update TODO

2025-09-10 22:52:49 +02:00 · 2025-07-09 22:32:18 +02:00
parent 726183627b
commit 733454ae8f
1 changed files with 62 additions and 0 deletions
--- a/62
+++ b/62
@@ -310,6 +310,44 @@ CHANGES WITH 258 in spe:
          SO_PASSPIDFD socket option for AF_UNIX socket. There's also a new
          setting AcceptFileDescriptors= that controls the new SO_PASSRIGHTS.

+        * A new job type "lenient" has been added, that is similar to the
+          existing "fail" job mode, and which will fail the submitted
+          transaction immediately if it would stop any currently running unit.
+
+        * .socket units gained a new pair of settings DeferTrigger= and
+          DeferTriggerMaxSec= which modify triggering behaviour of the
+          socket. When used this will cause the triggered unit to be enqueued
+          with the new "lenient" job mode, and if the submission of the
+          transaction fails it is later retried to be submitted (up to a
+          configurable timeout), whenever a unit is stopped.
+
+        * The "preset" logic has been extended so that there are now three
+          preset directories: one that declares the default enablement state
+          for per-system services run on the host, one for per-user services,
+          and – now new – one for per-system services that are run in the
+          initrd. This reflects the fact that in many cases services that shall
+          be enabled by default on the host should not be enabled by default in
+          the initrd, or vice versa. Note that while the regular per-system
+          preset policy defaults to enabled, the one for the initrd defaults to
+          disabled.
+
+        * There are now new per-service settings
+          StateDirectoryQuota=/StateDirectoryAccounting=,
+          CacheDirectoryQuota=/CacheDirectoryAccounting=,
+          LogsDirectoryQuota=/LogsDirectoryAccounting= which allow doing
+          per-unit quota of the indicated per-unit directories. This is
+          implemented via project quota, as supported by xfs and ext4. This
+          does not support btrfs, currently. If quota accounting is enabled
+          this information is shown in the usual "systemct status" output.
+
+        * The service manager gained a new KillUnitSubgroup() syscall which may
+          be used to send a signal to a sub-control group of the unit's control
+          group. systemctl kill gained a new --kill-subgroup= switch to make
+          this available from the shell.
+
+        * A new PrivateBPF= switch has been added for unit files, which may be
+          used to mount a private bpffs instance for the unit's processes.
+
        systemd-journald & journal-remote:

        * journalctl's --setup-keys command now supports JSON output.
@@ -605,6 +643,10 @@ CHANGES WITH 258 in spe:
          servers. Delegate zones can be configured via drop-ins below
          /etc/systemd/dns-delegate.d/*.dns-delegate.

+        * "resolvectl query -t sshfp" will now decode the returned RR
+          information, and show the cryptographic algorithms by name instead of
+          number.
+
        systemd-hostnamed:

        * The system hardware's serial number may now be read from DeviceTree
@@ -1161,6 +1203,15 @@ CHANGES WITH 258 in spe:
          Hardware IDs" (CHIDs) of the local system. This is useful for
          preparing CHID-to-DeviceTree mappings when building UKIs.

+        * systemd-analyze gained a new "transient-settings" verb, which shows
+          all unit settings one can configure dynamically via the "-p" switch
+          when invoking transient units.
+
+        * systemd-analyze gained a new "unit-shell" verb that invokes an
+          interactive shell inside the processes namespaces of the main process
+          of a specified unit. This is useful for debugging unit sandboxes, and
+          getting an idea how things look like from the "inside" of a service.
+
        * The "package note" specification ELF binaries has been extended to
          cover PE binaries (i.e. UEFI binaries), too.

@@ -1325,6 +1376,17 @@ CHANGES WITH 258 in spe:
          specified binary is immediately invoked, and not delayed until a
          connection comes in.

+        * systemd-ssh-generator will now generate the AF_VSOCK ssh listener
+          .socket unit, so that a tiny new helper "systemd-ssh-issue" is
+          invoked when the socket is bound, that generates a drop-in file
+          /run/issue.d/50-ssh-vsock.issue that is shown by "login" and other
+          subsystems at login time. The file reports the AF_VSOCK CID of the
+          system, along with very brief information how to connect to the
+          system via ssh-over-AF_VSOCK. Or in other words: if the system is
+          booted up in an AF_VSOCK capable VM the console login screen shown
+          once boot-up is complete will tell you how to connect to the system
+          via SSH, if that's available.
+
        — <place>, <date>

 CHANGES WITH 257: