if the "kernel.printk" sysctl was set to
+          high thresholds, as regular logging daemons are terminated at that
+          time and thus nothing is written to disk.
+
+        * If processes terminated during the last phase of shutdown do not exit
+          quickly systemd will now show their names after a short time, to make
+          debugging easier. After a longer time-out they are forcibly killed,
+          as before.
+
+        * journalctl (and the other tools that display logs) will now highlight
+          warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
+          shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
+          are now shown in blue color, to separate them visually from regular
+          logs. References to configuration files are now turned into clickable
+          links on terminals that support that.
+
+        * systemd-journald will now stop logging to /var/log/journal during
+          shutdown when /var/ is on a separate mount, so that it can be
+          unmounted safely during shutdown.
+
+        * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
+
+        * The predictable naming scheme for network devices now supports
+          generating predictable names for "netdevsim" devices.
+
+        * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
+          interfaces natively.
+
+        * systemd-networkd's bridge FDB support now allows configuration of a
+          destination address for each entry (Destination=), as well as the
+          VXLAN VNI (VNI=), as well as an option to declare what an entry is
+          associated with (AssociatedWith=).
+
+        * systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
+          option for configuring the maximum number of attempts to request a
+          DHCP lease. It also learnt a new BlackList= option for blacklisting
+          DHCP servers (a similar setting has also been added to the IPv6 RA
+          client), as well as a SendRelease= option for configuring whether to
+          send a DHCP RELEASE message when terminating.
+
+        * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
+          seperately in the [DHCPv4] and [DHCPv6] sections.
+
+        * systemd-networkd's VXLAN support gained a new option
+          GenericProtocolExtension= for enabling XVLAN Generic Protocol
+          Extension support, as well as IPDoNotFragment= for setting the IP
+          "Don't fragment" bit on outgoing packets. A similar option has been
+          added to the GENEVE support.
+
+        * In systemd-networkd's [Route] section you may now configure
+          FastOpenNoCookie= for configuring per-route TCP fast-open support, as
+          well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
+          propagation. The Type= setting now supports local, broadcast,
+          anycast, multicast, any, xresolve routes, too.
+
+        * systemd-networkd's [Network] section learnt a new option
+          DefaultRouteOnDevice= for automatically configuring a default route
+          onto the network device.
+
+        * systemd-networkd's bridging support gained two new options ProxyARP=
+          and ProxyARPWifi= for configuring proxy ARP behaviour as well as
+          MulticastRouter= for configureing multicast routing behaviour.
+
+        * systemd-networkd's FooOverUDP support gained the ability to configure
+          local and peer IP addresses via Local= and Peer=. A new option
+          PeerPort= may be used to configure the peer's IP port.
+
+        * systemd-networkd's TUN support gained a new setting VnetHeader= for
+          tweaking Generic Segment Offload support.
+
+        * networkctl gained a new "delete" command for removing virtual network
+          devices, as well as a new "--stats" switch for showing device
+          statistics.
+
+        * systemd-networkd's .network and .link files gained a new Property=
+          setting in the [Match] section, to match against devices with
+          specific udev properties.
+
+        * systemd-networkd's tunnel support gained a new option
+          AssignToLoopback= for selecting whether to use the loopback device
+          "lo" as underlying device.
+
+        * systemd-networkd's MACAddress= setting in the [Network] section has
+          been renamed to LinkLayerAddress=, and it now allows configuration of
+          IP addresses, too.
+
+        * The CriticalConnection= setting in .network files is now deprecated,
+          and replaced by a new KeepConfiguration= setting which allows more
+          detailed configuration of the IP configuration to keep in place.
+
+        * systemd-analyze gained a new "timestamp" verb for parsing and
+          converting timestamps. It's similar to the existing "systemd-analyze
+          calendar" command which does the same for recurring calendar
+          events. It also gained a new "condition" verb for parsing and testing
+          ConditionXYZ= expressions.
+
+        * systemd-logind now exposes a per-session SetBrightness() bus call,
+          which may be used to securely change the brightness of a kernel
+          brightness device, if it belongs to the session's seat. By using this
+          call unprivileged clients can make changes to "backlight" and "leds"
+          devices securely with strict requirements on session
+          membership. Desktop environments may use this to generically make
+          brightness changes to such devices without shipping private SUID
+          binaries for that purpose.
+
+        * "udevadm info" gained a --wait-for-initialization switch to wait for
+          a device to be initialized.
+
+        * systemd-hibernate-resume-generator will now look for resumeflags= on
+          the kernel command line, which is similar to rootflags= and may be
+          used to configure device timeouts for waiting for the hibernation
+          device to show up.
+
+        * sd-event learnt a new API call sd_event_source_disable_unref() for
+          disabling and unref'ing an event source in a single function. A
+          related call sd_event_source_disable_unrefp() has been added for use
+          with GCC's cleanup extension.
+
+        * The sd-id128.h public API gained a new definition
+          SD_ID128_UUID_FORMAT_STR for formatting a 128bit ID in UUID format
+          with printf().
+
+        * "busctl introspect" gained a new switch --xml-interface for dumping
+          XML introspection data unmodified.
+
+        * PID 1 may now show the unit name instead of the unit description
+          string in its status output during boot. This may be configured in
+          the StatusUnitFormat= setting in /etc/systemd/system.conf or the
+          kernel command line option systemd.status_unit_format=.
+
+        * The systemd.debug_shell kernel command line option now optionally
+          takes a tty name to spawn the debug shell on, which allows selecting
+          a different tty than the built-in default.
+
           …
 
 CHANGES WITH 242: