summaryrefslogtreecommitdiffstats
path: root/NEWS
blob: da81fe3c5d13259b176b0640e1e70146b3781ca8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
8991
8992
8993
8994
8995
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
11569
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
11605
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
11634
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
11660
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
11686
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
11742
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
11777
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
11804
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
11834
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
11871
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
11890
11891
11892
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
11922
11923
11924
11925
11926
11927
11928
11929
11930
11931
11932
11933
11934
11935
11936
11937
11938
11939
11940
11941
11942
11943
11944
11945
11946
11947
11948
11949
11950
11951
11952
11953
11954
11955
11956
11957
11958
11959
11960
11961
11962
11963
11964
11965
11966
11967
11968
11969
11970
11971
11972
11973
11974
11975
11976
11977
11978
11979
11980
11981
11982
11983
11984
11985
11986
11987
11988
11989
11990
11991
11992
11993
11994
11995
11996
11997
11998
11999
12000
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
14001
14002
14003
14004
14005
14006
14007
14008
14009
14010
14011
14012
14013
14014
14015
14016
14017
14018
14019
14020
14021
14022
14023
14024
14025
14026
14027
14028
14029
14030
14031
14032
14033
14034
14035
14036
14037
14038
14039
14040
14041
14042
14043
14044
14045
14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
14097
14098
14099
14100
14101
14102
14103
14104
14105
14106
14107
14108
14109
14110
14111
14112
14113
14114
14115
14116
14117
14118
14119
14120
14121
14122
14123
14124
14125
14126
14127
14128
14129
14130
14131
14132
14133
14134
14135
14136
14137
14138
14139
14140
14141
14142
14143
14144
14145
14146
14147
14148
14149
14150
14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
14164
14165
14166
14167
14168
14169
14170
14171
14172
14173
14174
14175
14176
14177
14178
14179
14180
14181
14182
14183
14184
14185
14186
14187
14188
14189
14190
14191
14192
14193
14194
14195
14196
14197
14198
14199
14200
14201
14202
14203
14204
14205
14206
14207
14208
14209
14210
14211
14212
14213
14214
14215
14216
14217
14218
14219
14220
14221
14222
14223
14224
14225
14226
14227
14228
14229
14230
14231
14232
14233
14234
14235
14236
14237
14238
14239
14240
14241
14242
14243
14244
14245
14246
14247
14248
14249
14250
14251
14252
14253
14254
14255
14256
14257
14258
14259
14260
14261
14262
14263
14264
14265
14266
14267
14268
14269
14270
14271
14272
14273
14274
14275
14276
14277
14278
14279
14280
14281
14282
14283
14284
14285
14286
14287
14288
14289
14290
14291
14292
14293
14294
14295
14296
14297
14298
14299
14300
14301
14302
14303
14304
14305
14306
14307
14308
14309
14310
14311
14312
14313
14314
14315
14316
14317
14318
14319
14320
14321
14322
14323
14324
14325
14326
14327
14328
14329
14330
14331
14332
14333
14334
14335
14336
14337
14338
14339
14340
14341
14342
14343
14344
14345
14346
14347
14348
14349
14350
14351
14352
14353
14354
14355
14356
14357
14358
14359
14360
14361
14362
14363
14364
14365
14366
14367
14368
14369
14370
14371
14372
14373
14374
14375
14376
14377
14378
14379
14380
14381
14382
14383
14384
14385
14386
14387
14388
14389
14390
14391
14392
14393
14394
14395
14396
14397
14398
14399
14400
14401
14402
14403
14404
14405
14406
14407
14408
14409
14410
14411
14412
14413
14414
14415
14416
14417
14418
14419
14420
14421
14422
14423
14424
14425
14426
14427
14428
14429
14430
14431
14432
14433
14434
14435
14436
14437
14438
14439
14440
14441
14442
14443
14444
14445
14446
14447
14448
14449
14450
14451
14452
14453
14454
14455
14456
14457
14458
14459
14460
14461
14462
14463
14464
14465
14466
14467
14468
14469
14470
14471
14472
14473
14474
14475
14476
14477
14478
14479
14480
14481
14482
14483
14484
14485
14486
14487
14488
14489
14490
14491
14492
14493
14494
14495
14496
14497
14498
14499
14500
14501
14502
14503
14504
14505
14506
14507
14508
14509
14510
14511
14512
14513
14514
14515
14516
14517
14518
14519
14520
14521
14522
14523
14524
14525
14526
14527
14528
14529
14530
14531
14532
14533
14534
14535
14536
14537
14538
14539
14540
14541
14542
14543
14544
14545
14546
14547
14548
14549
14550
14551
14552
14553
14554
14555
14556
14557
14558
14559
14560
14561
14562
14563
14564
14565
14566
14567
14568
14569
14570
14571
14572
14573
14574
14575
14576
14577
14578
14579
14580
14581
14582
14583
14584
14585
14586
14587
14588
14589
14590
14591
14592
14593
14594
14595
14596
14597
14598
14599
14600
14601
14602
14603
14604
14605
14606
14607
14608
14609
14610
14611
14612
14613
14614
14615
14616
14617
14618
14619
14620
14621
14622
14623
14624
14625
14626
14627
14628
14629
14630
14631
14632
14633
14634
14635
14636
14637
14638
14639
14640
14641
14642
14643
14644
14645
14646
14647
14648
14649
14650
14651
14652
14653
14654
14655
14656
14657
14658
14659
14660
14661
14662
14663
14664
14665
14666
14667
14668
14669
14670
14671
14672
14673
14674
14675
14676
14677
14678
14679
14680
14681
14682
14683
14684
14685
14686
14687
14688
14689
14690
14691
14692
14693
14694
14695
14696
14697
14698
14699
14700
14701
14702
14703
14704
14705
14706
14707
14708
14709
14710
14711
14712
14713
14714
14715
14716
14717
14718
14719
14720
14721
14722
14723
14724
14725
14726
14727
14728
14729
14730
14731
14732
14733
14734
14735
14736
14737
14738
14739
14740
14741
14742
14743
14744
14745
14746
14747
14748
14749
14750
14751
14752
14753
14754
14755
14756
14757
14758
14759
14760
14761
14762
14763
14764
14765
14766
14767
14768
14769
14770
14771
14772
14773
14774
14775
14776
14777
14778
14779
14780
14781
14782
14783
14784
14785
14786
14787
14788
14789
14790
14791
14792
14793
14794
14795
14796
14797
14798
14799
14800
14801
14802
14803
14804
14805
14806
14807
14808
14809
14810
14811
14812
14813
14814
14815
14816
14817
14818
14819
14820
14821
14822
14823
14824
14825
14826
14827
14828
14829
14830
14831
14832
14833
14834
14835
14836
14837
14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
14853
14854
14855
14856
14857
14858
14859
14860
14861
14862
14863
14864
14865
14866
14867
14868
14869
14870
14871
14872
14873
14874
14875
14876
14877
14878
14879
14880
14881
14882
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909
14910
14911
14912
14913
14914
14915
14916
14917
14918
14919
14920
14921
14922
14923
14924
14925
14926
14927
14928
14929
14930
14931
14932
14933
14934
14935
14936
14937
14938
14939
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
14955
14956
14957
14958
14959
14960
14961
14962
14963
14964
14965
14966
14967
14968
14969
14970
14971
14972
14973
14974
14975
14976
14977
14978
14979
14980
14981
14982
14983
14984
14985
14986
14987
14988
14989
14990
14991
14992
14993
14994
14995
14996
14997
14998
14999
15000
15001
15002
15003
15004
15005
15006
15007
15008
15009
15010
15011
15012
15013
15014
15015
15016
15017
15018
15019
15020
15021
15022
15023
15024
15025
15026
15027
15028
15029
15030
15031
15032
15033
15034
15035
15036
15037
15038
15039
15040
15041
15042
15043
15044
15045
15046
15047
15048
15049
15050
15051
15052
15053
15054
15055
15056
15057
15058
15059
15060
15061
15062
15063
15064
15065
15066
15067
15068
15069
15070
15071
15072
15073
15074
15075
15076
15077
15078
15079
15080
15081
15082
15083
15084
15085
15086
15087
15088
15089
15090
15091
15092
15093
15094
15095
15096
15097
15098
15099
15100
15101
15102
15103
15104
15105
15106
15107
15108
15109
15110
15111
15112
15113
15114
15115
15116
15117
15118
15119
15120
15121
15122
15123
15124
15125
15126
15127
15128
15129
15130
15131
15132
15133
15134
15135
15136
15137
15138
15139
15140
15141
15142
15143
15144
15145
15146
15147
15148
15149
15150
15151
15152
15153
15154
15155
15156
15157
15158
15159
15160
15161
15162
15163
15164
15165
15166
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187
15188
15189
15190
15191
15192
15193
15194
15195
15196
15197
15198
15199
15200
15201
15202
15203
15204
15205
15206
15207
15208
15209
15210
15211
15212
15213
15214
15215
15216
15217
15218
15219
15220
15221
15222
15223
15224
15225
15226
15227
15228
15229
15230
15231
15232
15233
15234
15235
15236
15237
15238
15239
15240
15241
15242
15243
15244
15245
15246
15247
15248
15249
15250
15251
15252
15253
15254
15255
15256
15257
15258
15259
15260
15261
15262
15263
15264
15265
15266
15267
15268
15269
15270
15271
15272
15273
15274
15275
15276
15277
15278
15279
15280
15281
15282
15283
15284
15285
15286
15287
15288
15289
15290
15291
15292
15293
15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
15309
15310
15311
15312
15313
15314
15315
15316
15317
15318
15319
15320
15321
15322
15323
15324
15325
15326
15327
15328
15329
15330
15331
15332
15333
15334
15335
15336
15337
15338
15339
15340
15341
15342
15343
15344
15345
15346
15347
15348
15349
15350
15351
15352
15353
15354
15355
15356
15357
15358
15359
15360
15361
15362
15363
15364
15365
15366
15367
15368
15369
15370
15371
15372
15373
15374
15375
15376
15377
15378
15379
15380
15381
15382
15383
15384
15385
15386
15387
15388
15389
15390
15391
15392
15393
15394
15395
15396
15397
15398
15399
15400
15401
15402
15403
15404
15405
15406
15407
15408
15409
15410
15411
15412
15413
15414
15415
15416
15417
15418
15419
15420
15421
15422
15423
15424
15425
15426
15427
15428
15429
15430
15431
15432
15433
15434
15435
15436
15437
15438
15439
15440
15441
15442
15443
15444
15445
15446
15447
15448
15449
15450
15451
15452
15453
15454
15455
15456
15457
15458
15459
15460
15461
15462
15463
15464
15465
15466
15467
15468
15469
15470
15471
15472
15473
15474
15475
15476
15477
15478
15479
15480
15481
15482
15483
15484
15485
15486
15487
15488
15489
15490
15491
15492
15493
15494
15495
15496
15497
15498
15499
15500
15501
15502
15503
15504
15505
15506
15507
15508
15509
15510
15511
15512
15513
15514
15515
15516
15517
15518
15519
15520
15521
15522
15523
15524
15525
15526
15527
15528
15529
15530
15531
15532
15533
15534
15535
15536
15537
15538
15539
15540
15541
15542
15543
15544
15545
15546
15547
15548
15549
15550
15551
15552
15553
15554
15555
15556
15557
15558
15559
15560
15561
15562
15563
15564
15565
15566
15567
15568
15569
15570
15571
15572
15573
15574
15575
15576
15577
15578
15579
15580
15581
15582
15583
15584
15585
15586
15587
15588
15589
15590
15591
15592
15593
15594
15595
15596
15597
15598
15599
15600
15601
15602
15603
15604
15605
15606
15607
15608
15609
15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
15636
15637
15638
15639
15640
15641
15642
15643
15644
15645
15646
15647
15648
15649
15650
15651
15652
15653
15654
15655
15656
15657
15658
15659
15660
15661
15662
15663
15664
15665
15666
15667
15668
15669
15670
15671
15672
15673
15674
15675
15676
15677
15678
15679
15680
15681
15682
15683
15684
15685
15686
15687
15688
15689
15690
15691
15692
15693
15694
15695
15696
15697
15698
15699
15700
15701
15702
15703
15704
15705
15706
15707
15708
15709
15710
15711
15712
15713
15714
15715
15716
15717
15718
15719
15720
15721
15722
15723
15724
15725
15726
15727
15728
15729
15730
15731
15732
15733
15734
15735
15736
15737
15738
15739
15740
15741
15742
15743
15744
15745
15746
15747
15748
15749
15750
15751
15752
15753
15754
15755
15756
15757
15758
15759
15760
15761
15762
15763
15764
15765
15766
15767
15768
15769
15770
15771
15772
15773
15774
15775
15776
15777
15778
15779
15780
15781
15782
15783
15784
15785
15786
15787
15788
15789
15790
15791
15792
15793
15794
15795
15796
15797
15798
15799
15800
15801
15802
15803
15804
15805
15806
15807
15808
15809
15810
15811
15812
15813
15814
15815
15816
15817
15818
15819
15820
15821
15822
15823
15824
15825
15826
15827
15828
15829
15830
15831
15832
15833
15834
15835
15836
15837
15838
15839
15840
15841
15842
15843
15844
15845
15846
15847
15848
15849
15850
15851
15852
15853
15854
15855
15856
15857
15858
15859
15860
15861
15862
15863
15864
15865
15866
15867
15868
15869
15870
15871
15872
15873
15874
15875
15876
15877
15878
15879
15880
15881
15882
15883
15884
15885
15886
15887
15888
15889
15890
15891
15892
15893
15894
15895
15896
15897
15898
15899
15900
15901
15902
15903
15904
15905
15906
15907
15908
15909
15910
15911
15912
15913
15914
15915
15916
15917
15918
15919
15920
15921
15922
15923
15924
15925
15926
15927
15928
15929
15930
15931
15932
15933
15934
15935
15936
15937
15938
15939
15940
15941
15942
15943
15944
15945
15946
15947
15948
15949
15950
15951
15952
15953
15954
15955
15956
15957
15958
15959
15960
15961
15962
15963
15964
15965
15966
15967
15968
15969
15970
15971
15972
15973
15974
15975
15976
15977
15978
15979
15980
15981
15982
15983
15984
15985
15986
15987
15988
15989
15990
15991
15992
15993
15994
15995
15996
15997
15998
15999
16000
16001
16002
16003
16004
16005
16006
16007
16008
16009
16010
16011
16012
16013
16014
16015
16016
16017
16018
16019
16020
16021
16022
16023
16024
16025
16026
16027
16028
16029
16030
16031
16032
16033
16034
16035
16036
16037
16038
16039
16040
16041
16042
16043
16044
16045
16046
16047
16048
16049
16050
16051
16052
16053
16054
16055
16056
16057
16058
16059
16060
16061
16062
16063
16064
16065
16066
16067
16068
16069
16070
16071
16072
16073
16074
16075
16076
16077
16078
16079
16080
16081
16082
16083
16084
16085
16086
16087
16088
16089
16090
16091
16092
16093
16094
16095
16096
16097
16098
16099
16100
16101
16102
16103
16104
16105
16106
16107
16108
16109
16110
16111
16112
16113
16114
16115
16116
16117
16118
16119
16120
16121
16122
16123
16124
16125
16126
16127
16128
16129
16130
16131
16132
16133
16134
16135
16136
16137
16138
16139
16140
16141
16142
16143
16144
16145
16146
16147
16148
16149
16150
16151
16152
16153
16154
16155
16156
16157
16158
16159
16160
16161
16162
16163
16164
16165
16166
16167
16168
16169
16170
16171
16172
16173
16174
16175
16176
16177
16178
16179
16180
16181
16182
16183
16184
16185
16186
16187
16188
16189
16190
16191
16192
16193
16194
16195
16196
16197
16198
16199
16200
16201
16202
16203
16204
16205
16206
16207
16208
16209
16210
16211
16212
16213
16214
16215
16216
16217
16218
16219
16220
16221
16222
16223
16224
16225
16226
16227
16228
16229
16230
16231
16232
16233
16234
16235
16236
16237
16238
16239
16240
16241
16242
16243
16244
16245
16246
16247
16248
16249
16250
16251
16252
16253
16254
16255
16256
16257
16258
16259
16260
16261
16262
16263
16264
16265
16266
16267
16268
16269
16270
16271
16272
16273
16274
16275
16276
16277
16278
16279
16280
16281
16282
16283
16284
16285
16286
16287
16288
16289
16290
16291
16292
16293
16294
16295
16296
16297
16298
16299
16300
16301
16302
16303
16304
16305
16306
16307
16308
16309
16310
16311
16312
16313
16314
16315
16316
16317
16318
16319
16320
16321
16322
16323
16324
16325
16326
16327
16328
16329
16330
16331
16332
16333
16334
16335
16336
16337
16338
16339
16340
16341
16342
16343
16344
16345
16346
16347
16348
16349
16350
16351
16352
16353
16354
16355
16356
16357
16358
16359
16360
16361
16362
16363
16364
16365
16366
16367
16368
16369
16370
16371
16372
16373
16374
16375
16376
16377
16378
16379
16380
16381
16382
16383
16384
16385
16386
16387
16388
16389
16390
16391
16392
16393
16394
16395
16396
16397
16398
16399
16400
16401
16402
16403
16404
16405
16406
16407
16408
16409
16410
16411
16412
16413
16414
16415
16416
16417
16418
16419
16420
16421
16422
16423
16424
16425
16426
16427
16428
16429
16430
16431
16432
16433
16434
16435
16436
16437
16438
16439
16440
16441
16442
16443
16444
16445
16446
16447
16448
16449
16450
16451
16452
16453
16454
16455
16456
16457
16458
16459
16460
16461
16462
16463
16464
16465
16466
16467
16468
16469
16470
16471
16472
16473
16474
16475
16476
16477
16478
16479
16480
16481
16482
16483
16484
16485
16486
16487
16488
16489
16490
16491
16492
16493
16494
16495
16496
16497
16498
16499
16500
16501
16502
16503
16504
16505
16506
16507
16508
16509
16510
16511
16512
16513
16514
16515
16516
16517
16518
16519
16520
16521
16522
16523
16524
16525
16526
16527
16528
16529
16530
16531
16532
16533
16534
16535
16536
16537
16538
16539
16540
16541
16542
16543
16544
16545
16546
16547
16548
16549
16550
16551
16552
16553
16554
16555
16556
16557
16558
16559
16560
16561
16562
16563
16564
16565
16566
16567
16568
16569
16570
16571
16572
16573
16574
16575
16576
16577
16578
16579
16580
16581
16582
16583
16584
16585
16586
16587
16588
16589
16590
16591
16592
16593
16594
16595
16596
16597
16598
16599
16600
16601
16602
16603
16604
16605
16606
16607
16608
16609
16610
16611
16612
16613
16614
16615
16616
16617
16618
16619
16620
16621
16622
16623
16624
16625
16626
16627
16628
16629
16630
16631
16632
16633
16634
16635
16636
16637
16638
16639
16640
16641
16642
16643
16644
16645
16646
16647
16648
16649
16650
16651
16652
16653
16654
16655
16656
16657
16658
16659
16660
16661
16662
16663
16664
16665
16666
16667
16668
16669
16670
16671
16672
16673
16674
16675
16676
16677
16678
16679
16680
16681
16682
16683
16684
16685
16686
16687
16688
16689
16690
16691
16692
16693
16694
16695
16696
16697
16698
16699
16700
16701
16702
16703
16704
16705
16706
16707
16708
16709
16710
16711
16712
16713
16714
16715
16716
16717
16718
16719
16720
16721
16722
16723
16724
16725
16726
16727
16728
16729
16730
16731
16732
16733
16734
16735
16736
16737
16738
16739
16740
16741
16742
16743
16744
16745
16746
16747
16748
16749
16750
16751
16752
16753
16754
16755
16756
16757
16758
16759
16760
16761
16762
16763
16764
16765
16766
16767
16768
16769
16770
16771
16772
16773
16774
16775
16776
16777
16778
16779
16780
16781
16782
16783
16784
16785
16786
16787
16788
16789
16790
16791
16792
16793
16794
16795
16796
16797
16798
16799
16800
16801
16802
16803
16804
16805
16806
16807
16808
16809
16810
16811
16812
16813
16814
16815
16816
16817
16818
16819
16820
16821
16822
16823
16824
16825
16826
16827
16828
16829
16830
16831
16832
16833
16834
16835
16836
16837
16838
16839
16840
16841
16842
16843
16844
16845
16846
16847
16848
16849
16850
16851
16852
16853
16854
16855
16856
16857
16858
16859
16860
16861
16862
16863
16864
16865
16866
16867
16868
16869
16870
16871
16872
16873
16874
16875
16876
16877
16878
16879
16880
16881
16882
16883
16884
16885
16886
16887
16888
16889
16890
16891
16892
16893
16894
16895
16896
16897
16898
16899
16900
16901
16902
16903
16904
16905
16906
16907
16908
16909
16910
16911
16912
16913
16914
16915
16916
16917
16918
16919
16920
16921
16922
16923
16924
16925
16926
16927
16928
16929
16930
16931
16932
16933
16934
16935
16936
16937
16938
16939
16940
16941
16942
16943
16944
16945
16946
16947
16948
16949
16950
16951
16952
16953
16954
16955
16956
16957
16958
16959
16960
16961
16962
16963
16964
16965
16966
16967
16968
16969
16970
16971
16972
16973
16974
16975
16976
16977
16978
16979
16980
16981
16982
16983
16984
16985
16986
16987
16988
16989
16990
16991
16992
16993
16994
16995
16996
16997
16998
16999
17000
17001
17002
17003
17004
17005
17006
17007
17008
17009
17010
17011
17012
17013
17014
17015
17016
17017
17018
17019
17020
17021
17022
17023
17024
17025
17026
17027
17028
17029
17030
17031
17032
17033
17034
17035
17036
17037
17038
17039
17040
17041
17042
17043
17044
17045
17046
17047
17048
17049
17050
17051
17052
17053
17054
17055
17056
17057
17058
17059
17060
17061
17062
17063
17064
17065
17066
17067
17068
17069
17070
17071
17072
17073
17074
17075
17076
17077
17078
17079
17080
17081
17082
17083
17084
17085
17086
17087
17088
17089
17090
17091
17092
17093
17094
17095
17096
17097
17098
17099
17100
17101
17102
17103
17104
17105
17106
17107
17108
17109
17110
17111
17112
17113
17114
17115
17116
17117
17118
17119
17120
17121
17122
17123
17124
17125
17126
17127
17128
17129
17130
17131
17132
17133
17134
17135
17136
17137
17138
17139
17140
17141
17142
17143
17144
17145
17146
17147
17148
17149
17150
17151
17152
17153
17154
17155
17156
17157
17158
17159
17160
17161
17162
17163
17164
17165
17166
17167
17168
17169
17170
17171
17172
17173
17174
17175
17176
17177
17178
17179
17180
17181
17182
17183
17184
17185
17186
17187
17188
17189
17190
17191
17192
17193
17194
17195
17196
17197
17198
17199
17200
17201
17202
17203
17204
17205
17206
17207
17208
17209
17210
17211
17212
17213
17214
17215
17216
17217
17218
17219
17220
17221
17222
17223
17224
17225
17226
17227
17228
17229
17230
17231
17232
17233
17234
17235
17236
17237
17238
17239
17240
17241
17242
17243
17244
17245
17246
17247
17248
17249
17250
17251
17252
17253
17254
17255
17256
17257
17258
17259
17260
17261
17262
17263
17264
17265
17266
17267
17268
17269
17270
17271
17272
17273
17274
17275
17276
17277
17278
17279
17280
17281
17282
17283
17284
17285
17286
17287
17288
17289
17290
17291
17292
17293
17294
17295
17296
17297
17298
17299
17300
17301
17302
17303
17304
17305
17306
17307
17308
17309
17310
17311
17312
17313
17314
17315
17316
17317
17318
17319
17320
17321
17322
17323
17324
17325
17326
17327
17328
17329
17330
17331
17332
17333
17334
17335
17336
17337
17338
17339
17340
17341
17342
17343
17344
17345
17346
17347
17348
17349
17350
17351
17352
17353
17354
17355
17356
17357
17358
17359
17360
17361
17362
17363
17364
17365
17366
17367
17368
17369
17370
17371
17372
17373
17374
17375
17376
17377
17378
17379
17380
17381
17382
17383
17384
17385
17386
17387
17388
17389
17390
17391
17392
17393
17394
17395
17396
17397
17398
17399
17400
17401
17402
17403
17404
17405
17406
17407
17408
17409
17410
17411
17412
17413
17414
17415
17416
17417
17418
17419
17420
17421
17422
17423
17424
17425
17426
17427
17428
17429
17430
17431
17432
17433
17434
17435
17436
17437
17438
17439
17440
17441
17442
17443
17444
17445
17446
17447
17448
17449
17450
17451
17452
17453
17454
17455
17456
17457
17458
17459
17460
17461
17462
17463
17464
17465
17466
17467
17468
17469
17470
17471
17472
17473
17474
17475
17476
17477
17478
17479
17480
17481
17482
17483
17484
17485
17486
17487
17488
17489
17490
17491
17492
17493
17494
17495
17496
17497
17498
17499
17500
17501
17502
17503
17504
17505
17506
17507
17508
17509
17510
17511
17512
17513
17514
17515
17516
17517
17518
17519
17520
17521
17522
17523
17524
17525
17526
17527
17528
17529
17530
17531
17532
17533
17534
17535
17536
17537
17538
17539
17540
17541
17542
17543
17544
17545
17546
17547
17548
17549
17550
17551
17552
17553
17554
17555
17556
17557
17558
17559
17560
17561
17562
17563
17564
17565
17566
17567
17568
17569
17570
17571
17572
17573
17574
17575
17576
17577
17578
17579
17580
17581
17582
17583
17584
17585
17586
17587
17588
17589
17590
17591
17592
17593
17594
17595
17596
17597
17598
17599
17600
17601
17602
17603
17604
17605
17606
17607
17608
17609
17610
17611
17612
17613
17614
17615
17616
17617
17618
17619
17620
17621
17622
17623
17624
17625
17626
17627
17628
17629
17630
17631
17632
17633
17634
17635
17636
17637
17638
17639
17640
17641
17642
17643
17644
17645
17646
17647
17648
17649
17650
17651
17652
17653
17654
17655
17656
17657
17658
17659
17660
17661
17662
17663
17664
17665
17666
17667
17668
17669
17670
17671
17672
17673
17674
17675
17676
17677
17678
17679
17680
17681
17682
17683
17684
17685
17686
17687
17688
17689
17690
17691
17692
17693
17694
17695
17696
17697
17698
17699
17700
17701
17702
17703
17704
17705
17706
17707
17708
17709
17710
17711
17712
17713
17714
17715
17716
17717
17718
17719
17720
17721
17722
17723
17724
17725
17726
17727
17728
17729
17730
17731
17732
17733
17734
17735
17736
17737
17738
17739
17740
17741
17742
17743
17744
17745
17746
17747
17748
17749
17750
17751
17752
17753
17754
17755
17756
17757
17758
17759
17760
17761
17762
17763
17764
17765
17766
17767
17768
17769
17770
17771
17772
17773
17774
17775
17776
17777
17778
17779
17780
17781
17782
17783
17784
17785
17786
17787
17788
17789
17790
17791
17792
17793
17794
17795
17796
17797
17798
17799
17800
17801
17802
17803
17804
17805
17806
17807
17808
17809
17810
17811
17812
17813
17814
17815
17816
17817
17818
17819
17820
17821
17822
17823
17824
17825
17826
17827
17828
17829
17830
17831
17832
17833
17834
17835
17836
17837
17838
17839
17840
17841
17842
17843
17844
17845
17846
17847
17848
17849
17850
17851
17852
17853
17854
17855
17856
17857
17858
17859
17860
17861
17862
17863
17864
17865
17866
17867
17868
17869
17870
17871
17872
17873
17874
17875
17876
17877
17878
17879
17880
17881
17882
17883
17884
17885
17886
17887
17888
17889
17890
17891
17892
17893
17894
17895
17896
17897
17898
17899
17900
17901
17902
17903
17904
17905
17906
17907
17908
17909
17910
17911
17912
17913
17914
17915
17916
17917
17918
17919
17920
17921
17922
17923
17924
17925
17926
17927
17928
17929
17930
17931
17932
17933
17934
17935
17936
17937
17938
17939
17940
17941
17942
17943
17944
17945
17946
17947
17948
17949
17950
17951
17952
17953
17954
17955
17956
17957
17958
17959
17960
17961
17962
17963
17964
17965
17966
17967
17968
17969
17970
17971
17972
17973
17974
17975
17976
17977
17978
17979
17980
17981
17982
17983
17984
17985
17986
17987
17988
17989
17990
17991
17992
17993
17994
17995
17996
17997
17998
17999
18000
18001
18002
18003
18004
18005
18006
18007
18008
18009
18010
18011
18012
18013
18014
18015
18016
18017
18018
18019
18020
18021
18022
18023
18024
18025
18026
18027
18028
18029
18030
18031
18032
18033
18034
18035
18036
18037
18038
18039
18040
18041
18042
18043
18044
18045
18046
18047
18048
18049
18050
18051
18052
18053
18054
18055
18056
18057
18058
18059
18060
18061
18062
18063
18064
18065
18066
18067
18068
18069
18070
18071
18072
18073
18074
18075
18076
18077
18078
18079
18080
18081
18082
18083
18084
18085
18086
18087
18088
18089
systemd System and Service Manager

CHANGES WITH 256:

        Announcements of Future Feature Removals and Incompatible Changes:

        * Support for automatic flushing of the nscd user/group database caches
          will be dropped in a future release.

        * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
          considered obsolete and systemd by default will refuse to boot under
          it. To forcibly reenable cgroup v1 support,
          SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
          line. The meson option 'default-hierarchy=' is also deprecated, i.e.
          only cgroup v2 ('unified' hierarchy) can be selected as build-time
          default.

        * Support for System V service scripts is deprecated and will be
          removed in a future release. Please make sure to update your software
          *now* to include a native systemd unit file instead of a legacy
          System V script to retain compatibility with future systemd releases.

        * Support for the SystemdOptions EFI variable is deprecated.
          'bootctl systemd-efi-options' will emit a warning when used. It seems
          that this feature is little-used and it is better to use alternative
          approaches like credentials and confexts. The plan is to drop support
          altogether at a later point, but this might be revisited based on
          user feedback.

        * systemd-run's switch --expand-environment= which currently is disabled
          by default when combined with --scope, will be changed in a future
          release to be enabled by default.

        * Previously, systemd-networkd did not explicitly remove any bridge
          VLAN IDs assigned on bridge master and ports. Since version 256, if a
          .network file for an interface has at least one valid setting in the
          [BridgeVLAN] section, then all assigned VLAN IDs on the interface
          that are not configured in the .network file are removed.

        * IPForward= setting in .network file is deprecated and replaced with
          IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
          supported both in .network file and networkd.conf. If specified in a
          .network file, they control corresponding per-link settings. If
          specified in networkd.conf, they control corresponding global
          settings. Note, previously IPv6SendRA= and IPMasquerade= implied
          IPForward=, but now they imply the new per-link settings. One of the
          simplest ways to migrate configurations, that worked as a router with
          the previous version, is enabling both IPv4Forwarding= and
          IPv6Forwarding= in networkd.conf. See systemd.network(5) and
          networkd.conf(5) for more details.

        * systemd-gpt-auto-generator will stop generating units for ESP or
          XBOOTLDR partitions if it finds mount entries for or below the /boot/
          or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
          from interfering with systems where the ESP is explicitly configured
          to be mounted at some path, for example /boot/efi/ (this type of
          setup is obsolete, but still commonly found).

        * The behavior of systemd-sleep and systemd-homed has been updated to
          freeze user sessions when entering the various sleep modes or when
          locking a homed-managed home area. This is known to cause issues with
          the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
          drivers may want to add drop-in configuration files that set
          SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false for systemd-suspend.service
          and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
          systemd-homed.service.

        * systemd-tmpfiles and systemd-sysusers, when given a relative
          configuration file path (with at least one directory separator '/'),
          will open the file directly, instead of searching for the given
          partial path in the standard locations. The old mode wasn't useful
          because tmpfiles.d/ and sysusers.d/ configuration has a flat
          structure with no subdirectories under the standard locations and
          this change makes it easier to work with local files with those
          tools.

        * systemd-tmpfiles now properly applies nested configuration to 'R' and
          'D' stanzas. For example, with the combination of 'R /foo' and 'x
          /foo/bar', /foo/bar will now be excluded from removal.

        * systemd.crash_reboot and related settings are deprecated in favor of
          systemd.crash_action=.

        * Stable releases for version v256 and newer will now be pushed in the
          main repository. The systemd-stable repository will be used for existing
          stable branches (v255-stable and lower), and when they reach EOL it will
          be archived.

        General Changes and New Features:

        * Various programs will now attempt to load the main configuration file
          from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
          below /etc/. For example, systemd-logind will look for
          /etc/systemd/logind.conf, /run/systemd/logind.conf,
          /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
          and use the first file that is found.  This means that the search
          logic for the main config file and for drop-ins is now the same.

          Similarly, kernel-install will look for the config files in
          /usr/lib/kernel/ and the other search locations, and now also
          supports drop-ins.

          systemd-udevd now supports drop-ins for udev.conf.

        * A new 'systemd-vpick' binary has been added. It implements the new
          vpick protocol, where a "*.v/" directory may contain multiple files
          which have versions (following the UAPI version format specification)
          embedded in the file name. The files are ordered by version and
          the newest one is selected.

          systemd-nspawn --image=/--directory=, systemd-dissect,
          systemd-portabled, and the RootDirectory=, RootImage=,
          ExtensionImages=, and ExtensionDirectories= settings for units now
          support the vpick protocol and allow the latest version to be
          selected automatically if a "*.v/" directory is specified as the
          source.

        * Encrypted service credentials can now be made accessible to
          unprivileged users. systemd-creds gained new options --user/--uid=
          for encrypting/decrypting a credential for a specific user.

        * New command-line tool 'importctl' to download, import, and export
          disk images via systemd-importd is added with the following verbs:
          pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
          export-raw, list-transfers, and cancel-transfer. This functionality
          was previously available in "machinectl", where it was used
          exclusively for machine images. The new "importctl" generalizes this
          for sysext, confext, and portable service images.

        * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
          deprecations removed, including the OpenSSL engine logic turned off.

        Service Management:

        * New system manager setting ProtectSystem= has been added. It is
          analogous to the unit setting, but applies to the whole system. It is
          enabled by default in the initrd.

          Note that this means that code executed in the initrd cannot naively
          expect to be able to write to /usr/ during boot. This affects
          dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
          https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

        * New unit setting WantsMountsFor= has been added. It is analogous to
          RequiresMountsFor=, but creates a Wants= dependency instead of
          Requires=. This new logic is now used in various places where mounts
          were added as dependencies for other settings (WorkingDirectory=-…,
          PrivateTmp=yes, cryptsetup lines with 'nofail').

        * New unit setting MemoryZSwapWriteback= can be used to control the new
          memory.zswap.writeback cgroup knob added in kernel 6.8.

        * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
          D-Bus method to devolve some processes from a service into a new
          scope. This new scope will remain running, even when the original
          service unit is restarted or stopped. This allows a service unit to
          split out some worker processes which need to continue running.
          Control group properties of the new scope are copied from the
          originating unit, so various limits are retained.

        * Units now expose properties EffectiveMemoryMax=,
          EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
          most stringent limit systemd is aware of for the given unit.

        * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
          services) or /usr/share/ (for system services).

        * AllowedCPUs= now supports specifier expansion.

        * What= setting in .mount and .swap units now accepts fstab-style
          identifiers, for example UUID=… or LABEL=….

        * RestrictNetworkInterfaces= now supports alternative network interface
          names.

        * PAMName= now implies SetLoginEnvironment=yes.

        * systemd.firstboot=no can be used on the kernel command-line to
          disable interactive queries, but allow other first boot configuration
          to happen based on credentials.

        * The system's hostname can be configured via the systemd.hostname
          system credential.

        * The systemd binary will no longer chainload sysvinit's "telinit"
          binary when called under the init/telinit name on a system that isn't
          booted with systemd. This previously has been supported to make sure
          a distribution that has both init systems installed can reasonably
          switch from one to the other via a simple reboot. Distributions
          apparently have lost interest in this, and the functionality has not
          been supported on the primary distribution this was still intended
          for a long time, and hence has been removed now.

        * A new concept called "capsules" has been introduced. "Capsules" wrap
          additional per-user service managers, whose users are transient and
          are only defined as long as the service manager is running. (This is
          implemented via DynamicUser=1), allowing a user manager to be used to
          manage a group of processes without needing to create an actual user
          account. These service managers run with home directories of
          /var/lib/capsules/<capsule-name> and can contain regular services and
          other units. A capsule is started via a simple "systemctl start
          capsule@<name>.service". See the capsule@.service(5) man page for
          further details.

          Various systemd tools (including, and most importantly, systemctl and
          systemd-run) have been updated to interact with capsules via the new
          "--capsule="/"-C" switch.

        * .socket units gained a new setting PassFileDescriptorsToExec=, taking
          a boolean value. If set to true the file descriptors the socket unit
          encapsulates are passed to the ExecStartPost=, ExecStopPre=,
          ExecStopPost= using the usual $LISTEN_FDS interface. This may be used
          for doing additional initializations on the sockets once they are
          allocated. (For example, to install an additional eBPF program on
          them).

        * The .socket setting MaxConnectionsPerSource= (which so far put a
          limit on concurrent connections per IP in Accept=yes socket units),
          now also has an effect on AF_UNIX sockets: it will put a limit on the
          number of simultaneous connections from the same source UID (as
          determined via SO_PEERCRED). This is useful for implementing IPC
          services in a simple Accept=yes mode.

        * The service manager will now maintain a counter of soft reboot cycles
          the system went through. It may be queried via the D-Bus APIs.

        * systemd's execution logic now supports the new pidfd_spawn() API
          introduced by glibc 2.39, which allows us to invoke a subprocess in a
          target cgroup and get a pidfd back in a single operation.

        * systemd/PID 1 will now send an additional sd_notify() message to its
          supervising VMM or container manager reporting the selected hostname
          ("X_SYSTEMD_HOSTNAME=") and machine ID ("X_SYSTEMD_MACHINE_ID=") at
          boot. Moreover, the service manager will send additional sd_notify()
          messages ("X_SYSTEMD_UNIT_ACTIVE=") whenever a target unit is
          reached. This can be used by VMMs/container managers to schedule
          access to the system precisely. For example, the moment a system
          reports "ssh-access.target" being reached a VMM/container manager
          knows it can now connect to the system via SSH. Finally, a new
          sd_notify() message ("X_SYSTEMD_SIGNALS_LEVEL=2") is sent the moment
          PID 1 has successfully completed installation of its various UNIX
          process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
          PID 1 will start to have the effect of shutting down the system
          cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
          down, and carries a string identifying the type of shutdown,
          i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
          sent at the same time and carries the string passed to "systemctl
          --reboot-argument=" if there was one.

        * New D-Bus properties ExecMainHandoffTimestamp and
          ExecMainHandoffTimestampMonotonic are now published by services
          units. This timestamp is taken as the very last operation before
          handing off control to invoked binaries. This information is
          available for other unit types that fork off processes (i.e. mount,
          swap, socket units), but currently only via "systemd-analyze dump".

        * An additional timestamp is now taken by the service manager when a
          system shutdown operation is initiated. It can be queried via D-Bus
          during the shutdown phase. It's passed to the following service
          manager invocation on soft reboots, which will then use it to log the
          overall "grey-out" time of the soft reboot operation, i.e. the time
          when the shutdown began until the system is fully up again.

        * "systemctl status" will now display the invocation ID in its usual
          output, i.e. the 128bit ID uniquely assigned to the current runtime
          cycle of the unit. The ID has been supported for a long time, but is
          now more prominently displayed, as it is a very useful handle to a
          specific invocation of a service.

        * systemd now generates a new "taint" string "unmerged-bin" for systems
          that have /usr/bin/ and /usr/sbin/ separate. It's generally
          recommended to make the latter a symlink to the former these days.

        * A new systemd.crash_action= kernel command line option has been added
          that configures what to do after the system manager (PID 1) crashes.
          This can also be configured through CrashAction= in systemd.conf.

        * "systemctl kill" now supports --wait which will make the command wait
          until the signalled services terminate.

        Journal:

        * systemd-journald can now forward journal entries to a socket
          (AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
          specified in journald.conf via a new option ForwardToSocket= or via
          the 'journald.forward_to_socket' credential. Log records are sent in
          the Journal Export Format. A related setting MaxLevelSocket= has been
          added to control the maximum log levels for the messages sent to this
          socket.

        * systemd-journald now also reads the journal.storage credential when
          determining where to store journal files.

        * systemd-vmspawn gained a new --forward-journal= option to forward the
          virtual machine's journal entries to the host. This is done over a
          AF_VSOCK socket, i.e. it does not require networking in the guest.

        * journalctl gained option '-i' as a shortcut for --file=.

        * journalctl gained a new -T/--exclude-identifier= option to filter
          out certain syslog identifiers.

        * journalctl gained a new --list-namespaces option.

        * systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
          (so it can be used to receive entries forwarded by systemd-journald).

        * systemd-journal-gatewayd allows restricting the time range of
          retrieved entries with a new "realtime=[<since>]:[<until>]" URL
          parameter.

        * systemd-cat gained a new option --namespace= to specify the target
          journal namespace to which the output shall be connected.

        * systemd-bsod gained a new option --tty= to specify the output TTY

        Device Management:

        * /dev/ now contains symlinks that combine by-path and by-{label,uuid}
          information:

              /dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>

          This allows distinguishing partitions with identical contents on
          multiple storage devices. This is useful, for example, when copying
          raw disk contents between devices.

        * systemd-udevd now creates persistent /dev/media/by-path/ symlinks for
          media controllers. For example, the uvcvideo driver may create
          /dev/media0 which will be linked as
          /dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.

        * A new unit systemd-udev-load-credentials.service has been added
          to pick up udev.conf drop-ins and udev rules from credentials.

        * An allowlist/denylist may be specified to filter which sysfs
          attributes are used when crafting network interface names. Those
          lists are stored as hwdb entries
            ID_NET_NAME_ALLOW_<sysfsattr>=0|1
          and
            ID_NET_NAME_ALLOW=0|1.

          The goal is to avoid unexpected changes to interface names when the
          kernel is updated and new sysfs attributes become visible.

        * A new unit tpm2.target has been added to provide a synchronization
          point for units which expect the TPM hardware to be available. A new
          generator "systemd-tpm2-generator" has been added that will insert
          this target whenever it detects that the firmware has initialized a
          TPM, but Linux hasn't loaded a driver for it yet.

        * systemd-backlight now properly supports numbered devices which the
          kernel creates to avoid collisions in the leds subsystem.

        * systemd-hwdb update operation can be disabled with a new environment
          variable SYSTEMD_HWDB_UPDATE_BYPASS=1.

        systemd-hostnamed:

        * systemd-hostnamed now exposes the machine ID and boot ID via
          D-Bus. It also exposes the hosts AF_VSOCK CID, if available.

        * systemd-hostnamed now provides a basic Varlink interface.

        * systemd-hostnamed exports the full data in os-release(5) and
          machine-info(5) via D-Bus and Varlink.

        * hostnamectl now shows the system's product UUID and hardware serial
          number if known.

        Network Management:

        * systemd-networkd now provides a basic Varlink interface.

        * systemd-networkd's ARP proxy support gained a new option to configure
          a private VLAN variant of the proxy ARP supported by the kernel under
          the name IPv4ProxyARPPrivateVLAN=.

        * systemd-networkd now exports the NamespaceId and NamespaceNSID
          properties via D-Bus and Varlink. (which expose the inode and NSID of
          the network namespace the networkd instance manages)

        * systemd-networkd now supports IPv6RetransmissionTimeSec= and
          UseRetransmissionTime= settings in .network files to configure
          retransmission time for IPv6 neighbor solicitation messages.

        * networkctl gained new verbs 'mask' and 'unmask' for masking networkd
          configuration files such as .network files.

        * 'networkctl edit --runtime' allows editing volatile configuration
          under /run/systemd/network/.

        * The implementation behind TTLPropagate= network setting has been
          removed and the setting is now ignored.

        * systemd-network-generator will now pick up .netdev/.link/.network/
          networkd.conf configuration from system credentials.

        * systemd-networkd will now pick up wireguard secrets from
          credentials.

        * systemd-networkd's Varlink API now supports enumerating LLDP peers.

        * .link files now support new Property=, ImportProperty=,
          UnsetProperty= fields for setting udev properties on a link.

        * The various .link files that systemd ships for interfaces that are
          supposed to be managed by systemd-networkd only now carry a
          ID_NET_MANAGED_BY=io.systemd.Network udev property ensuring that
          other network management solutions honouring this udev property do
          not come into conflict with networkd, trying to manage these
          interfaces.

        * .link files now support a new ReceivePacketSteeringCPUMask= setting
          for configuring which CPUs to steer incoming packets to.

        * The [Network] section in .network files gained a new setting
          UseDomains=, which is a single generic knob for controlling the
          settings of the same name in the [DHCPv4], [DHCPv6] and
          [IPv6AcceptRA].

        * The 99-default.link file we ship by default (that defines the policy
          for all network devices to which no other .link file applies) now
          lists "mac" among AlternativeNamesPolicy=. This means that network
          interfaces will now by default gain an additional MAC-address based
          alternative device name. (i.e. enx…)

        systemd-nspawn:

        * systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
          directory where the container payload can expose AF_UNIX sockets to
          allow them to be accessed from outside.

        * systemd-nspawn will tint the terminal background for containers in a
          blueish color. This can be controller with the new --background=
          switch or the new $SYSTEMD_TINT_BACKGROUND environment variable.

        * systemd-nspawn gained support for the 'owneridmap' option for --bind=
          mounts to map the target directory owner from inside the container to
          the owner of the directory bound from the host filesystem.

        * systemd-nspawn now supports moving Wi-Fi network devices into a
          container, just like other network interfaces.

        systemd-resolved:

        * systemd-resolved now reads RFC 8914 EDE error codes provided by
          upstream DNS services.

        * systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
          records, as well as RFC 2915 NAPTR records.

        * resolvectl gained a new option --relax-single-label= to allow
          querying single-label hostnames via unicast DNS on a per-query basis.

        * systemd-resolved's Varlink IPC interface now supports resolving
          DNS-SD services as well as an API for resolving raw DNS RRs.

        * systemd-resolved's .dnssd DNS_SD service description files now
          support DNS-SD "subtypes" via the new SubType= setting.

        * systemd-resolved's configuration may now be reloaded without
          restarting the service. (i.e. "systemctl reload systemd-resolved" is
          now supported)

        SSH Integration:

        * An sshd config drop-in to allow ssh keys acquired via userdbctl (for
          example expose by homed accounts) to be used for authorization of
          incoming SSH connections.

        * A small new unit generator "systemd-ssh-generator" has been added. It
          checks if the sshd binary is installed. If so, it binds it via
          per-connection socket activation to various sockets depending on the
          execution context:

            • If the system is run in a VM providing AF_VSOCK support, it
              automatically binds sshd to AF_VSOCK port 22.

            • If the system is invoked as a full-OS container and the container
              manager pre-mounts a directory /run/host/unix-export/, it will
              bind sshd to an AF_UNIX socket /run/host/unix-export/ssh. The
              idea is the container manager bind mounts the directory to an
              appropriate place on the host as well, so that the AF_UNIX socket
              may be used to easily connect from the host to the container.

            • sshd is also bound to an AF_UNIX socket
              /run/ssh-unix-local/socket, which may be to use ssh/sftp in a
              "sudo"-like fashion to access resources of other local users.

            • Via the kernel command line option "systemd.ssh_listen=" and the
              system credential "ssh.listen" sshd may be bound to additional,
              explicitly configured options, including AF_INET/AF_INET6 ports.

          In particular the first two mechanisms should make dealing with local
          VMs and full OS containers a lot easier, as SSH connections will
          *just* *work* from the host – even if no networking is available
          whatsoever.

          systemd-ssh-generator optionally generates a per-connection
          socket activation service file wrapping sshd. This is only done if
          the distribution does not provide one on its own under the name
          "sshd@.service". The generated unit only works correctly if the SSH
          privilege separation ("privsep") directory exists. Unfortunately
          distributions vary wildly where they place this directory. An
          incomprehensive list:

            • /usr/share/empty.sshd/  (new fedora)
            • /var/empty/
            • /var/empty/sshd/
            • /run/sshd/              (debian/ubuntu?)

          If the SSH privsep directory is placed below /var/ or /run/ care
          needs to be taken that the directory is created automatically at boot
          if needed, since these directories possibly or always come up
          empty. This can be done via a tmpfiles.d/ drop-in. You may use the
          "sshdprivsepdir" meson option provided by systemd to configure the
          directory, in case you want systemd to create the directory as needed
          automatically, if your distribution does not cover this natively.

          Recommendations to distributions, in order to make things just work:

            • Please provide a per-connection SSH service file under the name
              "sshd@.service".

            • Please move the SSH privsep dir into /usr/ (so that it is truly
              immutable on image-based operating systems, is strictly under
              package manager control, and never requires recreation if the
              system boots up with an empty /run/ or /var/).

            • As an extension of this: please consider following Fedora's lead
              here, and use /usr/share/empty.sshd/ to minimize needless
              differences between distributions.

            • If your distribution insists on placing the directory in /var/ or
              /run/ then please at least provide a tmpfiles.d/ drop-in to
              recreate it automatically at boot, so that the sshd binary just
              works, regardless in which context it is called.

        * A small tool "systemd-ssh-proxy" has been added, which is supposed to
          act as counterpart to "systemd-ssh-generator". It's a small plug-in
          for the SSH client (via ProxyCommand/ProxyUseFdpass) to allow it to
          connect to AF_VSOCK or AF_UNIX sockets. Example: "ssh vsock/4711"
          connects to a local VM with cid 4711, or "ssh
          unix/run/ssh-unix-local/socket" to connect to the local host via the
          AF_UNIX socket /run/ssh-unix-local/socket.

        systemd-boot and systemd-stub and Related Tools:

        * TPM 1.2 PCR measurement support has been removed from systemd-stub.
          TPM 1.2 is obsolete and – due to the (by today's standards) weak
          cryptographic algorithms it only supports – does not actually provide
          the security benefits it's supposed to provide. Given that the rest
          of systemd's codebase never supported TPM 1.2, the support has now
          been removed from systemd-stub as well.

        * systemd-stub will now measure its payload via the new EFI
          Confidential Computing APIs (CC), in addition to the pre-existing
          measurements to TPM.

        * confexts are loaded by systemd-stub from the ESP as well.

        * kernel-install gained support for --root= for the 'list' verb.

        * bootctl now provides a basic Varlink interface and can be run as a
          daemon via a template unit.

        * systemd-measure gained new options --certificate=, --private-key=,
          and --private-key-source= to allow using OpenSSL's "engines" or
          "providers" as the signing mechanism to use when creating signed
          TPM2 PCR measurement values.

        * ukify gained support for signing of PCR signatures via OpenSSL's
          engines and providers.

        * ukify now supports zboot kernels.

        * systemd-boot now supports passing additional kernel command line
          switches to invoked kernels via an SMBIOS Type #11 string
          "io.systemd.boot.kernel-cmdline-extra". This is similar to the
          pre-existing support for this in systemd-stub, but also applies to
          Type #1 Boot Loader Specification Entries.

        * systemd-boot's automatic SecureBoot enrollment support gained support
          for enrolling "dbx" too (Previously, only db/KEK/PK enrollment was
          supported). It also now supports UEFI "Custom" and "Audit" modes.

        * The pcrlock policy is saved in an unencrypted credential file
          "pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
          /loader/credentials/ directory. It will be picked up at boot by
          systemd-stub and passed to the initrd, where it can be used to unlock
          the root file system.

        * systemd-pcrlock gained an --entry-token= option to configure the
          entry-token.

        * systemd-pcrlock now provides a basic Varlink interface and can be run
          as a daemon via a template unit.

        * systemd-pcrlock's TPM nvindex access policy has been modified, this
          means that previous pcrlock policies stored in nvindexes are
          invalidated. They must be removed (systemd-pcrlock remove-policy) and
          recreated (systemd-pcrlock make-policy). For the time being
          systemd-pcrlock remains an experimental feature, but it is expected
          to become stable in the next release, i.e. v257.

        * systemd-pcrlock's --recovery-pin= switch now takes three values:
          "hide", "show", "query". If "show" is selected the automatically
          generated recovery PIN is shown to the user. If "query" is selected
          then the PIN is queried from the user.

        * sd-stub gained support for the new ".ucode" PE section in UKIs, that
          may contain CPU microcode data. When control is handed over to the
          Linux kernel this data is prepended to the set of initrds passed.

        systemd-run/run0:

        * systemd-run is now a multi-call binary. When invoked as 'run0', it
          provides as interface similar to 'sudo', with all arguments starting
          at the first non-option parameter being treated the command to invoke
          as root. Unlike 'sudo' and similar tools, it does not make use of
          setuid binaries or other privilege escalation methods, but instead
          runs the specified command as a transient unit, which is started by
          the system service manager, so privileges are dropped, rather than
          gained, thus implementing a much more robust and safe security
          model. As usual, authorization is managed via Polkit.

        * systemd-run/run0 will now tint the terminal background on supported
          terminals: in a reddish tone when invoking a root service, in a
          yellowish tone otherwise. This may be controlled and turned off via
          the new --background= switch or the new $SYSTEMD_TINT_BACKGROUND
          environment variable.

        * systemd-run gained a new option '--ignore-failure' to suppress
          command failures.

        Command-line tools:

        * 'systemctl edit --stdin' allows creation of unit files and drop-ins
          with contents supplied via standard input. This is useful when creating
          configuration programmatically; the tool takes care of figuring out
          the file name, creating any directories, and reloading the manager
          afterwards.

        * 'systemctl disable --now' and 'systemctl mask --now' now work
          correctly with template units.

        * 'systemd-analyze architectures' lists known CPU architectures.

        * 'systemd-analyze --json=…' is supported for 'architectures',
          'capability', 'exit-status'.

        * 'systemd-tmpfiles --purge' will purge (remove) all files and
          directories created via tmpfiles.d configuration.

        * systemd-id128 gained new options --no-pager, --no-legend, and
          -j/--json=.

        * hostnamectl gained '-j' as shortcut for '--json=pretty' or
          '--json=short'.

        * loginctl now supports -j/--json=.

        * resolvectl now supports -j/--json= for --type=.

        * systemd-tmpfiles gained a new option --dry-run to print what would be
          done without actually taking action.

        * varlinkctl gained a new --collect switch to collect all responses of
          a method call that supports multiple replies and turns it into a
          single JSON array.

        * systemd-dissect gained a new --make-archive option to generate an
          archive file (tar.gz and similar) from a disk image.

        systemd-vmspawn:

        * systemd-vmspawn gained a new --firmware= option to configure or list
          firmware definitions for Qemu, a new --tpm= option to enable or
          disable the use of a software TPM, a new --linux= option to specify a
          kernel binary for direct kernel boot, a new --initrd= option to
          specify an initrd for direct kernel boot, a new -D/--directory option
          to use a plain directory as the root file system, a new
          --private-users option similar to the one in systemd-nspawn, new
          options --bind= and --bind-ro= to bind part of the host's file system
          hierarchy into the guest, a new --extra-drive= option to attach
          additional storage, and -n/--network-tap/--network-user-mode to
          configure networking.

        * A new systemd-vmspawn@.service can be used to launch systemd-vmspawn
          as a service.

        * systemd-vmspawn gained the new --console= and --background= switches
          that control how to interact with the VM. As before, by default an
          interactive terminal interface is provided, but now with a background
          tinted with a greenish hue.

        * systemd-vmspawn can now register its VMs with systemd-machined,
          controlled via the --register= switch.

        * machinectl's start command (and related) can now invoke images either
          as containers via `systemd-nspawn` (switch is --runner=nspawn, the
          default) or as VMs via `systemd-vmspawn` (switch is --runner=vmspawn,
          or short -V).

        * systemd-vmspawn now supports two switches --pass-ssh-key= and
          --ssh-key-type= to optionally set up transient SSH keys to pass to the
          invoked VMs in order to be able to SSH into them once booted.

        * systemd-vmspawn will now enable various "HyperV enlightenments" and
          the "VM Generation ID" on the VMs.

        * A new environment variable $SYSTEMD_VMSPAWN_QEMU_EXTRA may carry
          additional qemu command line options to pass to qemu.

        * systemd-machined gained a new GetMachineSSHInfo() D-Bus method that is
          used by systemd-vmspawn to fetch the information needed to ssh into the
          machine.

        * systemd-machined gained a new Varlink interface that is used by
          systemd-vmspawn to register machines with additional information and
          metadata.

        systemd-repart:

        * systemd-repart gained new options --generate-fstab= and
          --generate-crypttab= to write out fstab and crypttab files matching the
          generated partitions.

        * systemd-repart gained a new option --private-key-source= to allow
          using OpenSSL's "engines" or "providers" as the signing mechanism to
          use when creating verity signature partitions.

        * systemd-repart gained a new DefaultSubvolume= setting in repart.d/
          drop-ins that allow configuring the default btrfs subvolume for newly
          formatted btrfs file systems.

        Libraries:

        * libsystemd gained new call sd_bus_creds_new_from_pidfd() to get a
          credentials object for a pidfd and sd_bus_creds_get_pidfd_dup() to
          retrieve the pidfd from a credentials object.

        * sd-bus' credentials logic will now also acquire peer's UNIX group
          lists and peer's pidfd if supported and requested.

        * RPM macro %_kernel_install_dir has been added with the path
          to the directory for kernel-install plugins.

        * The liblz4, libzstd, liblzma, libkmod, libgcrypt dependencies have
          been changed from regular shared library dependencies into dlopen()
          based ones.

          Note that this means that those libraries might not be automatically
          pulled in when ELF dependencies are resolved. In particular lack of
          libkmod might cause problems with boot. This affects dracut <= 101,
          see https://github.com/dracut-ng/dracut-ng/commit/04b362d713235459cf.

        * systemd ELF binaries that use libraries via dlopen() are now built with
          a new ELF header note section, following a new specification defined at
          docs/ELF_DLOPEN_METADATA.md, that provides information about which
          sonames are loaded and used if found at runtime. This allows tools and
          packagers to programmatically discover the list of optional
          dependencies used by all systemd ELF binaries. A parser with packaging
          integration tools is available at
          https://github.com/systemd/package-notes

        * The sd-journal API gained a new call
          sd_journal_stream_fd_with_namespace() which is just like
          sd_journal_stream_fd() but creates a log stream targeted at a
          specific log namespace.

        * The sd-id128 API gained a new API call
          sd_id128_get_invocation_app_specific() for acquiring an app-specific
          ID that is derived from the service invocation ID.

        * The sd-event API gained a new API call
          sd_event_source_get_inotify_path() that returns the file system path
          an inotify event source was created for.

        systemd-cryptsetup/systemd-cryptenroll:

        * The device node argument to systemd-cryptenroll is now optional. If
          omitted it will be derived automatically from the backing block
          device of /var/ (which quite likely is the same as the root file
          system, hence effectively means if you don't specify things otherwise
          the tool will now default to enrolling a key into the root file
          system's LUKS device).

        * systemd-cryptenroll can now enroll directly with a PKCS11 public key
          (instead of a certificate).

        * systemd-cryptsetup/systemd-cryptenroll now may lock a disk against a
          PKCS#11 provided EC key (before it only supported RSA).

        * systemd-cryptsetup gained support for crypttab option
          link-volume-key= to link the volume key into the kernel keyring when
          the volume is opened.

        * systemd-cryptenroll will no longer enable Dictionary Attack
          Protection (i.e. turn on NO_DA) for TPM enrollments that do not
          involve a PIN. DA should not be necessary in that case (since key
          entropy is high enough to make this unnecessary), but risks
          accidental lock-out in case of unexpected PCR changes.

        * systemd-cryptenroll now supports enrolling a new slot while unlocking
          the old slot via TPM2 (previously unlocking only worked via password
          or FIDO2).

        Documentation:

        * The remaining documentation that was on
          https://freedesktop.org/wiki/Software/systemd/ has been moved to
          https://systemd.io/.

        * A new text describing the VM integration interfaces of systemd has
          been added:

          https://systemd.io/VM_INTERFACE

        * The sd_notify() man page has gained examples with C and Python code
          that shows how to implement the interface in those languages without
          involving libsystemd.

        systemd-homed, systemd-logind, systemd-userdbd:

        * systemd-homed now supports unlocking of home directories when logging
          in via SSH. Previously home directories needed to be unlocked before
          an SSH login is attempted.

        * JSON User Records have been extended with a separate public storage
          area called "User Record Blob Directories". This is intended to store
          the user's background image, avatar picture, and other similar items
          which are too large to fit into the User Record itself.

          systemd-homed, userdbctl, and homectl gained support for blob
          directories. homectl gained --avatar= and --login-background= to
          control two specific items of the blob directories.

        * A new "additionalLanguages" field has been added to JSON user records
          (as supported by systemd-homed and systemd-userdbd), which is closely
          related to the pre-existing "preferredLanguage", and allows
          specifying multiple additional languages for the user account. It is
          used to initialize the $LANGUAGES environment variable when used.

        * A new pair of "preferredSessionType" and "preferredSessionLauncher"
          fields have been added to JSON user records, that may be used to
          control which kind of desktop session to preferable activate on
          logins of the user.

        * homectl gained a new verb 'firstboot', and a new
          systemd-homed-firstboot.service unit uses this verb to create users
          in a first boot environment, either from system credentials or by
          querying interactively.

        * systemd-logind now supports a new "background-light" session class
          which does not pull in the user@.service unit. This is intended in
          particular for lighter weight per-user cron jobs which do require any
          per-user service manager to be around.

        * The per-user service manager will now be tracked as a distinct "manager"
          session type among logind sessions of each user.

        * homectl now supports an --offline mode, by which certain account
          properties can be changed without unlocking the home directory.

        * systemd-logind gained a new
          org.freedesktop.login1.Manager.ListSessionsEx() method that provides
          additional metadata compared to ListSessions(). loginctl makes use of
          this to list additional fields in list-sessions.

        * systemd-logind gained a new org.freedesktop.login1.Manager.Sleep()
          method that automatically redirects to SuspendThenHibernate(),
          Suspend(), HybridSleep(), or Hibernate(), depending on what is
          supported and configured, a new configuration setting SleepOperation=,
          and an accompanying helper method
          org.freedesktop.login1.Manager.CanSleep() and property
          org.freedesktop.login1.Manager.SleepOperation.

          'systemctl sleep' calls the new method to automatically put the
          machine to sleep in the most appropriate way.

        Credential Management:

        * systemd-creds now provides a Varlink IPC API for encrypting and
          decrypting credentials.

        * systemd-creds' "tpm2-absent" key selection has been renamed to
          "null", since that's what it actually does: "encrypt" and "sign"
          with a fixed null key. --with-key=null should only be used in very
          specific cases, as it provides zero integrity or confidentiality
          protections. (i.e. it's only safe to use as fallback in environments
          lacking both a TPM and access to the root fs to use the host
          encryption key, or when integrity is provided some other way.)

        * systemd-creds gained a new switch --allow-null. If specified, the
          "decrypt" verb will decode encrypted credentials that use the "null"
          key (by default this is refused, since using the "null" key defeats
          the authenticated encryption normally done).

        Suspend & Hibernate:

        * The sleep.conf configuration file gained a new MemorySleepMode=
          setting for configuring the sleep mode in more detail.

        * A tiny new service systemd-hibernate-clear.service has been added
          which clears hibernation information from the HibernateLocation EFI
          variable, in case the resume device is gone. Normally, this variable
          is supposed to be cleaned up by the code that initiates the resume
          from hibernation image. But when the device is missing and that code
          doesn't run, this service will now do the necessary work, ensuring
          that no outdated hibernation image information remains on subsequent
          boots.

        Unprivileged User Namespaces & Mounts:

        * A small new service systemd-nsresourced.service has been added. It
          provides a Varlink IPC API that assigns a free, transiently allocated
          64K UID/GID range to an uninitialized user namespace a client
          provides. It may be used to implement unprivileged container managers
          and other programs that need dynamic user ID ranges. It also provides
          interfaces to then delegate mount file descriptors, control groups
          and network interfaces to user namespaces set up this way.

        * A small new service systemd-mountfsd.service has been added. It
          provides a Varlink IPC API for mounting DDI images, and returning a set
          of mount file descriptors for it. If a user namespace fd is provided
          as input, then the mounts are registered with the user namespace. To
          ensure trust in the image it must provide Verity information (or
          alternatively interactive polkit authentication is required).

        * The systemd-dissect tool now can access DDIs fully unprivileged by
          using systemd-nsresourced/systemd-mountfsd.

        * If the service manager runs unprivileged (i.e. systemd --user) it now
          supports RootImage= for accessing DDI images, also implemented via
          the systemd-nsresourced/systemd-mountfsd.

        * systemd-nspawn may now operate without privileges, if a suitable DDI
          is provided via --image=, again implemented via
          systemd-nsresourced/systemd-mountfsd.

        Other:

        * timedatectl and machinectl gained option '-P', an alias for
          '--value --property=…'.

        * Various tools that pretty-print config files will now highlight
          configuration directives.

        * varlinkctl gained support for the "ssh:" transport. This requires
          OpenSSH 9.4 or newer.

        * systemd-sysext gained support for enabling system extensions in
          mutable fashion, where a writeable upperdir is stored under
          /var/lib/extensions.mutable/, and a new --mutable= option to
          configure this behaviour. An "ephemeral" mode is not also supported
          where the mutable layer is configured to be a tmpfs that is
          automatically released when the system extensions are reattached.

        * Coredumps are now retained for two weeks by default (instead of three
          days, as before).

        * portablectl --copy= parameter gained a new 'mixed' argument, that will
          result in resources owned by the OS (e.g.: portable profiles) to be linked
          but resources owned by the portable image (e.g.: the unit files and the
          images themselves) to be copied.

        * systemd will now register MIME types for various of its file types
          (e.g. journal files, DDIs, encrypted credentials …) via the XDG
          shared-mime-info infrastructure. (Files of these types will thus be
          recognized as their own thing in desktop file managers such as GNOME
          Files.)

        * systemd-dissect will now show the detected sector size of a given DDI
          in its default output.

        * systemd-portabled now generates recognizable structured log messages
          whenever a portable service is attached or detached.

        * Verity signature checking in userspace (i.e. checking against
          /etc/verity.d/ keys) when activating DDIs can now be turned on/off
          via a kernel command line option systemd.allow_userspace_verity= and
          an environment variable SYSTEMD_ALLOW_USERSPACE_VERITY=.

        * ext4/xfs file system quota handling has been reworked, so that
          quotacheck and quotaon are now invoked as per-file-system templated
          services (as opposed to single system-wide singletons), similar in
          style to the fsck, growfs, pcrfs logic. This means file systems with
          quota enabled can now be reasonably enabled at runtime of the system,
          not just at boot.

        * "systemd-analyze dot" will now also show BindsTo= dependencies.

        * systemd-debug-generator gained the ability add in arbitrary units
          based on them being passed in via system credentials.

        * A new kernel command-line option systemd.default_debug_tty= can be
          used to specify the TTY for the debug shell, independently of
          enabling or disabling it.

        * portablectl gained a new --clean switch that clears a portable
          service's data (cache, logs, state, runtime, fdstore) when detaching
          it.

        Contributions from: A S Alam, AKHIL KUMAR,
        Abraham Samuel Adekunle, Adrian Vovk, Adrian Wannenmacher,
        Alan Liang, Alberto Planas, Alexander Zavyalov, Anders Jonsson,
        Andika Triwidada, Andres Beltran, Andrew Sayers,
        Antonio Alvarez Feijoo, Arian van Putten, Arthur Zamarin,
        Artur Pak, AtariDreams, Benjamin Franzke, Bernhard M. Wiedemann,
        Black-Hole1, Bryan Jacobs, Burak Gerz, Carlos Garnacho,
        Chandra Pratap, Chris Hofstaedtler, Chris Packham, Chris Simons,
        Christian Göttsche, Christian Wesselhoeft, Clayton Craft,
        Colin Geniet, Colin Walters, Colin Watson, Costa Tsaousis,
        Cristian Rodríguez, Daan De Meyer, Damien Challet, Dan Streetman,
        Daniel Winzen, Daniele Medri, David Seifert, David Tardon,
        David Venhoek, Diego Viola, Dionna Amalie Glaze,
        Dmitry Konishchev, Dmitry V. Levin, Edson Juliano Drosdeck,
        Eisuke Kawashima, Eli Schwartz, Emanuele Giuseppe Esposito,
        Eric Daigle, Evgeny Vereshchagin, Felix Riemann,
        Fernando Fernandez Mancera, Florian Fainelli, Florian Schmaus,
        Franck Bui, Frantisek Sumsal, Friedrich Altheide,
        Gabríel Arthúr Pétursson, Gaël Donval, Georges Basile Stavracas Neto,
        Gerd Hoffmann, GNOME Foundation, Guido Leenders,
        Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald Brinkmann,
        Heinrich Schuchardt, Helmut Grohne, Henry Li, Heran Yang,
        Holger Assmann, Ivan Kruglov, Ivan Shapovalov, Jakub Sitnicki,
        James Muir, Jan Engelhardt, Jan Macku, Jarne Förster, Jeff King,
        Jian-Hong Pan, JmbFountain, Joakim Nohlgård, Jonathan Conder,
        Julius Alexandre, Jörg Behrmann, Kai Lueke, Kamil Szczęk,
        KayJay7, Keian, Kirk, Kristian Klausen, Krzesimir Nowak,
        Lain "Fearyncess" Yang, Lars Ellenberg, Lennart Poettering,
        Leonard, Luca Boccassi, Lucas Salles, Ludwig Nussel,
        Lukáš Nykrýn, Luna Jernberg, Luxiter, Maanya Goenka,
        Maciej S. Szmigiero, Mariano Giménez, Markus Merklinger,
        Martin Ivicic, Martin Srebotnjak, Martin Trigaux, Martin Wilck,
        Mathias Lang, Matt Layher, Matt Muggeridge, Matteo Croce,
        Matthias Lisin, Max Gautier, Max Staudt, MaxHearnden,
        Michael Biebl, Michal Koutný, Michal Sekletár, Michał Kopeć,
        Mike Gilbert, Mike Yuan, Mikko Ylinen, MkfsSion, Moritz Sanft,
        MrSmör, Nandakumar Raghavan, Nicholas Little, Nick Cao,
        Nick Rosbrook, Nicolas Bouchinet, Norbert Lange,
        Ole Peder Brandtzæg, Ondrej Kozina, Oğuz Ersen,
        Pablo Méndez Hernández, Pierre GRASSER, Piotr Drąg, QuonXF,
        Radoslav Kolev, Rafaël Kooi, Raito Bezarius, Rasmus Villemoes,
        Reid Wahl, Renjaya Raga Zenta, Richard Maw, Roland Hieber,
        Ronan Pigott, Rose, Ross Burton, Saliba-san, Sam Leonard,
        Samuel BF, Sarvajith Adyanthaya, Scrambled 777,
        Sebastian Pucilowski, Sergei Zhmylev, Sergey A, Shulhan,
        SidhuRupinder, Simon Fowler, Skia, Sludge, Stuart Hayhurst,
        Susant Sahani, Takashi Sakamoto, Temuri Doghonadze, Thayne McCombs,
        Thilo Fromm, Thomas Blume, Tiago Rocha Cunha, Timo Rothenpieler,
        TobiPeterG, Tobias Fleig, Tomáš Pecka, Topi Miettinen,
        Tycho Andersen, Unique-Usman, Usman Akinyemi, Vasiliy Kovalev,
        Vasiliy Stelmachenok, Victor Berchet, Vishal Chillara Srinivas,
        Vitaly Kuznetsov, Vito Caputo, Vladimir Stoiakin, Werner Sembach,
        Will Springer, Winterhuman, Xiaotian Wu, Yu Watanabe,
        Yuri Chornoivan, Zbigniew Jędrzejewski-Szmek, Zmyeir, anphir,
        aslepykh, chenjiayi, cpackham-atlnz, cunshunxia, djantti, drewbug,
        hanjinpeng, hfavisado, hulkoba, hydrargyrum, ksaleem, mburucuyapy,
        medusalix, mille-feuille, mkubiak, mooo, msizanoen, networkException,
        nl6720, r-vdp, runiq, sam-leonard-ct, samuelvw01, sharad3001, spdfnet,
        sushmbha, wangyuhang, zeroskyx, zzywysm, İ. Ensar Gülşen,
        Łukasz Stelmach, Štěpán Němec, 我超厉害, 김인수

        — Edinburgh, 2024-06-11

CHANGES WITH 255:

        Announcements of Future Feature Removals and Incompatible Changes:

        * Support for split-usr (/usr/ mounted separately during late boot,
          instead of being mounted by the initrd before switching to the rootfs)
          and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
          /usr/lib/, …) has been removed. For more details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

        * We intend to remove cgroup v1 support from a systemd release after
          the end of 2023. If you run services that make explicit use of
          cgroup v1 features (i.e. the "legacy hierarchy" with separate
          hierarchies for each controller), please implement compatibility with
          cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
          Most of Linux userspace has been ported over already.

        * Support for System V service scripts is now deprecated and will be
          removed in a future release. Please make sure to update your software
          *now* to include a native systemd unit file instead of a legacy
          System V script to retain compatibility with future systemd releases.

        * Support for the SystemdOptions EFI variable is deprecated.
          'bootctl systemd-efi-options' will emit a warning when used. It seems
          that this feature is little-used and it is better to use alternative
          approaches like credentials and confexts. The plan is to drop support
          altogether at a later point, but this might be revisited based on
          user feedback.

        * systemd-run's switch --expand-environment= which currently is disabled
          by default when combined with --scope, will be changed in a future
          release to be enabled by default.

        * "systemctl switch-root" is now restricted to initrd transitions only.

          Transitions between real systems should be done with
          "systemctl soft-reboot" instead.

        * The "ip=off" and "ip=none" kernel command line options interpreted by
          systemd-network-generator will now result in IPv6RA + link-local
          addressing being disabled, too. Previously DHCP was turned off, but
          IPv6RA and IPv6 link-local addressing was left enabled.

        * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
          and is now disabled.

        * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
          section of systemd-sleep.conf are now deprecated and have no effect.
          They did not (and could not) take any value other than the respective
          default. HybridSleepMode= is also deprecated, and will now always use
          the 'suspend' disk mode.

        Service Manager:

        * The way services are spawned has been overhauled. Previously, a
          process was forked that shared all of the manager's memory (via
          copy-on-write) while doing all the required setup (e.g.: mount
          namespaces, CGroup configuration, etc.) before exec'ing the target
          executable. This was problematic for various reasons: several glibc
          APIs were called that are not supposed to be used after a fork but
          before an exec, copy-on-write meant that if either process (the
          manager or the child) touched a memory page a copy was triggered, and
          also the memory footprint of the child process was that of the
          manager, but with the memory limits of the service. From this version
          onward, the new process is spawned using CLONE_VM and CLONE_VFORK
          semantics via posix_spawn(3), and it immediately execs a new internal
          binary, systemd-executor, that receives the configuration to apply
          via memfd, and sets up the process before exec'ing the target
          executable. The systemd-executor binary is pinned by file descriptor
          by each manager instance (system and users), and the reference is
          updated on daemon-reexec - it is thus important to reexec all running
          manager instances when the systemd-executor and/or libsystemd*
          libraries are updated on the filesystem.

        * Most of the internal process tracking is being changed to use PIDFDs
          instead of PIDs when the kernel supports it, to improve robustness
          and reliability.

        * A new option SurviveFinalKillSignal= can be used to configure the
          unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
          This is part of the required configuration to let a unit's processes
          survive a soft-reboot operation.

        * System extension images (sysext) can now set
          EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
          automatically reload the service manager (PID 1) when
          merging/refreshing/unmerging on boot. Generally, while this can be
          used to ship services in system extension images it's recommended to
          do that via portable services instead.

        * The ExtensionImages= and ExtensionDirectories= options now support
          confexts images/directories.

        * A new option NFTSet= provides a method for integrating dynamic cgroup
          IDs into firewall rules with NFT sets. The benefit of using this
          setting is to be able to use control group as a selector in firewall
          rules easily and this in turn allows more fine grained filtering.
          Also, NFT rules for cgroup matching use numeric cgroup IDs, which
          change every time a service is restarted, making them hard to use in
          systemd environment.

        * A new option CoredumpReceive= can be set for service and scope units,
          together with Delegate=yes, to make systemd-coredump on the host
          forward core files from processes crashing inside the delegated
          CGroup subtree to systemd-coredump running in the container. This new
          option is by default used by systemd-nspawn containers that use the
          "--boot" switch.

        * A new ConditionSecurity=measured-uki option is now available, to ensure
          a unit can only run when the system has been booted from a measured UKI.

        * MemoryAvailable= now considers physical memory if there are no CGroup
          memory limits set anywhere in the tree.

        * The $USER environment variable is now always set for services, while
          previously it was only set if User= was specified. A new option
          SetLoginEnvironment= is now supported to determine whether to also set
          $HOME, $LOGNAME, and $SHELL.

        * Socket units now support a new pair of
          PollLimitBurst=/PollLimitInterval= options to configure a limit on
          how often polling events on the file descriptors backing this unit
          will be considered within a time window.

        * Scope units can now be created using PIDFDs instead of PIDs to select
          the processes they should include.

        * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
          manager to dump the list of currently pending jobs.

        * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
          machinectl bind and mount-image verbs will now cause the new mount to
          replace the old mount (if any), instead of overmounting it.

        * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
          MemoryZSwapCurrent properties, which respectively contain the values
          of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
          and memory.zswap.current properties. This information is also shown in
          "systemctl status" output, if available.

        TPM2 Support + Disk Encryption & Authentication:

        * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
          value in the --tpm2-pcrs= option.

        * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
          index) to be used instead of the default SRK via the new
          --tpm2-seal-key-handle= option.

        * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
          public key (in TPM2B_PUBLIC format) – without access to the TPM2
          device itself – which enables offline sealing of LUKS images for a
          specific TPM2 chip, as long as the SRK public key is known. Pass the
          public to the tool via the new --tpm2-device-key= switch.

        * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
          internal-only executable.

        * The TPM2 Storage Root Key will now be set up, if not already present,
          by a new systemd-tpm2-setup.service early boot service. The SRK will
          be stored in PEM format and TPM2_PUBLIC format (the latter is useful
          for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
          easier access. A new "srk" verb has been added to systemd-analyze to
          allow extracting it on demand if it is already set up.

        * The internal systemd-pcrphase executable has been renamed to
          systemd-pcrextend.

        * The systemd-pcrextend tool gained a new --pcr= switch to override
          which PCR to measure into.

        * systemd-pcrextend now exposes a Varlink interface at
          io.systemd.PCRExtend that can be used to do measurements and event
          logging on demand.

        * TPM measurements are now also written to an event log at
          /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
          Canonical Event Log format. Previously we'd only log them to the
          journal, where they however were subject to rotation and similar.

        * A new component "systemd-pcrlock" has been added that allows managing
          local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
          predict by the OS vendor because of the inherently local nature of
          what measurements they contain, such as firmware versions of the
          system and extension cards and suchlike. pcrlock can predict PCR
          measurements ahead of time based on various inputs, such as the local
          TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
          various other things. It can then pre-calculate a TPM2 policy from
          this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
          encryption keys) can be locked against this NV index, so that they
          are locked against a specific combination of system firmware and
          state. Alternatives for each component are supported to allowlist
          multiple kernel versions or boot loader version simultaneously
          without losing access to the disk encryption keys. The tool can also
          be used to analyze and validate the local TPM2 event log.
          systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all been
          updated to support such policies. There's currently no support for
          locking the system's root disk against a pcrlock policy, this will be
          added soon. Moreover, it is currently not possible to combine a
          pcrlock policy with a signed PCR policy. This component is
          experimental and its public interface is subject to change.

        systemd-boot, systemd-stub, ukify, bootctl, kernel-install:

        * bootctl will now show whether the system was booted from a UKI in its
          status output.

        * systemd-boot and systemd-stub now use different project keys in their
          respective SBAT sections, so that they can be revoked individually if
          needed.

        * systemd-boot will no longer load unverified Devicetree blobs when UEFI
          SecureBoot is enabled. For more details see:
          https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c

        * systemd-boot gained new hotkeys to reboot and power off the system
          from the boot menu ("B" and "O"). If the "auto-poweroff" and
          "auto-reboot" options in loader.conf are set these entries are also
          shown as menu items (which is useful on devices lacking a regular
          keyboard).

        * systemd-boot gained a new configuration value "menu-disabled" for the
          set-timeout option, to allow completely disabling the boot menu,
          including the hotkey.

        * systemd-boot will now measure the content of loader.conf in TPM2
          PCR 5.

        * systemd-stub will now concatenate the content of all kernel
          command-line addons before measuring them in TPM2 PCR 12, in a single
          measurement, instead of measuring them individually.

        * systemd-stub will now measure and load Devicetree Blob addons, which
          are searched and loaded following the same model as the existing
          kernel command-line addons.

        * systemd-stub will now ignore unauthenticated kernel command line options
          passed from systemd-boot when running inside Confidential VMs with UEFI
          SecureBoot enabled.

        * systemd-stub will now load a Devicetree blob even if the firmware did
          not load any beforehand (e.g.: for ACPI systems).

        * ukify is no longer considered experimental, and now ships in /usr/bin/.

        * ukify gained a new verb inspect to describe the sections of a UKI and
          print the contents of the well-known sections.

        * ukify gained a new verb genkey to generate a set of key pairs for
          signing UKIs and their PCR data.

        * The 90-loaderentry kernel-install hook now supports installing device
          trees.

        * kernel-install now supports the --json=, --root=, --image=, and
          --image-policy= options for the inspect verb.

        * kernel-install now supports new list and add-all verbs. The former
          lists all installed kernel images (if those are available in
          /usr/lib/modules/). The latter will install all the kernels it can
          find to the ESP.

        systemd-repart:

        * A new option --copy-from= has been added that synthesizes partition
          definitions from the given image, which are then applied by the
          systemd-repart algorithm.

        * A new option --copy-source= has been added, which can be used to specify
          a directory to which CopyFiles= is considered relative to.

        * New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
          options have been added to make it easier to generate these types of
          DDIs, without having to provide repart.d definitions for them.

        * The dm-verity salt and UUID will now be derived from the specified
          seed value.

        * New VerityDataBlockSizeBytes= and VerityHashBlockSizeBytes= can now be
          configured in repart.d/ configuration files.

        * A new Subvolumes= setting is now supported in repart.d/ configuration
          files, to indicate which directories in the target partition should be
          btrfs subvolumes.

        * A new --tpm2-device-key= option can be used to lock a disk against a
          specific TPM2 public key. This matches the same switch the
          systemd-cryptenroll tool now supports (see above).

        Journal:

        * The journalctl --lines= parameter now accepts +N to show the oldest N
          entries instead of the newest.

        * journald now ensures that sealing happens once per epoch, and sets a
          new compatibility flag to distinguish old journal files that were
          created before this change, for backward compatibility.

        Device Management:

        * udev will now create symlinks to loopback block devices in the
          /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
          string field selected during allocation. The systemd-dissect tool and
          the util-linux losetup command now supports a complementing new switch
          --loop-ref= for selecting the string. This means a loopback block
          device may now be allocated under a caller-chosen reference and can
          subsequently be referenced without first having to look up the block
          device name the caller ended up with.

        * udev also creates symlinks to loopback block devices in the
          /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
          of the inode attached to the loopback block device. This means that
          attaching a file to a loopback device will implicitly make a handle
          available to be found via that file's inode information.

        * udevadm info gained support for JSON output via a new --json= flag, and
          for filtering output using the same mechanism that udevadm trigger
          already implements.

        * The predictable network interface naming logic is extended to include
          the SR-IOV-R "representor" information in network interface names.
          This feature was intended for v254, but even though the code was
          merged, the part that actually enabled the feature was forgotten.
          It is now enabled by default and is part of the new "v255" naming
          scheme.

        * A new hwdb/rules file has been added that sets the
          ID_NET_AUTO_LINK_LOCAL_ONLY=1 udev property on all network interfaces
          that should usually only be configured with link-local addressing
          (IPv4LL + IPv6LL), i.e. for PC-to-PC cables ("laplink") or
          Thunderbolt networking. systemd-networkd and NetworkManager (soon)
          will make use of this information to apply an appropriate network
          configuration by default.

        * The ID_NET_DRIVER property on network interfaces is now set
          relatively early in the udev rule set so that other rules may rely on
          its use. This is implemented in a new "net-driver" udev built-in.

        Network Management:

        * The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
          is now dropped, as it never worked, hence it should not be used by
          anyone.

        * The 'prefixstable' ipv6 address generation mode now considers the SSID
          when generating stable addresses, so that a different stable address
          is used when roaming between wireless networks. If you already use
          'prefixstable' addresses with wireless networks, the stable address
          will be changed by the update.

        * The DHCPv4 client gained a RapidCommit option, true by default, which
          enables RFC4039 Rapid Commit behavior to obtain a lease in a
          simplified 2-message exchange instead of the typical 4-message
          exchange, if also supported by the DHCP server.

        * The DHCPv4 client gained new InitialCongestionWindow= and
          InitialAdvertisedReceiveWindow= options for route configurations.

        * The DHCPv4 client gained a new RequestAddress= option that allows
          to send a preferred IP address in the initial DHCPDISCOVER message.

        * The DHCPv4 server and client gained support for IPv6-only mode
          (RFC8925).

        * The SendHostname= and Hostname= options are now available for the
          DHCPv6 client, independently of the DHCPv4= option, so that these
          configuration values can be set independently for each client.

        * The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
          including lease information.

        * The DHCPv6 client can now be configured to use a custom DUID type.

        * .network files gained a new IPv4ReversePathFilter= setting in the
          [Network] section, to control sysctl's rp_filter setting.

        * .network files gaiend a new HopLimit= setting in the [Route] section,
          to configure a per-route hop limit.

        * .network files gained a new TCPRetransmissionTimeoutSec= setting in
          the [Route] section, to configure a per-route TCP retransmission
          timeout.

        * A new directive NFTSet= provides a method for integrating network
          configuration into firewall rules with NFT sets. The benefit of using
          this setting is that static network configuration or dynamically
          obtained network addresses can be used in firewall rules with the
          indirection of NFT set types.

        * The [IPv6AcceptRA] section supports the following new options:
          UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.

        * The [IPv6SendRA] section supports the following new options:
          RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
          HomeAgentPreference=.

        * A new [IPv6PREF64Prefix] set of options, containing Prefix= and
          LifetimeSec=, has been introduced to append pref64 options in router
          advertisements (RFC8781).

        * The network generator now configures the interfaces with only
          link-local addressing if "ip=link-local" is specified on the kernel
          command line.

        * The prefix of the configuration files generated by the network
          generator from the kernel command line is now prefixed with '70-',
          to make them have higher precedence over the default configuration
          files.

        * Added a new -Ddefault-network=BOOL meson option, that causes more
          .network files to be installed as enabled by default. These configuration
          files will which match generic setups, e.g. 89-ethernet.network matches
          all Ethernet interfaces and enables both DHCPv4 and DHCPv6 clients.

        * If a ID_NET_MANAGED_BY= udev property is set on a network device and
          it is any other string than "io.systemd.Network" then networkd will
          not manage this device. This may be used to allow multiple network
          management services to run in parallel and assign ownership of
          specific devices explicitly. NetworkManager will soon implement a
          similar logic.

        systemctl:

        * systemctl is-failed now checks the system state if no unit is
          specified.

        * systemctl will now automatically soft-reboot if a new root file system
          is found under /run/nextroot/ when a reboot operation is invoked.

        Login management:

        * Wall messages now work even when utmp support is disabled, using
          systemd-logind to query the necessary information.

        * systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
          signal before shutdown/reboot/soft-reboot that includes additional
          information compared to the PrepareForShutdown signal. Currently the
          additional information is the type of operation that is about to be
          executed.

        Hibernation & Suspend:

        * The kernel and OS versions will no longer be checked on resume from
          hibernation.

        * Hibernation into swap files backed by btrfs are now
          supported. (Previously this was supported only for other file
          systems.)

        Other:

        * A new systemd-vmspawn tool has been added, that aims to provide for VMs
          the same interfaces and functionality that systemd-nspawn provides for
          containers. For now it supports QEMU as a backend, and exposes some of
          its options to the user. This component is experimental and its public
          interface is subject to change.

        * "systemd-analyze plot" has gained tooltips on each unit name with
          related-unit information in its svg output, such as Before=,
          Requires=, and similar properties.

        * A new varlinkctl tool has been added to allow interfacing with
          Varlink services, and introspection has been added to all such
          services. This component is experimental and its public interface is
          subject to change.

        * systemd-sysext and systemd-confext now expose a Varlink service
          at io.systemd.sysext.

        * portable services now accept confexts as extensions.

        * systemd-sysupdate now accepts directories in the MatchPattern= option.

        * systemd-run will now output the invocation ID of the launched
          transient unit and its peak memory usage.

        * systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
          and systemd-binfmt gained a new --tldr option that can be used instead
          of --cat-config to suppress uninteresting configuration lines, such as
          comments and whitespace.

        * resolvectl gained a new "show-server-state" command that shows
          current statistics of the resolver. This is backed by a new
          DumpStatistics() Varlink method provided by systemd-resolved.

        * systemd-timesyncd will now emit a D-Bus signal when the LinkNTPServers
          property changes.

        * vconsole now supports KEYMAP=@kernel for preserving the kernel keymap
          as-is.

        * seccomp now supports the LoongArch64 architecture.

        * seccomp may now be enabled for services running as a non-root User=
          without NoNewPrivileges=yes.

        * systemd-id128 now supports a new -P option to show only values. The
          combination of -P and --app options is also supported.

        * A new pam_systemd_loadkey.so PAM module is now available, which will
          automatically fetch the passphrase used by cryptsetup to unlock the
          root file system and set it as the PAM authtok. This enables, among
          other things, configuring auto-unlock of the GNOME Keyring / KDE
          Wallet when autologin is configured.

        * Many meson options now use the 'feature' type, which means they
          take enabled/disabled/auto as values.

        * A new meson option -Dconfigfiledir= can be used to change where
          configuration files with default values are installed to.

        * Options and verbs in man pages are now tagged with the version they
          were first introduced in.

        * A new component "systemd-storagetm" has been added, which exposes all
          local block devices as NVMe-TCP devices, fully automatically. It's
          hooked into a new target unit storage-target-mode.target that is
          suppsoed to be booted into via
          rd.systemd.unit=storage-target-mode.target on the kernel command
          line. This is intended to be used for installers and debugging to
          quickly get access to the local disk. It's inspired by MacOS "target
          disk mode". This component is experimental and its public interface is
          subject to change.

        * A new component "systemd-bsod" has been added, which can show logged
          error messages full screen, if they have a log level of LOG_EMERG log
          level. This component is experimental and its public interface is
          subject to change.

        * The systemd-dissect tool's --with command will now set the
          $SYSTEMD_DISSECT_DEVICE environment variable to the block device it
          operates on for the invoked process.

        * The systemd-mount tool gained a new --tmpfs switch for mounting a new
          'tmpfs' instance. This is useful since it does so via .mount units
          and thus can be executed remotely or in containers.

        * The various tools in systemd that take "verbs" (such as systemctl,
          loginctl, machinectl, …) now will suggest a close verb name in case
          the user specified an unrecognized one.

        * libsystemd now exports a new function sd_id128_get_app_specific()
          that generates "app-specific" 128bit IDs from any ID. It's similar to
          sd_id128_get_machine_app_specific() and
          sd_id128_get_boot_app_specific() but takes the ID to base calculation
          on as input. This new functionality is also exposed in the
          "systemd-id128" tool where you can now combine --app= with `show`.

        * All tools that parse timestamps now can also parse RFC3339 style
          timestamps that include the "T" and Z" characters.

        * New documentation has been added:

          https://systemd.io/FILE_DESCRIPTOR_STORE
          https://systemd.io/TPM2_PCR_MEASUREMENTS
          https://systemd.io/MOUNT_REQUIREMENTS

        * The codebase now recognizes the suffix .confext.raw and .sysext.raw
          as alternative to the .raw suffix generally accepted for DDIs. It is
          recommended to name configuration extensions and system extensions
          with such suffixes, to indicate their purpose in the name.

        * The sd-device API gained a new function
          sd_device_enumerator_add_match_property_required() which allows
          configuring matches on properties that are strictly required. This is
          different from the existing sd_device_enumerator_add_match_property()
          matches of which one needs to apply.

        * The MAC address the veth side of an nspawn container shall get
          assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
          environment variable.

        * The libiptc dependency is now implemented via dlopen(), so that tools
          such as networkd and nspawn no longer have a hard dependency on the
          shared library when compiled with support for libiptc.

        * New rpm macros have been added: %systemd_user_daemon_reexec does
          daemon-reexec for all user managers, and %systemd_postun_with_reload
          and %systemd_user_postun_with_reload do a reload for system and user
          units on upgrades.

        * coredumpctl now propagates SIGTERM to the debugger process.

        Contributions from: 김인수, Abderrahim Kitouni, Adam Goldman,
        Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith,
        Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo,
        Anton Lundin, Arian van Putten, Arseny Maslennikov, Arthur Shau,
        Balázs Úr, beh_10257, Benjamin Peterson, Bertrand Jacquin,
        Brian Norris, Charles Lee, Cheng-Chia Tseng, Chris Patterson,
        Christian Hergert, Christian Hesse, Christian Kirbach,
        Clayton Craft, commondservice, cunshunxia, Curtis Klein, cvlc12,
        Daan De Meyer, Daniele Medri, Daniel P. Berrangé, Daniel Rusek,
        Daniel Thompson, Dan Nicholson, Dan Streetman, David Rheinsberg,
        David Santamaría Rogado, David Tardon, dependabot[bot],
        Diego Viola, Dmitry V. Levin, Emanuele Giuseppe Esposito,
        Emil Renner Berthing, Emil Velikov, Etienne Dechamps, Fabian Vogt,
        felixdoerre, Felix Dörre, Florian Schmaus, Franck Bui,
        Frantisek Sumsal, G2-Games, Gioele Barabucci, Hugo Carvalho,
        huyubiao, Iago López Galeiras, IllusionMan1212, Jade Lovelace,
        janana, Jan Janssen, Jan Kuparinen, Jan Macku, Jeremy Fleischman,
        Jin Liu, jjimbo137, Joerg Behrmann, Johannes Segitz, Jordan Rome,
        Jordan Williams, Julien Malka, Juno Computers, Khem Raj, khm,
        Kingbom Dou, Kiran Vemula, Krzesimir Nowak, Laszlo Gombos,
        Lennart Poettering, linuxlion, Luca Boccassi, Lucas Adriano Salles,
        Lukas, Lukáš Nykrýn, Maanya Goenka, Maarten, Malte Poll,
        Marc Pervaz Boocha, Martin Beneš, Martin Joerg, Martin Wilck,
        Mathieu Tortuyaux, Matthias Schiffer, Maxim Mikityanskiy,
        Max Kellermann, Michael A Cassaniti, Michael Biebl, Michael Kuhn,
        Michael Vasseur, Michal Koutný, Michal Sekletár, Mike Yuan,
        Milton D. Miller II, mordner, msizanoen, NAHO, Nandakumar Raghavan,
        Neil Wilson, Nick Rosbrook, Nils K, NRK, Oğuz Ersen,
        Omojola Joshua, onenowy, Paul Meyer, Paymon MARANDI, pelaufer,
        Peter Hutterer, PhylLu, Pierre GRASSER, Piotr Drąg, Priit Laes,
        Rahil Bhimjiani, Raito Bezarius, Raul Cheleguini, Reto Schneider,
        Richard Maw, Robby Red, RoepLuke, Roland Hieber, Roland Singer,
        Ronan Pigott, Sam James, Sam Leonard, Sergey A, Susant Sahani,
        Sven Joachim, Tad Fisher, Takashi Sakamoto, Thorsten Kukuk, Tj,
        Tomasz Świątek, Topi Miettinen, Valentin David,
        Valentin Lefebvre, Victor Westerhuis, Vincent Haupert,
        Vishal Chillara Srinivas, Vito Caputo, Warren, Weblate,
        Xiaotian Wu, xinpeng wang, Yaron Shahrabani, Yo-Jung Lin,
        Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zeroskyx,
        Дамјан Георгиевски, наб

        — Edinburgh, 2023-12-06

CHANGES WITH 254:

        Announcements of Future Feature Removals and Incompatible Changes:

        * The next release (v255) will remove support for split-usr (/usr/
          mounted separately during late boot, instead of being mounted by the
          initrd before switching to the rootfs) and unmerged-usr (parallel
          directories /bin/ and /usr/bin/, /lib/ and /usr/lib/, …). For more
          details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

        * We intend to remove cgroup v1 support from a systemd release after
          the end of 2023. If you run services that make explicit use of
          cgroup v1 features (i.e. the "legacy hierarchy" with separate
          hierarchies for each controller), please implement compatibility with
          cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
          Most of Linux userspace has been ported over already.

        * Support for System V service scripts is now deprecated and will be
          removed in a future release. Please make sure to update your software
          *now* to include a native systemd unit file instead of a legacy
          System V script to retain compatibility with future systemd releases.

        * Support for the SystemdOptions EFI variable is deprecated.
          'bootctl systemd-efi-options' will emit a warning when used. It seems
          that this feature is little-used and it is better to use alternative
          approaches like credentials and confexts. The plan is to drop support
          altogether at a later point, but this might be revisited based on
          user feedback.

        * EnvironmentFile= now treats the line following a comment line
          trailing with escape as a non comment line. For details, see:
          https://github.com/systemd/systemd/issues/27975

        * PrivateNetwork=yes and NetworkNamespacePath= now imply
          PrivateMounts=yes unless PrivateMounts=no is explicitly specified.

        * Behaviour of sandboxing options for the per-user service manager
          units has changed. They now imply PrivateUsers=yes, which means user
          namespaces will be implicitly enabled when a sandboxing option is
          enabled in a user unit. Enabling user namespaces has the drawback
          that system users will no longer be visible (and processes/files will
          appear as owned by 'nobody') in the user unit.

          By definition a sandboxed user unit should run with reduced
          privileges, so impact should be small. This will remove a great
          source of confusion that has been reported by users over the years,
          due to how these options require an extra setting to be manually
          enabled when used in the per-user service manager, which is not
          needed in the system service manager. For more details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html

        * systemd-run's switch --expand-environment= which currently is disabled
          by default when combined with --scope, will be changed in a future
          release to be enabled by default.

        Security Relevant Changes:

        * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
          process capability to invoked session processes of regular users on
          local seats (as well as to systemd --user), unless configured
          otherwise via data from JSON user records, or via the PAM module's
          parameter list. This is useful in order allow desktop tools such as
          GNOME's Alarm Clock application to set a timer for
          CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
          per-user service unit file may thus use AmbientCapability= to pass
          the capability to invoked processes. Note that this capability is
          relatively narrow in focus (in particular compared to other process
          capabilities such as CAP_SYS_ADMIN) and we already — by default —
          permit more impactful operations such as system suspend to local
          users.

        Service Manager:

        * Memory limits that apply while the unit is activating are now
          supported. Previously IO and CPU settings were already supported via
          StartupCPUWeight= and similar. The same logic has been added for the
          various manager and unit memory settings (DefaultStartupMemoryLow=,
          StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
          StartupMemorySwapMax=, StartupMemoryZSwapMax=).

        * The service manager gained support for enqueuing POSIX signals to
          services that carry an additional integer value, exposing the
          sigqueue() system call. This is accessible via new D-Bus calls
          org.freedesktop.systemd1.Manager.QueueSignalUnit() and
          org.freedesktop.systemd1.Unit.QueueSignal(), as well as in systemctl
          via the new --kill-value= option.

        * systemctl gained a new "list-paths" verb, which shows all currently
          active .path units, similarly to how "systemctl list-timers" shows
          active timers, and "systemctl list-sockets" shows active sockets.

        * systemctl gained a new --when= switch which is honoured by the various
          forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
          scheduling these operations by time, similar in fashion to how this
          has been supported by SysV shutdown.

        * If MemoryDenyWriteExecute= is enabled for a service and the kernel
          supports the new PR_SET_MDWE prctl() call, it is used instead of the
          seccomp()-based system call filter to achieve the same effect.

        * A new set of kernel command line options is now understood:
          systemd.tty.term.<name>=, systemd.tty.rows.<name>=,
          systemd.tty.columns.<name>= allow configuring the TTY type and
          dimensions for the tty specified via <name>. When systemd invokes a
          service on a tty (via TTYName=) it will look for these and configure
          the TTY accordingly. This is particularly useful in VM environments
          to propagate host terminal settings into the appropriate TTYs of the
          guest.

        * A new RootEphemeral= setting is now understood in service units. It
          takes a boolean argument. If enabled for services that use RootImage=
          or RootDirectory= an ephemeral copy of the disk image or directory
          tree is made when the service is started. It is removed automatically
          when the service is stopped. That ephemeral copy is made using
          btrfs/xfs reflinks or btrfs snapshots, if available.

        * The service activation logic gained new settings RestartSteps= and
          RestartMaxDelaySec= which allow exponentially-growing restart
          intervals for Restart=.

        * The service activation logic gained a new setting RestartMode= which
          can be set to 'direct' to skip the inactive/failed states when
          restarting, so that dependent units are not notified until the service
          converges to a final (successful or failed) state. For example, this
          means that OnSuccess=/OnFailure= units will not be triggered until the
          service state has converged.

        * PID 1 will now automatically load the virtio_console kernel module
          during early initialization if running in a suitable VM. This is done
          so that early-boot logging can be written to the console if available.

        * Similarly, virtio-vsock support is loaded early in suitable VM
          environments. PID 1 will send sd_notify() notifications via AF_VSOCK
          to the VMM if configured, thus loading this early is beneficial.

        * A new verb "fdstore" has been added to systemd-analyze to show the
          current contents of the file descriptor store of a unit. This is
          backed by a new D-Bus call DumpUnitFileDescriptorStore() provided by
          the service manager.

        * The service manager will now set a new $FDSTORE environment variable
          when invoking processes for services that have the file descriptor
          store enabled.

        * A new service option FileDescriptorStorePreserve= has been added that
          allows tuning the lifecycle of the per-service file descriptor store.
          If set to "yes", the entries in the fd store are retained even after
          the service has been fully stopped.

        * The "systemctl clean" command may now be used to clear the fdstore of
          a service.

        * Unit *.preset files gained a new directive "ignore", in addition to
          the existing "enable" and "disable". As the name suggests, matching
          units are left unchanged, i.e. neither enabled nor disabled.

        * Service units gained a new setting DelegateSubgroup=. It takes the
          name of a sub-cgroup to place any processes the service manager forks
          off in. Previously, the service manager would place all service
          processes directly in the top-level cgroup it created for the
          service. This usually meant that main process in a service with
          delegation enabled would first have to create a subgroup and move
          itself down into it, in order to not conflict with the "no processes
          in inner cgroups" rule of cgroup v2. With this option, this step is
          now handled by PID 1.

        * The service manager will now look for .upholds/ directories,
          similarly to the existing support for .wants/ and .requires/
          directories. Symlinks in this directory result in Upholds=
          dependencies.

          The [Install] section of unit files gained support for a new
          UpheldBy= directive to generate .upholds/ symlinks automatically when
          a unit is enabled.

        * The service manager now supports a new kernel command line option
          systemd.default_device_timeout_sec=, which may be used to override
          the default timeout for .device units.

        * A new "soft-reboot" mechanism has been added to the service manager.
          A "soft reboot" is similar to a regular reboot, except that it
          affects userspace only: the service manager shuts down any running
          services and other units, then optionally switches into a new root
          file system (mounted to /run/nextroot/), and then passes control to a
          systemd instance in the new file system which then starts the system
          up again. The kernel is not rebooted and neither is the hardware,
          firmware or boot loader. This provides a fast, lightweight mechanism
          to quickly reset or update userspace, without the latency that a full
          system reset involves. Moreover, open file descriptors may be passed
          across the soft reboot into the new system where they will be passed
          back to the originating services. This allows pinning resources
          across the reboot, thus minimizing grey-out time further. This new
          reboot mechanism is accessible via the new "systemctl soft-reboot"
          command.

        * Services using RootDirectory= or RootImage= will now have read-only
          access to a copy of the host's os-release file under
          /run/host/os-release, which will be kept up-to-date on 'soft-reboot'.
          This was already the case for Portable Services, and the feature has
          now been extended to all services that do not run off the host's
          root filesystem.

        * A new service setting MemoryKSM= has been added to enable kernel
          same-page merging individually for services.

        * A new service setting ImportCredentials= has been added that augments
          LoadCredential= and LoadCredentialEncrypted= and searches for
          credentials to import from the system, and supports globbing.

        * A new job mode "restart-dependencies" has been added to the service
          manager (exposed via systemctl --job-mode=). It is only valid when
          used with "start" jobs, and has the effect that the "start" job will
          be propagated as "restart" jobs to currently running units that have
          a BindsTo= or Requires= dependency on the started unit.

        * A new verb "whoami" has been added to "systemctl" which determines as
          part of which unit the command is being invoked. It writes the unit
          name to standard output. If one or more PIDs are specified reports
          the unit names the processes referenced by the PIDs belong to.

        * The system and service credential logic has been improved: there's
          now a clearly defined place where system provisioning tools running
          in the initrd can place credentials that will be imported into the
          system's set of credentials during the initrd → host transition: the
          /run/credentials/@initrd/ directory. Once the credentials placed
          there are imported into the system credential set they are deleted
          from this directory, and the directory itself is deleted afterwards
          too.

        * A new kernel command line option systemd.set_credential_binary= has
          been added, that is similar to the pre-existing
          systemd.set_credential= but accepts arbitrary binary credential data,
          encoded in Base64. Note that the kernel command line is not a
          recommend way to transfer credentials into a system, since it is
          world-readable from userspace.

        * The default machine ID to use may now be configured via the
          system.machine_id system credential. It will only be used if no
          machine ID was set yet on the host.

        * On Linux kernel 6.4 and newer system and service credentials will now
          be placed in a tmpfs instance that has the "noswap" mount option
          set. Previously, a "ramfs" instance was used. By switching to tmpfs
          ACL support and overall size limits can now be enforced, without
          compromising on security, as the memory is never paged out either
          way.

        * The service manager now can detect when it is running in a
          'Confidential Virtual Machine', and a corresponding 'cvm' value is now
          accepted by ConditionSecurity= for units that want to conditionalize
          themselves on this. systemd-detect-virt gained new 'cvm' and
          '--list-cvm' switches to respectively perform the detection or list
          all known flavours of confidential VM, depending on the vendor. The
          manager will publish a 'ConfidentialVirtualization' D-Bus property,
          and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
          variable for unit generators. Finally, udev rules can match on a new
          'cvm' key that will be set when in a confidential VM.
          Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
          strings and QEMU's fw_cfg protocol will not be used to import
          credentials and kernel command line parameters by the system manager,
          systemd-boot and systemd-stub, because the hypervisor is considered
          untrusted in this particular setting.

        Journal:

        * The sd-journal API gained a new call sd_journal_get_seqnum() to
          retrieve the current log record's sequence number and sequence number
          ID, which allows applications to order records the same way as
          journal does internally. The sequence number is now also exported in
          the JSON and "export" output of the journal.

        * journalctl gained a new switch --truncate-newline. If specified
          multi-line log records will be truncated at the first newline,
          i.e. only the first line of each log message will be shown.

        * systemd-journal-upload gained support for --namespace=, similar to
          the switch of the same name of journalctl.

        systemd-repart:

        * systemd-repart's drop-in files gained a new ExcludeFiles= option which
          may be used to exclude certain files from the effect of CopyFiles=.

        * systemd-repart's Verity support now implements the Minimize= setting
          to minimize the size of the resulting partition.

        * systemd-repart gained a new --offline= switch, which may be used to
          control whether images shall be built "online" or "offline",
          i.e. whether to make use of kernel facilities such as loopback block
          devices and device mapper or not.

        * If systemd-repart is told to populate a newly created ESP or XBOOTLDR
          partition with some files, it will now default to VFAT rather than
          ext4.

        * systemd-repart gained a new --architecture= switch. If specified, the
          per-architecture GPT partition types (i.e. the root and /usr/
          partitions) configured in the partition drop-in files are
          automatically adjusted to match the specified CPU architecture, in
          order to simplify cross-architecture DDI building.

        * systemd-repart will now default to a minimum size of 300MB for XFS
          filesystems if no size parameter is specified. This matches what the
          XFS tools (xfsprogs) can support.

        systemd-boot, systemd-stub, ukify, bootctl, kernel-install:

        * gnu-efi is no longer required to build systemd-boot and systemd-stub.
          Instead, pyelftools is now needed, and it will be used to perform the
          ELF -> PE relocations at build time.

        * bootctl gained a new switch --print-root-device/-R that prints the
          block device the root file system is backed by. If specified twice,
          it returns the whole disk block device (as opposed to partition block
          device) the root file system is on. It's useful for invocations such
          as "cfdisk $(bootctl -RR)" to quickly show the partition table of the
          running OS.

        * systemd-stub will now look for the SMBIOS Type 1 field
          "io.systemd.stub.kernel-cmdline-extra" and append its value to the
          kernel command line it invokes. This is useful for VMMs such as qemu
          to pass additional kernel command lines into the system even when
          booting via full UEFI. The contents of the field are measured into
          TPM PCR 12.

        * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
          value "auto". With this value, a kernel will be automatically
          analyzed, and if it qualifies as UKI, it will be installed as if the
          setting was to set to "uki", otherwise as "bls".

        * systemd-stub can now optionally load UEFI PE "add-on" images that may
          contain additional kernel command line information. These "add-ons"
          superficially look like a regular UEFI executable, and are expected
          to be signed via SecureBoot/shim. However, they do not actually
          contain code, but instead a subset of the PE sections that UKIs
          support. They are supposed to provide a way to extend UKIs with
          additional resources in a secure and authenticated way. Currently,
          only the .cmdline PE section may be used in add-ons, in which case
          any specified string is appended to the command line embedded into
          the UKI itself. A new 'addon<EFI-ARCH>.efi.stub' is now provided that
          can be used to trivially create addons, via 'ukify' or 'objcopy'. In
          the future we expect other sections to be made extensible like this as
          well.

        * ukify has been updated to allow building these UEFI PE "add-on"
          images, using the new 'addon<EFI-ARCH>.efi.stub'.

        * ukify now accepts SBAT information to place in the .sbat PE section
          of UKIs and addons. If a UKI is built the SBAT information from the
          inner kernel is merged with any SBAT information associated with
          systemd-stub and the SBAT data specified on the ukify command line.

        * The kernel-install script has been rewritten in C, and reuses much of
          the infrastructure of existing tools such as bootctl. It also gained
          --esp-path= and --boot-path= options to override the path to the ESP,
          and the $BOOT partition. Options --make-entry-directory= and
          --entry-token= have been added as well, similar to bootctl's options
          of the same name.

        * A new kernel-install plugin 60-ukify has been added which will
          combine kernel/initrd locally into a UKI and optionally sign them
          with a local key. This may be used to switch to UKI mode even on
          systems where a local kernel or initrd is used. (Typically UKIs are
          built and signed by the vendor.)

        * The ukify tool now supports "pesign" in addition to the pre-existing
          "sbsign" for signing UKIs.

        * systemd-measure and systemd-stub now look for the .uname PE section
          that should contain the kernel's "uname -r" string.

        * systemd-measure and ukify now calculate expected PCR hashes for a UKI
          "offline", i.e. without access to a TPM (physical or
          software-emulated).

        Memory Pressure & Control:

        * The sd-event API gained new calls sd_event_add_memory_pressure(),
          sd_event_source_set_memory_pressure_type(),
          sd_event_source_set_memory_pressure_period() to create and configure
          an event source that is called whenever the OS signals memory
          pressure. Another call sd_event_trim_memory() is provided that
          compacts the process' memory use by releasing allocated but unused
          malloc() memory back to the kernel. Services can also provide their
          own custom callback to do memory trimming. This should improve system
          behaviour under memory pressure, as on Linux traditionally provided
          no mechanism to return process memory back to the kernel if the
          kernel was under memory pressure. This makes use of the kernel's PSI
          interface. Most long-running services in systemd have been hooked up
          with this, and in particular systems with low memory should benefit
          from this.

        * Service units gained new settings MemoryPressureWatch= and
          MemoryPressureThresholdSec= to configure the PSI memory pressure
          logic individually. If these options are used, the
          $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
          variables will be set for the invoked processes to inform them about
          the requested memory pressure behaviour. (This is used by the
          aforementioned sd-events API additions, if set.)

        * systemd-analyze gained a new "malloc" verb that shows the output
          generated by glibc's malloc_info() on services that support it. Right
          now, only the service manager has been updated accordingly. This
          call requires privileges.

        User & Session Management:

        * The sd-login API gained a new call sd_session_get_username() to
          return the user name of the owner of a login session. It also gained
          a new call sd_session_get_start_time() to retrieve the time the login
          session started. A new call sd_session_get_leader() has been added to
          return the PID of the "leader" process of a session. A new call
          sd_uid_get_login_time() returns the time since the specified user has
          most recently been continuously logged in with at least one session.

        * JSON user records gained a new set of fields capabilityAmbientSet and
          capabilityBoundingSet which contain a list of POSIX capabilities to
          set for the logged in users in the ambient and bounding sets,
          respectively. homectl gained the ability to configure these two sets
          for users via --capability-bounding-set=/--capability-ambient-set=.

        * pam_systemd learnt two new module options
          default-capability-bounding-set= and default-capability-ambient-set=,
          which configure the default bounding sets for users as they are
          logging in, if the JSON user record doesn't specify this explicitly
          (see above). The built-in default for the ambient set now contains
          the CAP_WAKE_ALARM, thus allowing regular users who may log in
          locally to resume from a system suspend via a timer.

        * The Session D-Bus objects systemd-logind gained a new SetTTY() method
          call to update the TTY of a session after it has been allocated. This
          is useful for SSH sessions which are typically allocated first, and
          for which a TTY is added later.

        * The sd-login API gained a new call sd_pid_notifyf_with_fds() which
          combines the various other sd_pid_notify() flavours into one: takes a
          format string, an overriding PID, and a set of file descriptors to
          send. It also gained a new call sd_pid_notify_barrier() call which is
          equivalent to sd_notify_barrier() but allows the originating PID to
          be specified.

        * "loginctl list-users" and "loginctl list-sessions" will now show the
          state of each logged in user/session in their tabular output. It will
          also show the current idle state of sessions.

        DDIs:

        * systemd-dissect will now show the intended CPU architecture of an
          inspected DDI.

        * systemd-dissect will now install itself as mount helper for the "ddi"
          pseudo-file system type. This means you may now mount DDIs directly
          via /bin/mount or /etc/fstab, making full use of embedded Verity
          information and all other DDI features.

          Example: mount -t ddi myimage.raw /some/where

        * The systemd-dissect tool gained the new switches --attach/--detach to
          attach/detach a DDI to a loopback block device without mounting it.
          It will automatically derive the right sector size from the image
          and set up Verity and similar, but not mount the file systems in it.

        * When systemd-gpt-auto-generator or the DDI mounting logic mount an
          ESP or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
          implied. Given that these file systems are typically untrusted, this
          should make mounting them automatically have less of a security
          impact.

        * All tools that parse DDIs (such as systemd-nspawn, systemd-dissect,
          systemd-tmpfiles, …) now understand a new switch --image-policy= which
          takes a string encoding image dissection policy. With this mechanism
          automatic discovery and use of specific partition types and the
          cryptographic requirements on the partitions (Verity, LUKS, …) can be
          restricted, permitting better control of the exposed attack surfaces
          when mounting disk images. systemd-gpt-auto-generator will honour such
          an image policy too, configurable via the systemd.image_policy= kernel
          command line option. Unit files gained the RootImagePolicy=,
          MountImagePolicy= and ExtensionImagePolicy= to configure the same for
          disk images a service runs off.

        * systemd-analyze gained a new verb "image-policy" to validate and
          parse image policy strings.

        * systemd-dissect gained support for a new --validate switch to
          superficially validate DDI structure, and check whether a specific
          image policy allows the DDI.

        * systemd-dissect gained support for a new --mtree-hash switch to
          optionally disable calculating mtree hashes, which can be slow on
          large images.

        * systemd-dissect --copy-to, --copy-from, --list and --mtree switches
          are now able to operate on directories too, other than images.

        Network Management:

        * networkd's GENEVE support as gained a new .network option
          InheritInnerProtocol=.

        * The [Tunnel] section in .netdev files has gained a new setting
          IgnoreDontFragment for controlling the IPv4 "DF" flag of datagrams.

        * A new global IPv6PrivacyExtensions= setting has been added that
          selects the default value of the per-network setting of the same
          name.

        * The predictable network interface naming logic was extended to
          include SR-IOV-R "representor" information in network interface
          names. Unfortunately, this feature was not enabled by default and can
          only be enabled at compilation time by setting
          -Ddefault-net-naming-scheme=v254.

        * The DHCPv4 + DHCPv6 + IPv6 RA logic in networkd gained support for
          the RFC8910 captive portal option.

        Device Management:

        * udevadm gained the new "verify" verb for validating udev rules files
          offline.

        * udev gained a new tool "iocost" that can be used to configure QoS IO
          cost data based on hwdb information onto suitable block devices. Also
          see https://github.com/iocost-benchmark/iocost-benchmarks.

        TPM2 Support + Disk Encryption & Authentication:

        * systemd-cryptenroll/systemd-cryptsetup will now install a TPM2 SRK
          ("Storage Root Key") as first step in the TPM2, and then use that
          for binding FDE to, if TPM2 support is used. This matches
          recommendations of TCG (see
          https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf)

        * systemd-cryptenroll and other tools that take TPM2 PCR parameters now
          understand textual identifiers for these PCRs.

        * systemd-veritysetup + /etc/veritytab gained support for a series of
          new options: hash-offset=, superblock=, format=, data-block-size=,
          hash-block-size=, data-blocks=, salt=, uuid=, hash=, fec-device=,
          fec-offset=, fec-roots= to configure various aspects of a Verity
          volume.

        * systemd-cryptsetup + /etc/crypttab gained support for a new
          veracrypt-pim= option for setting the Personal Iteration Multiplier
          of veracrypt volumes.

        * systemd-integritysetup + /etc/integritytab gained support for a new
          mode= setting for controlling the dm-integrity mode (journal, bitmap,
          direct) for the volume.

        * systemd-analyze gained a new verb "pcrs" that shows the known TPM PCR
          registers, their symbolic names and current values.

        systemd-tmpfiles:

        * The ACL support in tmpfiles.d/ has been updated: if an uppercase "X"
          access right is specified this is equivalent to "x" but only if the
          inode in question already has the executable bit set for at least
          some user/group. Otherwise the "x" bit will be turned off.

        * tmpfiles.d/'s C line type now understands a new modifier "+": a line
          with C+ will result in a "merge" copy, i.e. all files of the source
          tree are copied into the target tree, even if that tree already
          exists, resulting in a combined tree of files already present in the
          target tree and those copied in.

        * systemd-tmpfiles gained a new --graceful switch. If specified lines
          with unknown users/groups will silently be skipped.

        systemd-notify:

        * systemd-notify gained two new options --fd= and --fdname= for sending
          arbitrary file descriptors to the service manager (while specifying an
          explicit name for it).

        * systemd-notify gained a new --exec switch, which makes it execute the
          specified command line after sending the requested messages. This is
          useful for sending out READY=1 first, and then continuing invocation
          without changing process ID, so that the tool can be nicely used
          within an ExecStart= line of a unit file that uses Type=notify.

        sd-event + sd-bus APIs:

        * The sd-event API gained a new call sd_event_source_leave_ratelimit()
          which may be used to explicitly end a rate-limit state an event
          source might be in, resetting all rate limiting counters.

        * When the sd-bus library is used to make connections to AF_UNIX D-Bus
          sockets, it will now encode the "description" set via
          sd_bus_set_description() into the source socket address. It will also
          look for this information when accepting a connection. This is useful
          to track individual D-Bus connections on a D-Bus broker for debug
          purposes.

        systemd-resolved:

        * systemd-resolved gained a new resolved.conf setting
          StateRetentionSec= which may be used to retain cached DNS records
          even after their nominal TTL, and use them in case upstream DNS
          servers cannot be reached. This can be used to make name resolution
          more resilient in case of network problems.

        * resolvectl gained a new verb "show-cache" to show the current cache
          contents of systemd-resolved. This verb communicates with the
          systemd-resolved daemon and requires privileges.

        Other:

        * Meson >= 0.60.0 is now required to build systemd.

        * The default keymap to apply may now be chosen at build-time via the
          new -Ddefault-keymap= meson option.

        * Most of systemd's long-running services now have a generic handler of
          the SIGRTMIN+18 signal handler which executes various operations
          depending on the sigqueue() parameter sent along. For example, values
          0x100…0x107 allow changing the maximum log level of such
          services. 0x200…0x203 allow changing the log target of such
          services. 0x300 make the services trim their memory similarly to the
          automatic PSI-triggered action, see above. 0x301 make the services
          output their malloc_info() data to the logs.

        * machinectl gained new "edit" and "cat" verbs for editing .nspawn
          files, inspired by systemctl's verbs of the same name which edit unit
          files. Similarly, networkctl gained the same verbs for editing
          .network, .netdev, .link files.

        * A new syscall filter group "@sandbox" has been added that contains
          syscalls for sandboxing system calls such as those for seccomp and
          Landlock.

        * New documentation has been added:

          https://systemd.io/COREDUMP
          https://systemd.io/MEMORY_PRESSURE
          smbios-type-11(7)

        * systemd-firstboot gained a new --reset option. If specified, the
          settings in /etc/ it knows how to initialize are reset.

        * systemd-sysext is now a multi-call binary and is also installed under
          the systemd-confext alias name (via a symlink). When invoked that way
          it will operate on /etc/ instead of /usr/ + /opt/. It thus becomes a
          powerful, atomic, secure configuration management of sorts, that
          locally can merge configuration from multiple confext configuration
          images into a single immutable tree.

        * The --network-macvlan=, --network-ipvlan=, --network-interface=
          switches of systemd-nspawn may now optionally take the intended
          network interface inside the container.

        * All our programs will now send an sd_notify() message with their exit
          status in the EXIT_STATUS= field when exiting, using the usual
          protocol, including PID 1. This is useful for VMMs and container
          managers to collect an exit status from a system as it shuts down, as
          set via "systemctl exit …". This is particularly useful in test cases
          and similar, as invocations via a VM can now nicely propagate an exit
          status to the host, similar to local processes.

        * systemd-run gained a new switch --expand-environment=no to disable
          server-side environment variable expansion in specified command
          lines. Expansion defaults to enabled for all execution types except
          --scope, where it defaults to off (and prints a warning) for backward
          compatibility reasons. --scope will be flipped to enabled by default
          too in a future release. If you are using --scope and passing a '$'
          character in the payload you should start explicitly using
          --expand-environment=yes/no according to the use case.

        * The systemd-system-update-generator has been updated to also look for
          the special flag file /etc/system-update in addition to the existing
          support for /system-update to decide whether to enter system update
          mode.

        * The /dev/hugepages/ file system is now mounted with nosuid + nodev
          mount options by default.

        * systemd-fstab-generator now understands two new kernel command line
          options systemd.mount-extra= and systemd.swap-extra=, which configure
          additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
          will be ran on these block devices, like it already happens for
          'root='. It also now supports the new fstab.extra and
          fstab.extra.initrd credentials that may contain additional /etc/fstab
          lines to apply at boot.

        * systemd-getty-generator now understands two new credentials
          getty.ttys.container and getty.ttys.serial. These credentials may
          contain a list of TTY devices – one per line – to instantiate
          container-getty@.service and serial-getty@.service on.

        * The getty/serial-getty/container-getty units now import the 'agetty.*'
          and 'login.*' credentials, which are consumed by the 'login' and
          'agetty' programs starting from util-linux v2.40.

        * systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
          PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
          which case the Path= setting is taken relative to the ESP or XBOOTLDR
          partitions, rather than the system's root directory /. The relevant
          directories are automatically discovered.

        * The systemd-ac-power tool gained a new switch --low, which reports
          whether the battery charge is considered "low", similar to how the
          s2h suspend logic checks this state to decide whether to enter system
          suspend or hibernation.

        * The /etc/os-release file can now have two new optional fields
          VENDOR_NAME= and VENDOR_URL= to carry information about the vendor of
          the OS.

        * When the system hibernates, information about the device and offset
          used is now written to a non-volatile EFI variable. On next boot the
          system will attempt to resume from the location indicated in this EFI
          variable. This should make hibernation a lot more robust, while
          requiring no manual configuration of the resume location.

        * The $XDG_STATE_HOME environment variable (added in more recent
          versions of the XDG basedir specification) is now honoured to
          implement the StateDirectory= setting in user services.

        * A new component "systemd-battery-check" has been added. It may run
          during early boot (usually in the initrd), and checks the battery
          charge level of the system. In case the charge level is very low the
          user is notified (graphically via Plymouth – if available – as well
          as in text form on the console), and the system is turned off after a
          10s delay. The feature can be disabled by passing
          systemd.battery_check=0 through the kernel command line.

        * The 'passwdqc' library is now supported as an alternative to the
          'pwquality' library and can be selected at build time.

        Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
        Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
        Andrei Stepanov, Andrew Baxter, Antonio Alvarez Feijoo,
        Arian van Putten, Arthur Shau, A S Alam,
        Asier Sarasua Garmendia, Balló György, Bastien Nocera,
        Benjamin Herrenschmidt, Benjamin Raison, Bill Peterson,
        Brad Fitzpatrick, Brett Holman, bri, Chen Qi, Chitoku,
        Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
        Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
        cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
        Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
        David Schroeder, David Tardon, dependabot[bot],
        Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
        Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
        Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
        Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
        François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
        Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
        Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
        Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
        Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
        Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
        jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
        Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
        Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
        Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
        Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
        maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
        Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
        Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
        Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
        Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
        Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
        Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
        Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
        Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
        saikat0511, Samanta Navarro, Sam James, Sam Morris,
        Simon Braunschmidt, Sjoerd Simons, Sorah Fukumori,
        Stanislaw Gruszka, Stefan Roesch, Steven Luo, Steve Ramage,
        Susant Sahani, taniishkaaa, Tanishka, Temuri Doghonadze,
        Thierry Martin, Thomas Blume, Thomas Genty, Thomas Weißschuh,
        Thorsten Kukuk, Times-Z, Tobias Powalowski, tofylion,
        Topi Miettinen, Uwe Kleine-König, Velislav Ivanov,
        Vitaly Kuznetsov, Vít Zikmund, Weblate, Will Fancher,
        William Roberts, Winterhuman, Wolfgang Müller, Xeonacid,
        Xiaotian Wu, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Yuxiang Zhu,
        Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
        Дамјан Георгиевски, наб

        — Edinburgh, 2023-07-28

CHANGES WITH 253:

        Announcements of Future Feature Removals and Incompatible Changes:

        * We intend to remove cgroup v1 support from systemd release after the
          end of 2023. If you run services that make explicit use of cgroup v1
          features (i.e. the "legacy hierarchy" with separate hierarchies for
          each controller), please implement compatibility with cgroup v2 (i.e.
          the "unified hierarchy") sooner rather than later. Most of Linux
          userspace has been ported over already.

        * We intend to remove support for split-usr (/usr mounted separately
          during boot) and unmerged-usr (parallel directories /bin and
          /usr/bin, /lib and /usr/lib, etc). This will happen in the second
          half of 2023, in the first release that falls into that time window.
          For more details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

        * We intend to change behaviour w.r.t. units of the per-user service
          manager and sandboxing options, so that they work without having to
          manually enable PrivateUsers= as well, which is not required for
          system units. To make this work, we will implicitly enable user
          namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
          user unit. The drawback is that system users will no longer be visible
          (and appear as 'nobody') to the user unit when a sandboxing option is
          enabled. By definition a sandboxed user unit should run with reduced
          privileges, so impact should be small. This will remove a great source
          of confusion that has been reported by users over the years, due to
          how these options require an extra setting to be manually enabled when
          used in the per-user service manager, as opposed as to the system
          service manager. We plan to enable this change in the next release
          later this year. For more details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html

        Deprecations and incompatible changes:

        * systemctl will now warn when invoked without /proc/ mounted
          (e.g. when invoked after chroot() into an directory tree without the
          API mount points like /proc/ being set up.)  Operation in such an
          environment is not fully supported.

        * The return value of 'systemctl is-active|is-enabled|is-failed' for
          unknown units is changed: previously 1 or 3 were returned, but now 4
          (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.

        * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
          systemd-hwdb (added in 2014) should be used instead.

        * 'bootctl --json' now outputs a single JSON array, instead of a stream
          of newline-separated JSON objects.

        * Udev rules in 60-evdev.rules have been changed to load hwdb
          properties for all modalias patterns. Previously only the first
          matching pattern was used. This could change what properties are
          assigned if the user has more and less specific patterns that could
          match the same device, but it is expected that the change will have
          no effect for most users.

        * systemd-networkd-wait-online exits successfully when all interfaces
          are ready or unmanaged. Previously, if neither '--any' nor
          '--interface=' options were used, at least one interface had to be in
          configured state. This change allows the case where systemd-networkd
          is enabled, but no interfaces are configured, to be handled
          gracefully. It may occur in particular when a different network
          manager is also enabled and used.

        * Some compatibility helpers were dropped: EmergencyAction= in the user
          manager, as well as measuring kernel command line into PCR 8 in
          systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
          option.

        * The '-Dupdate-helper-user-timeout=' build-time option has been
          renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
          integer as parameter instead of a string.

        * The DDI image dissection logic (which backs RootImage= in service
          unit files, the --image= switch in various tools such as
          systemd-nspawn, as well as systemd-dissect) will now only mount file
          systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
          can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
          variable. These file systems are fairly well supported and maintained
          in current kernels, while others are usually more niche, exotic or
          legacy and thus typically do not receive the same level of security
          support and fixes.

        * The default per-link multicast DNS mode is changed to "yes"
          (that was previously "no"). As the default global multicast DNS mode
          has been "yes" (but can be changed by the build option), now the
          multicast DNS is enabled on all links by default. You can disable the
          multicast DNS on all links by setting MulticastDNS= in resolved.conf,
          or on an interface by calling "resolvectl mdns INTERFACE no".

        New components:

        * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
          (UKIs) has been added. This replaces functionality provided by
          'dracut --uefi' and extends it with automatic calculation of PE file
          offsets, insertion of signed PCR policies generated by
          systemd-measure, support for initrd concatenation, signing of the
          embedded Linux image and the combined image with sbsign, and
          heuristics to autodetect the kernel uname and verify the splash
          image.

        Changes in systemd and units:

        * A new service type Type=notify-reload is defined. When such a unit is
          reloaded a UNIX process signal (typically SIGHUP) is sent to the main
          service process. The manager will then wait until it receives a
          "RELOADING=1" followed by a "READY=1" notification from the unit as
          response (via sd_notify()). Otherwise, this type is the same as
          Type=notify. A new setting ReloadSignal= may be used to change the
          signal to send from the default of SIGHUP.

          user@.service, systemd-networkd.service, systemd-udevd.service, and
          systemd-logind have been updated to this type.

        * Initrd environments which are not on a pure memory file system (e.g.
          overlayfs combination as opposed to tmpfs) are now supported. With
          this change, during the initrd → host transition ("switch root")
          systemd will erase all files of the initrd only when the initrd is
          backed by a memory file system such as tmpfs.

        * New per-unit MemoryZSwapMax= option has been added to configure
          memory.zswap.max cgroup properties (the maximum amount of zswap
          used).

        * A new LogFilterPatterns= option has been added for units. It may be
          used to specify accept/deny regular expressions for log messages
          generated by the unit, that shall be enforced by systemd-journald.
          Rejected messages are neither stored in the journal nor forwarded.
          This option may be used to suppress noisy or uninteresting messages
          from units.

        * The manager has a new
          org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
          query process ownership via a PIDFD, which is more resilient against
          PID recycling issues.

        * Scope units now support OOMPolicy=. Login session scopes default to
          OOMPolicy=continue, allowing login scopes to survive the OOM killer
          terminating some processes in the scope.

        * systemd-fstab-generator now supports x-systemd.makefs option for
          /sysroot/ (in the initrd).

        * The maximum rate at which daemon reloads are executed can now be
          limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
          options. (Or the equivalent on the kernel command line:
          systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
          addition, systemd now logs the originating unit and PID when a reload
          request is received over D-Bus.

        * When enabling a swap device systemd will now reinitialize the device
          when the page size of the swap space does not match the page size of
          the running kernel. Note that this requires the 'swapon' utility to
          provide the '--fixpgsz' option, as implemented by util-linux, and it
          is not supported by busybox at the time of writing.

        * systemd now executes generator programs in a mount namespace
          "sandbox" with most of the file system read-only and write access
          restricted to the output directories, and with a temporary /tmp/
          mount provided. This provides a safeguard against programming errors
          in the generators, but also fixes here-docs in shells, which
          previously didn't work in early boot when /tmp/ wasn't available
          yet. (This feature has no security implications, because the code is
          still privileged and can trivially exit the sandbox.)

        * The system manager will now parse a new "vmm.notify_socket"
          system credential, which may be supplied to a VM via SMBIOS. If
          found, the manager will send a "READY=1" notification on the
          specified socket after boot is complete. This allows readiness
          notification to be sent from a VM guest to the VM host over a VSOCK
          socket.

        * The sample PAM configuration file for systemd-user@.service now
          includes a call to pam_namespace. This puts children of user@.service
          in the expected namespace. (Many distributions replace their file
          with something custom, so this change has limited effect.)

        * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
          can be used to override the mount units burst late limit for
          parsing '/proc/self/mountinfo', which was introduced in v249.
          Defaults to 5.

        * Drop-ins for init.scope changing control group resource limits are
          now applied, while they were previously ignored.

        * New build-time configuration options '-Ddefault-timeout-sec=' and
          '-Ddefault-user-timeout-sec=' have been added, to let distributions
          choose the default timeout for starting/stopping/aborting system and
          user units respectively.

        * Service units gained a new setting OpenFile= which may be used to
          open arbitrary files in the file system (or connect to arbitrary
          AF_UNIX sockets in the file system), and pass the open file
          descriptor to the invoked process via the usual file descriptor
          passing protocol. This is useful to give unprivileged services access
          to select files which have restrictive access modes that would
          normally not allow this. It's also useful in case RootDirectory= or
          RootImage= is used to allow access to files from the host environment
          (which is after all not visible from the service if these two options
          are used.)

        Changes in udev:

        * The new net naming scheme "v253" has been introduced. In the new
          scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
          a PCI bus. This extends the coverage of predictable interface names
          in some embedded systems.

          The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
          a more informative path on some embedded systems.

        * Partition block devices will now also get symlinks in
          /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
          block device nodes via the kernel's "diskseq" value. Previously those
          symlinks were only created for the main block device.

        * A new operator '-=' is supported for SYMLINK variables. This allows
          symlinks to be unconfigured even if an earlier rule added them.

        * 'udevadm --trigger --settle' now also works for network devices
          that are being renamed.

        Changes in sd-boot, bootctl, and the Boot Loader Specification:

        * systemd-boot now passes its random seed directly to the kernel's RNG
          via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
          means the RNG gets seeded very early in boot before userspace has
          started.

        * systemd-boot will pass a disk-backed random seed – even when secure
          boot is enabled – if it can additionally get a random seed from EFI
          itself (via EFI's RNG protocol), or a prior seed in
          LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.

        * systemd-boot-system-token.service was renamed to
          systemd-boot-random-seed.service and extended to always save a random
          seed to ESP on every boot when a compatible boot loader is used. This
          allows a refreshed random seed to be used in the boot loader.

        * systemd-boot handles various seed inputs using a domain- and
          field-separated hashing scheme.

        * systemd-boot's 'random-seed-mode' option has been removed. A system
          token is now always required to be present for random seeds to be
          used.

        * systemd-boot now supports being loaded from other locations than the
          ESP, for example for direct kernel boot under QEMU or when embedded
          into the firmware.

        * systemd-boot now parses SMBIOS information to detect
          virtualization. This information is used to skip some warnings which
          are not useful in a VM and to conditionalize other aspects of
          behaviour.

        * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
          Secure Boot automated certificate enrollment from the ESP only if it
          is considered 'safe' to do so. At the moment 'safe' means running in
          a virtual machine.

        * systemd-stub now processes random seeds in the same way as
          systemd-boot already does, in case a unified kernel image is being
          used from a different bootloader than systemd-boot, or without any
          boot load at all.

        * bootctl will now generate a system token on all EFI systems, even
          virtualized ones, and is activated in the case that the system token
          is missing from either sd-boot and sd-stub booted systems.

        * bootctl now implements two new verbs: 'kernel-identify' prints the
          type of a kernel image file, and 'kernel-inspect' provides
          information about the embedded command line and kernel version of
          UKIs.

        * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
          as for kernel-install.

        * The JSON output of "bootctl list" will now contain two more fields:
          isDefault and isSelected are boolean fields set to true on the
          default and currently booted boot menu entries.

        * bootctl gained a new verb "unlink" for removing a boot loader entry
          type #1 file from disk in a safe and robust way.

        * bootctl also gained a new verb "cleanup" that automatically removes
          all files from the ESP's and XBOOTLDR's "entry-token" directory, that
          is not referenced anymore by any installed Type #1 boot loader
          specification entry. This is particularly useful in environments where
          a large number of entries reference the same or partly the same
          resources (for example, for snapshot-based setups).

        Changes in kernel-install:

        * A new "installation layout" can be configured as layout=uki. With
          this setting, a Boot Loader Specification Type#1 entry will not be
          created. Instead, a new kernel-install plugin 90-uki-copy.install
          will copy any .efi files from the staging area into the boot
          partition. A plugin to generate the UKI .efi file must be provided
          separately.

        Changes in systemctl:

        * 'systemctl reboot' has dropped support for accepting a positional
          argument as the argument to the reboot(2) syscall. Please use the
          --reboot-argument= option instead.

        * 'systemctl disable' will now warn when called on units without
          install information. A new --no-warn option has been added that
          silences this warning.

        * New option '--drop-in=' can be used to tell 'systemctl edit' the name
          of the drop-in to edit. (Previously, 'override.conf' was always
          used.)

        * 'systemctl list-dependencies' now respects --type= and --state=.

        * 'systemctl kexec' now supports XEN VMM environments.

        * 'systemctl edit' will now tell the invoked editor to jump into the
          first line with actual unit file data, skipping over synthesized
          comments.

        Changes in systemd-networkd and related tools:

        * The [DHCPv4] section in .network file gained new SocketPriority=
          setting that assigns the Linux socket priority used by the DHCPv4 raw
          socket. This may be used in conjunction with the
          EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
          desired ethernet 802.1Q frame priority for DHCPv4 initial
          packets. This cannot be achieved with netfilter mangle tables because
          of the raw socket bypass.

        * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
          new QuickAck= boolean setting that enables the TCP quick ACK mode for
          the routes configured by the acquired DHCPv4 lease or received router
          advertisements (RAs).

        * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
          routes) now accepts three values, for high, medium, and low preference
          of the router (which can be set with the RouterPreference=) setting.

        * systemd-networkd-wait-online now supports matching via alternative
          interface names.

        * The [DHCPv6] section in .network file gained new SendRelease=
          setting which enables the DHCPv6 client to send release when
          it stops. This is the analog of the [DHCPv4] SendRelease= setting.
          It is enabled by default.

        * If the Address= setting in [Network] or [Address] sections in .network
          specified without its prefix length, then now systemd-networkd assumes
          /32 for IPv4 or /128 for IPv6 addresses.

        * networkctl shows network and link file dropins in status output.

        Changes in systemd-dissect:

        * systemd-dissect gained a new option --list, to print the paths of
          all files and directories in a DDI.

        * systemd-dissect gained a new option --mtree, to generate a file
          manifest compatible with BSD mtree(5) of a DDI

        * systemd-dissect gained a new option --with, to execute a command with
          the specified DDI temporarily mounted and used as working
          directory. This is for example useful to convert a DDI to "tar"
          simply by running it within a "systemd-dissect --with" invocation.

        * systemd-dissect gained a new option --discover, to search for
          Discoverable Disk Images (DDIs) in well-known directories of the
          system. This will list machine, portable service and system extension
          disk images.

        * systemd-dissect now understands 2nd stage initrd images stored as a
          Discoverable Disk Image (DDI).

        * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
          disk UUID stored in the GPT header) among the other data it can show.

        * systemd-dissect gained a new --in-memory switch to operate on an
          in-memory copy of the specified DDI file. This is useful to access a
          DDI with write access without persisting any changes. It's also
          useful for accessing a DDI without keeping the originating file
          system busy.

        * The DDI dissection logic will now automatically detect the intended
          sector size of disk images stored in files, based on the GPT
          partition table arrangement. Loopback block devices for such DDIs
          will then be configured automatically for the right sector size. This
          is useful to make dealing with modern 4K sector size DDIs fully
          automatic. The systemd-dissect tool will now show the detected sector
          size among the other DDI information in its output.

        Changes in systemd-repart:

        * systemd-repart gained new options --include-partitions= and
          --exclude-partitions= to filter operation on partitions by type UUID.
          This allows systemd-repart to be used to build images in which the
          type of one partition is set based on the contents of another
          partition (for example when the boot partition shall include a verity
          hash of the root partition).

        * systemd-repart also gained a --defer-partitions= option that is
          similar to --exclude-partitions=, but the size of the partition is
          still taken into account when sizing partitions, but without
          populating it.

        * systemd-repart gained a new --sector-size= option to specify what
          sector size should be used when an image is created.

        * systemd-repart now supports generating erofs file systems via
          CopyFiles= (a read-only file system similar to squashfs).

        * The Minimize= option was extended to accept "best" (which means the
          most minimal image possible, but may require multiple attempts) and
          "guess" (which means a reasonably small image).

        * The systemd-growfs binary now comes with a regular unit file template
          systemd-growfs@.service which can be instantiated directly for any
          desired file system. (Previously, the unit was generated dynamically
          by various generators, but no regular unit file template was
          available.)

        Changes in journal tools:

        * Various systemd tools will append extra fields to log messages when
          in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
          this includes information about D-Bus messages when sd-bus is used,
          e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
          about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
          Details of what is logged and when are subject to change.

        * The systemd-journald-audit.socket can now be disabled via the usual
          "systemctl disable" mechanism to stop collection of audit
          messages. Please note that it is not enabled statically anymore and
          must be handled by the preset/enablement logic in package
          installation scripts.

        * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
          be used to curtail disk use by systemd-journal-remote. This is
          similar to the options supported by systemd-journald.

        Changes in systemd-cryptenroll, systemd-cryptsetup, and related
        components:

        * When enrolling new keys systemd-cryptenroll now supports unlocking
          via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
          password was strictly required to be specified.

        * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
          (except for tokens with user verification, UV) to identify tokens
          before authentication. Multiple FIDO2 tokens can now be enrolled at
          the same time, and systemd-cryptsetup will automatically select one
          that corresponds to one of the available LUKS key slots.

        * systemd-cryptsetup now supports new options tpm2-measure-bank= and
          tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
          bank and number into which the volume key should be measured. This is
          automatically enabled for the encrypted root volume discovered and
          activated by systemd-gpt-auto-generator.

        * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
          "noexec,nosuid,nodev".

        * systemd-gpt-auto-generator will now honour the rootfstype= and
          rootflags= kernel command line switches for root file systems it
          discovers, to match behaviour in case an explicit root fs is
          specified via root=.

        * systemd-pcrphase gained new options --machine-id and --file-system=
          to measure the machine-id and mount point information into PCR 15.
          New service unit files systemd-pcrmachine.service and
          systemd-pcrfs@.service have been added that invoke the tool with
          these switches during early boot.

        * systemd-pcrphase gained a --graceful switch will make it exit cleanly
          with a success exit code even if no TPM device is detected.

        * systemd-cryptenroll now stores the user-supplied PIN with a salt,
          making it harder to brute-force.

        Changes in other tools:

        * systemd-homed gained support for luksPbkdfForceIterations (the
          intended number of iterations for the PBKDF operation on LUKS).

        * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
          $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
          may now be used to specify additional arguments for mkfs when
          systemd-homed formats a file system.

        * systemd-hostnamed now exports the contents of
          /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
          new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
          unprivileged code to access those values.

          systemd-hostnamed also exports the SUPPORT_END= field from
          os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
          this to show the status of the installed system.

        * systemd-measure gained an --append= option to sign multiple phase
          paths with different signing keys. This allows secrets to be
          accessible only in certain parts of the boot sequence. Note that
          'ukify' provides similar functionality in a more accessible form.

        * systemd-timesyncd will now write a structured log message with
          MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
          on a on-disk timestamp, similarly to what it did when reaching
          synchronization via NTP.

        * systemd-timesyncd will now update the on-disk timestamp file on each
          boot at least once, making it more likely that the system time
          increases in subsequent boots.

        * systemd-vconsole-setup gained support for system/service credentials:
          vconsole.keymap/vconsole.keymap_toggle and
          vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
          the similarly-named options in vconsole.conf.

        * systemd-localed will now save the XKB keyboard configuration to
          /etc/vconsole.conf, and also read it from there with a higher
          preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
          file. Previously, this information was stored in the former file in
          converted form, and only in latter file in the original form. Tools
          which want to access keyboard configuration can now do so from a
          standard location.

        * systemd-resolved gained support for configuring the nameservers and
          search domains via kernel command line (nameserver=, domain=) and
          credentials (network.dns, network.search_domains).

        * systemd-resolved will now synthesize host names for the DNS stub
          addresses it supports. Specifically when "_localdnsstub" is resolved,
          127.0.0.53 is returned, and if "_localdnsproxy" is resolved
          127.0.0.54 is returned.

        * systemd-notify will now send a "RELOADING=1" notification when called
          with --reloading, and "STOPPING=1" when called with --stopping. This
          can be used to implement notifications from units where it's easier
          to call a program than to use the sd-daemon library.

        * systemd-analyze's 'plot' command can now output its information in
          JSON, controlled via the --json= switch. Also, new --table, and
          --no-legend options have been added.

        * 'machinectl enable' will now automatically enable machines.target
          unit in addition to adding the machine unit to the target.

          Similarly, 'machinectl start|stop' gained a --now option to enable or
          disable the machine unit when starting or stopping it.

        * systemd-sysusers will now create /etc/ if it is missing.

        * systemd-sleep 'HibernateDelaySec=' setting is changed back to
          pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
          added to provide the new initial value for the new automated battery
          estimation functionality. If 'HibernateDelaySec=' is set to any value,
          the automated estimate (and thus the automated hibernation on low
          battery to avoid data loss) functionality will be disabled.

        * Default tmpfiles.d/ configuration will now automatically create
          credentials storage directory '/etc/credstore/' with the appropriate,
          secure permissions. If '/run/credstore/' exists, its permissions will
          be fixed too in case they are not correct.

        Changes in libsystemd and shared code:

        * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
          sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().

        * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
          128-bit ID in files such as /etc/machine-id has an invalid
          format. They also accept NULL as output parameter in more places,
          which is useful when the caller only wants to validate the inputs and
          does not need the output value.

        * sd-login gained new functions sd_pidfd_get_session(),
          sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
          sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
          sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
          sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
          but accept a PIDFD instead of a PID.

        * sd-path (and systemd-path) now export four new paths:
          SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
          SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
          SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
          SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,

        * sd_notify() now supports AF_VSOCK as transport for notification
          messages (in addition to the existing AF_UNIX support). This is
          enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.

        * Detection of chroot() environments now works if /proc/ is not
          mounted. This affects systemd-detect-virt --chroot, but also means
          that systemd tools will silently skip various operations in such an
          environment.

        * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
          virtualization is now detected.

        Changes in the build system:

        * Standalone variants of systemd-repart and systemd-shutdown may now be
          built (if -Dstandalone=true).

        * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
          example, allow scripts to conditionalize execution on AC power
          supply.

        * The libp11kit library is now loaded through dlopen(3).

        Changes in the documentation:

        * Specifications that are not closely tied to systemd have moved to
          https://uapi-group.org/specifications/: the Boot Loader Specification
          and the Discoverable Partitions Specification.

        Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
        Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
        Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
        Benjamin Tissoires, berenddeschouwer, BerndAdameit,
        Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
        Charles Hardin, chris, Christian Brauner, Christian Göttsche,
        Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
        Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
        Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
        Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
        Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
        Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
        igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
        Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
        Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
        Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
        Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
        Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
        Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
        Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
        Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
        Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
        msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
        noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
        Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
        reuben olinsky, Richard E. van der Luit, Richard Phibel,
        Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
        Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
        Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
        Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
        Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
        Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
        William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
        наб

        — Warsaw, 2023-02-15

CHANGES WITH 252 🎃:

        Announcements of Future Feature Removals:

        * We intend to remove cgroup v1 support from systemd release after the
          end of 2023. If you run services that make explicit use of cgroup v1
          features (i.e. the "legacy hierarchy" with separate hierarchies for
          each controller), please implement compatibility with cgroup v2 (i.e.
          the "unified hierarchy") sooner rather than later. Most of Linux
          userspace has been ported over already.

        * We intend to remove support for split-usr (/usr mounted separately
          during boot) and unmerged-usr (parallel directories /bin and
          /usr/bin, /lib and /usr/lib, etc). This will happen in the second
          half of 2023, in the first release that falls into that time window.
          For more details, see:
          https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

        Compatibility Breaks:

        * ConditionKernelVersion= checks that use the '=' or '!=' operators
          will now do simple string comparisons (instead of version comparisons
          à la stverscmp()). Version comparisons are still done for the
          ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
          specified, a shell-style glob match is now done. This creates a minor
          incompatibility compared to older systemd versions when the '*', '?',
          '[', ']' characters are used, as these will now match as shell globs
          instead of literally. Given that kernel version strings typically do
          not include these characters we expect little breakage through this
          change.

        * The service manager will now read the SELinux label used for SELinux
          access checks from the unit file at the time it loads the file.
          Previously, the label would be read at the moment of the access
          check, which was problematic since at that time the unit file might
          already have been updated or removed.

        New Features:

        * systemd-measure is a new tool for calculating and signing expected
          TPM2 PCR values for a given unified kernel image (UKI) booted via
          sd-stub. The public key used for the signature and the signed
          expected PCR information can be embedded inside the UKI. This
          information can be extracted from the UKI by external tools and code
          in the image itself and is made available to userspace in the booted
          kernel.

          systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
          updated to make use of this information if available in the booted
          kernel: when locking an encrypted volume/credential to the TPM
          systemd-cryptenroll/systemd-creds will use the public key to bind the
          volume/credential to any kernel that carries PCR information signed
          by the same key pair. When unlocking such volumes/credentials
          systemd-cryptsetup/systemd-creds will use the signature embedded in
          the booted UKI to gain access.

          Binding TPM-based disk encryption to public keys/signatures of PCR
          values — instead of literal PCR values — addresses the inherent
          "brittleness" of traditional PCR-bound TPM disk encryption schemes:
          disks remain accessible even if the UKI is updated, without any TPM
          specific preparation during the OS update — as long as each UKI
          carries the necessary PCR signature information.

          Net effect: if you boot a properly prepared kernel, TPM-bound disk
          encryption now defaults to be locked to kernels which carry PCR
          signatures from the same key pair. Example: if a hypothetical distro
          FooOS prepares its UKIs like this, TPM-based disk encryption is now –
          by default – bound to only FooOS kernels, and encrypted volumes bound
          to the TPM cannot be unlocked on kernels from other sources. (But do
          note this behaviour requires preparation/enabling in the UKI, and of
          course users can always enroll non-TPM ways to unlock the volume.)

        * systemd-pcrphase is a new tool that is invoked at six places during
          system runtime, and measures additional words into TPM2 PCR 11, to
          mark milestones of the boot process. This allows binding access to
          specific TPM2-encrypted secrets to specific phases of the boot
          process. (Example: LUKS2 disk encryption key only accessible in the
          initrd, but not later.)

        Changes in systemd itself, i.e. the manager and units

        * The cpu controller is delegated to user manager units by default, and
          CPUWeight= settings are applied to the top-level user slice units
          (app.slice, background.slice, session.slice). This provides a degree
          of resource isolation between different user services competing for
          the CPU.

        * Systemd can optionally do a full preset in the "first boot" condition
          (instead of just enable-only). This behaviour is controlled by the
          compile-time option -Dfirst-boot-full-preset. Right now it defaults
          to 'false', but the plan is to switch it to 'true' for the subsequent
          release.

        * Drop-ins are now allowed for transient units too.

        * Systemd will set the taint flag 'support-ended' if it detects that
          the OS image is past its end-of-support date. This date is declared
          in a new /etc/os-release field SUPPORT_END= described below.

        * Two new settings ConditionCredential= and AssertCredential= can be
          used to skip or fail units if a certain system credential is not
          provided.

        * ConditionMemory= accepts size suffixes (K, M, G, T, …).

        * DefaultSmackProcessLabel= can be used in system.conf and user.conf to
          specify the SMACK security label to use when not specified in a unit
          file.

        * DefaultDeviceTimeoutSec= can be used in system.conf and user.conf to
          specify the default timeout when waiting for device units to
          activate.

        * C.UTF-8 is used as the default locale if nothing else has been
          configured.

        * [Condition|Assert]Firmware= have been extended to support certain
          SMBIOS fields. For example

            ConditionFirmware=smbios-field(board_name = "Custom Board")

          conditionalizes the unit to run only when
          /sys/class/dmi/id/board_name contains "Custom Board" (without the
          quotes).

        * ConditionFirstBoot= now correctly evaluates as true only during the
          boot phase of the first boot. A unit executed later, after booting
          has completed, will no longer evaluate this condition as true.

        * Socket units will now create sockets in the SELinuxContext= of the
          associated service unit, if any.

        * Boot phase transitions (start initrd → exit initrd → boot complete →
          shutdown) will be measured into TPM2 PCR 11, so that secrets can be
          bound to a specific runtime phase. E.g.: a LUKS encryption key can be
          unsealed only in the initrd.

        * Service credentials (i.e. SetCredential=/LoadCredential=/…) will now
          also be provided to ExecStartPre= processes.

        * Various units are now correctly ordered against
          initrd-switch-root.target where previously a conflict without
          ordering was configured. A stop job for those units would be queued,
          but without the ordering it could be executed only after
          initrd-switch-root.service, leading to units not being restarted in
          the host system as expected.

        * In order to fully support the IPMI watchdog driver, which has not yet
          been ported to the new common watchdog device interface,
          /dev/watchdog0 will be tried first and systemd will silently fallback
          to /dev/watchdog if it is not found.

        * New watchdog-related D-Bus properties are now published by systemd:
          WatchdogDevice, WatchdogLastPingTimestamp,
          WatchdogLastPingTimestampMonotonic.

        * At shutdown, API virtual files systems (proc, sys, etc.) will be
          unmounted lazily.

        * At shutdown, systemd will now log about processes blocking unmounting
          of file systems.

        * A new meson build option 'clock-valid-range-usec-max' was added to
          allow disabling system time correction if RTC returns a timestamp far
          in the future.

        * Propagated restart jobs will no longer be discarded while a unit is
          activating.

        * PID 1 will now import system credentials from SMBIOS Type 11 fields
          ("OEM vendor strings"), in addition to qemu_fwcfg. This provides a
          simple, fast and generic path for supplying credentials to a VM,
          without involving external tools such as cloud-init/ignition.

        * The CPUWeight= setting of unit files now accepts a new special value
          "idle", which configures "idle" level scheduling for the unit.

        * Service processes that are activated due to a .timer or .path unit
          triggering will now receive information about this via environment
          variables. Note that this is information is lossy, as activation
          might be coalesced and only one of the activating triggers will be
          reported. This is hence more suited for debugging or tracing rather
          than for behaviour decisions.

        * The riscv_flush_icache(2) system call has been added to the list of
          system calls allowed by default when SystemCallFilter= is used.

        * The selinux context derived from the target executable, instead of
          'init_t' used for the manager itself, is now used when creating
          listening sockets for units that specify SELinuxContextFromNet=yes.

        Changes in sd-boot, bootctl, and the Boot Loader Specification:

        * The Boot Loader Specification has been cleaned up and clarified.
          Various corner cases in version string comparisons have been fixed
          (e.g. comparisons for empty strings). Boot counting is now part of
          the main specification.

        * New PCRs measurements are performed during boot: PCR 11 for the
          kernel+initrd combo, PCR 13 for any sysext images. If a measurement
          took place this is now reported to userspace via the new
          StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.

        * As before, systemd-stub will measure kernel parameters and system
          credentials into PCR 12. It will now report this fact via the
          StubPcrKernelParameters EFI variable to userspace.

        * The UEFI monotonic boot counter is now included in the updated random
          seed file maintained by sd-boot, providing some additional entropy.

        * sd-stub will use LoadImage/StartImage to execute the kernel, instead
          of arranging the image manually and jumping to the kernel entry
          point. sd-stub also installs a temporary UEFI SecurityOverride to
          allow the (unsigned) nested image to be booted. This is safe because
          the outer (signed) stub+kernel binary must have been verified before
          the stub was executed.

        * Booting in EFI mixed mode (a 64-bit kernel over 32-bit UEFI firmware)
          is now supported by sd-boot.

        * bootctl gained a bunch of new options: --all-architectures to install
          binaries for all supported EFI architectures, --root= and --image=
          options to operate on a directory or disk image, and
          --install-source= to specify the source for binaries to install,
          --efi-boot-option-description= to control the name of the boot entry.

        * The sd-boot stub exports a StubFeatures flag, which is used by
          bootctl to show features supported by the stub that was used to boot.

        * The PE section offsets that are used by tools that assemble unified
          kernel images have historically been hard-coded. This may lead to
          overlapping PE sections which may break on boot. The UKI will now try
          to detect and warn about this.

          Any tools that assemble UKIs must update to calculate these offsets
          dynamically. Future sd-stub versions may use offsets that will not
          work with the currently used set of hard-coded offsets!

        * sd-stub now accepts (and passes to the initrd and then to the full
          OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed
          signatures of expected PCR values, to allow sealing secrets via the
          TPM2 against pre-calculated PCR measurements.

        Changes in the hardware database:

        * 'systemd-hwdb query' now supports the --root= option.

        Changes in systemctl:

        * systemctl now supports --state= and --type= options for the 'show'
          and 'status' verbs.

        * systemctl gained a new verb 'list-automounts' to list automount
          points.

        * systemctl gained support for a new --image= switch to be able to
          operate on the specified disk image (similar to the existing --root=
          which operates relative to some directory).

        Changes in systemd-networkd:

        * networkd can set Linux NetLabel labels for integration with the
          network control in security modules via a new NetLabel= option.

        * The RapidCommit= is (re-)introduced to enable faster configuration
          via DHCPv6 (RFC 3315).

        * networkd gained a new option TCPCongestionControlAlgorithm= that
          allows setting a per-route TCP algorithm.

        * networkd gained a new option KeepFileDescriptor= to allow keeping a
          reference (file descriptor) open on TUN/TAP interfaces, which is
          useful to avoid link flaps while the underlying service providing the
          interface is being serviced.

        * RouteTable= now also accepts route table names.

        Changes in systemd-nspawn:

        * The --bind= and --overlay= options now support relative paths.

        * The --bind= option now supports a 'rootidmap' value, which will
          use id-mapped mounts to map the root user inside the container to the
          owner of the mounted directory on the host.

        Changes in systemd-resolved:

        * systemd-resolved now persists DNSOverTLS in its state file too. This
          fixes a problem when used in combination with NetworkManager, which
          sends the setting only once, causing it to be lost if resolved was
          restarted at any point.

        * systemd-resolved now exposes a Varlink socket at
          /run/systemd/resolve/io.systemd.Resolve.Monitor, accessible only for
          root. Processed DNS requests in a JSON format will be published to
          any clients connected to this socket.

          resolvectl gained a 'monitor' verb to make use of this.

        * systemd-resolved now treats unsupported DNSSEC algorithms as INSECURE
          instead of returning SERVFAIL, as per RFC:
          https://datatracker.ietf.org/doc/html/rfc6840#section-5.2

        * OpenSSL is the default crypto backend for systemd-resolved. (gnutls
          is still supported.)

        Changes in libsystemd and other libraries:

        * libsystemd now exports sd_bus_error_setfv() (a convenience function
          for setting bus errors), sd_id128_string_equal (a convenience
          function for 128-bit ID string comparisons), and
          sd_bus_message_read_strv_extend() (a function to incrementally read
          string arrays).

        * libsystemd now exports sd_device_get_child_first()/_next() as a
          high-level interface for enumerating child devices. It also supports
          sd_device_new_child() for opening a child device given a device
          object.

        * libsystemd now exports sd_device_monitor_set()/get_description()
          which allow setting a custom description that will be used in log
          messages by sd_device_monitor*.

        * Private shared libraries (libsystemd-shared-nnn.so,
          libsystemd-core-nnn.so) are now installed into arch-specific
          directories to allow multi-arch installs.

        * A new sd-gpt.h header is now published, listing GUIDs from the
          Discoverable Partitions specification. For more details see:
          https://systemd.io/DISCOVERABLE_PARTITIONS/

        * A new function sd_hwdb_new_from_path() has been added to open a hwdb
          database given an explicit path to the file.

        * The signal number argument to sd_event_add_signal() now can now be
          ORed with the SD_EVENT_SIGNAL_PROCMASK flag, causing sigprocmask() to
          be automatically invoked to block the specified signal. This is
          useful to simplify invocations as the caller doesn't have to do this
          manually.

        * A new convenience call sd_event_set_signal_exit() has been added to
          sd-event to set up signal handling so that the event loop
          automatically terminates cleanly on SIGTERM/SIGINT.

        Changes in other components:

        * systemd-sysusers, systemd-tmpfiles, and systemd-sysctl configuration
          can now be provided via the credential mechanism.

        * systemd-analyze gained a new verb 'compare-versions' that implements
          comparisons for versions strings (similarly to 'rpmdev-vercmp' and
          'dpkg --compare-versions').

        * 'systemd-analyze dump' is extended to accept glob patterns for unit
          names to limit the output to matching units.

        * tmpfiles.d/ lines can read file contents to write from a credential.
          The new modifier char '^' is used to specify that the argument is a
          credential name. This mechanism is used to automatically populate
          /etc/motd, /etc/issue, and /etc/hosts from credentials.

        * tmpfiles.d/ may now be configured to avoid changing uid/gid/mode of
          an inode if the specification is prefixed with ':' and the inode
          already exists.

        * Default tmpfiles.d/ configuration now carries a line to automatically
          use an 'ssh.authorized_keys.root' credential if provided to set up
          the SSH authorized_keys file for the root user.

        * systemd-tmpfiles will now gracefully handle absent source of "C" copy
          lines.

        * tmpfiles.d/ F/w lines now optionally permit encoding of the payload
          in base64. This is useful to write arbitrary binary data into files.

        * The pkgconfig and rpm macros files now export the directory for user
          units as 'user_tmpfiles_dir' and '%_user_tmpfilesdir'.

        * Detection of Apple Virtualization and detection of Parallels and
          KubeVirt virtualization on non-x86 archs have been added.

        * os-release gained a new field SUPPORT_END=YYYY-MM-DD to inform the
          user when their system will become unsupported.

        * When performing suspend-then-hibernate, the system will estimate the
          discharge rate and use that to set the delay until hibernation and
          hibernate immediately instead of suspending when running from a
          battery and the capacity is below 5%.

        * systemd-sysctl gained a --strict option to fail when a sysctl
          setting is unknown to the kernel.

        * machinectl supports --force for the 'copy-to' and 'copy-from'
          verbs.

        * coredumpctl gained the --root and --image options to look for journal
          files under the specified root directory, image, or block device.

        * 'journalctl -o' and similar commands now implement a new output mode
          "short-delta". It is similar to "short-monotonic", but also shows the
          time delta between subsequent messages.

        * journalctl now respects the --quiet flag when verifying consistency
          of journal files.

        * Journal log messages gained a new implicit field _RUNTIME_SCOPE= that
          will indicate whether a message was logged in the 'initrd' phase or
          in the 'system' phase of the boot process.

        * Journal files gained a new compatibility flag
          'HEADER_INCOMPATIBLE_COMPACT'. Files with this flag implement changes
          to the storage format that allow reducing size on disk. As with other
          compatibility flags, older journalctl versions will not be able to
          read journal files using this new format. The environment variable
          'SYSTEMD_JOURNAL_COMPACT=0' can be passed to systemd-journald to
          disable this functionality. It is enabled by default.

        * systemd-run's --working-directory= switch now works when used in
          combination with --scope.

        * portablectl gained a --force flag to skip certain sanity checks. This
          is implemented using new flags accepted by systemd-portabled for the
          *WithExtensions() D-Bus methods: SD_SYSTEMD_PORTABLE_FORCE_ATTACH
          flag now means that the attach/detach checks whether the units are
          already present and running will be skipped. Similarly,
          SD_SYSTEMD_PORTABLE_FORCE_SYSEXT flag means that the check whether
          image name matches the name declared inside of the image will be
          skipped. Callers must be sure to do those checks themselves if
          appropriate.

        * systemd-portabled will now use the original filename to check
          extension-release.NAME for correctness, in case it is passed a
          symlink.

        * systemd-portabled now uses PrivateTmp=yes in the 'trusted' profile
          too.

        * sysext's extension-release files now support '_any' as a special
          value for the ID= field, to allow distribution-independent extensions
          (e.g.: fully statically compiled binaries, scripts). It also gained
          support for a new ARCHITECTURE= field that may be used to explicitly
          restrict an image to hosts of a specific architecture.

        * systemd-repart now supports creating squashfs partitions. This
          requires mksquashfs from squashfs-tools.

        * systemd-repart gained a --split flag to also generate split
          artifacts, i.e. a separate file for each partition. This is useful in
          conjunction with systemd-sysupdate or other tools, or to generate
          split dm-verity artifacts.

        * systemd-repart is now able to generate dm-verity partitions, including
          signatures.

        * systemd-repart can now set a partition UUID to zero, allowing it to
          be filled in later, such as when using verity partitions.

        * systemd-repart now supports drop-ins for its configuration files.

        * Package metadata logged by systemd-coredump in the system journal is
          now more compact.

        * xdg-autostart-service now expands 'tilde' characters in Exec lines.

        * systemd-oomd now automatically links against libatomic, if available.

        * systemd-oomd now sends out a 'Killed' D-Bus signal when a cgroup is
          killed.

        * scope units now also provide oom-kill status.

        * systemd-pstore will now try to load only the efi_pstore kernel module
          before running, ensuring that pstore can be used.

        * systemd-logind gained a new StopIdleSessionSec= option to stop an idle
          session after a preconfigure timeout.

        * systemd-homed will now wait up to 30 seconds for workers to terminate,
          rather than indefinitely.

        * homectl gained a new '--luks-sector-size=' flag that allows users to
          select the preferred LUKS sector size. Must be a power of 2 between 512
          and 4096. systemd-userdbd records gained a corresponding field.

        * systemd-sysusers will now respect the 'SOURCE_DATE_EPOCH' environment
          variable when generating the 'sp_lstchg' field, to ensure an image
          build can be reproducible.

        * 'udevadm wait' will now listen to kernel uevents too when called with
          --initialized=no.

        * When naming network devices udev will now consult the Devicetree
          "alias" fields for the device.

        * systemd-udev will now create infiniband/by-path and
          infiniband/by-ibdev links for Infiniband verbs devices.

        * systemd-udev-trigger.service will now also prioritize input devices.

        * ConditionACPower= and systemd-ac-power will now assume the system is
          running on AC power if no battery can be found.

        * All features and tools using the TPM2 will now communicate with it
          using a bind key. Beforehand, the tpm2 support used encrypted sessions
          by creating a primary key that was used to encrypt traffic. This
          creates a problem as the key created for encrypting the traffic could
          be faked by an active interposer on the bus. In cases when a pin is
          used, a bind key will be used. The pin is used as the auth value for
          the seal key, aka the disk encryption key, and that auth value will be
          used in the session establishment. An attacker would need the pin
          value to create the secure session and thus an active interposer
          without the pin cannot interpose on TPM2 traffic.

        * systemd-growfs no longer requires udev to run.

        * systemd-backlight now will better support systems with multiple
          graphic cards.

        * systemd-cryptsetup's keyfile-timeout= option now also works when a
          device is used as a keyfile.

        * systemd-cryptenroll gained a new --unlock-key-file= option to get the
          unlocking key from a key file (instead of prompting the user). Note
          that this is the key for unlocking the volume in order to be able to
          enroll a new key, but it is not the key that is enrolled.

        * systemd-dissect gained a new --umount switch that will safely and
          synchronously unmount all partitions of an image previously mounted
          with 'systemd-dissect --mount'.

        * When using gcrypt, all systemd tools and services will now configure
          it to prefer the OS random number generator if present.

        * All example code shipped with documentation has been relicensed from CC0
          to MIT-0.

        * Unit tests will no longer fail when running on a system without
          /etc/machine-id.

        Experimental features:

        * BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
          and bpftool >= 7.0).

        * sd-boot can automatically enroll SecureBoot keys from files found on
          the ESP. This enrollment can be either automatic ('force' mode) or
          controlled by the user ('manual' mode). It is sufficient to place the
          SecureBoot keys in the right place in the ESP and they will be picked
          up by sd-boot and shown in the boot menu.

        * The mkosi config in systemd gained support for automatically
          compiling a kernel with the configuration appropriate for testing
          systemd. This may be useful when developing or testing systemd in
          tandem with the kernel.

        Contributions from: 김인수, Adam Williamson, adrian5, Aidan Dang,
        Akihiko Odaki, Alban Bedel, Albert Mikaelyan, Aleksey Vasenev,
        Alexander Graf, Alexander Shopov, Alexander Wilson,
        Alper Nebi Yasak, anarcat, Anders Jonsson, Andre Kalb,
        Andrew Stone, Andrey Albershteyn, Anita Zhang, Ansgar Burchardt,
        Antonio Alvarez Feijoo, Arnaud Ferraris, Aryan singh, asavah,
        Avamander, Avram Lubkin, Balázs Meskó, Bastien Nocera,
        Benjamin Franzke, BerndAdameit, bin456789, Celeste Liu,
        Chih-Hsuan Yen, Christian Brauner, Christian Göttsche,
        Christian Hesse, Clyde Byrd III, codefiles, Colin Walters,
        Cristian Rodríguez, Daan De Meyer, Daniel Braunwarth,
        Daniel Rusek, Dan Streetman, Darsey Litzenberger, David Edmundson,
        David Jaša, David Rheinsberg, David Seifert, David Tardon,
        dependabot[bot], Devendra Tewari, Dominique Martinet, drosdeck,
        Edson Juliano Drosdeck, Eduard Tolosa, eggfly, Einsler Lee,
        Elias Probst, Eli Schwartz, Evgeny Vereshchagin, exploide, Fei Li,
        Foster Snowhill, Franck Bui, Frank Dana, Frantisek Sumsal,
        Gerd Hoffmann, Gio, Goffredo Baroncelli, gtwang01,
        Guillaume W. Bres, H A, Hans de Goede, Heinrich Schuchardt,
        Hugo Carvalho, i-do-cpp, igo95862, j00512545, Jacek Migacz,
        Jade Bilkey, James Hilliard, Jan B, Janis Goldschmidt,
        Jan Janssen, Jan Kuparinen, Jan Luebbe, Jan Macku,
        Jason A. Donenfeld, Javkhlanbayar Khongorzul, Jeremy Soller,
        JeroenHD, jiangchuangang, João Loureiro,
        Joaquín Ignacio Aramendía, Jochen Sprickerhof,
        Johannes Schauer Marin Rodrigues, Jonas Kümmerlin,
        Jonas Witschel, Jonathan Kang, Jonathan Lebon, Joost Heitbrink,
        Jörg Thalheim, josh-gordon-fb, Joyce, Kai Lueke, lastkrick,
        Lennart Poettering, Leon M. George, licunlong, Li kunyu,
        LockBlock-dev, Loïc Collignon, Lubomir Rintel, Luca Boccassi,
        Luca BRUNO, Ludwig Nussel, Łukasz Stelmach, Maccraft123,
        Marc Kleine-Budde, Marius Vollmer, Martin Wilck, matoro,
        Matthias Lisin, Max Gautier, Maxim Mikityanskiy, Michael Biebl,
        Michal Koutný, Michal Sekletár, Michal Stanke, Mike Gilbert,
        Mitchell Freiderich, msizanoen1, Nick Rosbrook, nl6720, Oğuz Ersen,
        Oleg Solovyov, Olga Smirnova, Pablo Ceballos, Pavel Zhukov,
        Phaedrus Leeds, Philipp Gortan, Piotr Drąg, Pyfisch,
        Quentin Deslandes, Rahil Bhimjiani, Rene Hollander, Richard Huang,
        Richard Phibel, Rudi Heitbaum, Sam James, Sarah Brofeldt,
        Sean Anderson, Sebastian Scheibner, Shreenidhi Shedi,
        Sonali Srivastava, Steve Ramage, Suraj Krishnan, Swapnil Devesh,
        Takashi Sakamoto, Ted X. Toth, Temuri Doghonadze, Thomas Blume,
        Thomas Haller, Thomas Hebb, Tomáš Hnyk, Tomasz Paweł Gajc,
        Topi Miettinen, Ulrich Ölmann, undef, Uriel Corfa,
        Victor Westerhuis, Vincent Dagonneau, Vishal Chillara Srinivas,
        Vito Caputo, Weblate, Wenchao Hao, William Roberts, williamsumendap,
        wineway, xiaoyang, Yuri Chornoivan, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, Zhaofeng Li, наб

        – The Great Beyond, 2022-10-31 👻

CHANGES WITH 251:

        Backwards-incompatible changes:

        * The minimum kernel version required has been bumped from 3.13 to 4.15,
          and CLOCK_BOOTTIME is now assumed to always exist.

        * C11 with GNU extensions (aka "gnu11") is now used to build our
          components. Public API headers are still restricted to ISO C89.

        * In v250, a systemd-networkd feature that automatically configures
          routes to addresses specified in AllowedIPs= was added and enabled by
          default. However, this causes network connectivity issues in many
          existing setups. Hence, it has been disabled by default since
          systemd-stable 250.3. The feature can still be used by explicitly
          configuring RouteTable= setting in .netdev files.

        * Jobs started via StartUnitWithFlags() will no longer return 'skipped'
          when a Condition*= check does not succeed, restoring the JobRemoved
          signal to the behaviour it had before v250.

        * The org.freedesktop.portable1 methods GetMetadataWithExtensions() and
          GetImageMetadataWithExtensions() have been fixed to provide an extra
          return parameter, containing the actual extension release metadata.
          The current implementation was judged to be broken and unusable, and
          thus the usual procedure of adding a new set of methods was skipped,
          and backward compatibility broken instead on the assumption that
          nobody can be affected given the current state of this interface.

        * All kernels supported by systemd mix bytes returned by RDRAND (or
          similar) into the entropy pool at early boot. This means that on
          those systems, even if /dev/urandom is not yet initialized, it still
          returns bytes that are of at least RDRAND quality. For that reason,
          we no longer have reason to invoke RDRAND from systemd itself, which
          has historically been a source of bugs. Furthermore, kernels ≥5.6
          provide the getrandom(GRND_INSECURE) interface for returning random
          bytes before the entropy pool is initialized without warning into
          kmsg, which is what we attempt to use if available. systemd's direct
          usage of RDRAND has been removed. x86 systems ≥Broadwell that are
          running an older kernel may experience kmsg warnings that were not
          seen with 250. For newer kernels, non-x86 systems, or older x86
          systems, there should be no visible changes.

        * sd-boot will now measure the kernel command line into TPM PCR 12
          rather than PCR 8. This improves usefulness of the measurements on
          systems where sd-boot is chainloaded from Grub. Grub measures all
          commands its executes into PCR 8, which makes it very hard to use
          reasonably, hence separate ourselves from that and use PCR 12
          instead, which is what certain Ubuntu editions already do. To retain
          compatibility with systems running older systemd systems a new meson
          option 'efi-tpm-pcr-compat' has been added (which defaults to false).
          If enabled, the measurement is done twice: into the new-style PCR 12
          *and* the old-style PCR 8. It's strongly advised to migrate all users
          to PCR 12 for this purpose in the long run, as we intend to remove
          this compatibility feature in two years' time.

        * busctl capture now writes output in the newer pcapng format instead
          of pcap.

        * A udev rule that imported hwdb matches for USB devices with lowercase
          hexadecimal vendor/product ID digits was added in systemd 250. This
          has been reverted, since uppercase hexadecimal digits are supposed to
          be used, and we already had a rule with the appropriate match.

          Users might need to adjust their local hwdb entries.

        * arch_prctl(2) has been moved to the @default set in the syscall filters
          (as exposed via the SystemCallFilter= setting in service unit files).
          It is apparently used by the linker now.

        * The tmpfiles entries that create the /run/systemd/netif directory and
          its subdirectories were moved from tmpfiles.d/systemd.conf to
          tmpfiles.d/systemd-network.conf.

          Users might need to adjust their files that override tmpfiles.d/systemd.conf
          to account for this change.

        * The requirement for Portable Services images to contain a well-formed
          os-release file (i.e.: contain at least an ID field) is now enforced.
          This applies to base images and extensions, and also to systemd-sysext.

        Changes in the Boot Loader Specification, kernel-install and sd-boot:

        * kernel-install's and bootctl's Boot Loader Specification Type #1
          entry generation logic has been reworked. The user may now pick
          explicitly by which "token" string to name the installation's boot
          entries, via the new /etc/kernel/entry-token file or the new
          --entry-token= switch to bootctl. By default — as before — the
          entries are named after the local machine ID. However, in "golden
          image" environments, where the machine ID shall be initialized on
          first boot (as opposed to at installation time before first boot) the
          machine ID will not be available at build time. In this case the
          --entry-token= switch to bootctl (or the /etc/kernel/entry-token
          file) may be used to override the "token" for the entries, for
          example the IMAGE_ID= or ID= fields from /etc/os-release. This will
          make the OS images independent of any machine ID, and ensure that the
          images will not carry any identifiable information before first boot,
          but on the other hand means that multiple parallel installations of
          the very same image on the same disk cannot be supported.

          Summary: if you are building golden images that shall acquire
          identity information exclusively on first boot, make sure to both
          remove /etc/machine-id *and* to write /etc/kernel/entry-token to the
          value of the IMAGE_ID= or ID= field of /etc/os-release or another
          suitable identifier before deploying the image.

        * The Boot Loader Specification has been extended with
          /loader/entries.srel file located in the EFI System Partition (ESP)
          that disambiguates the format of the entries in the /loader/entries/
          directory (in order to discern them from incompatible uses of this
          directory by other projects). For entries that follow the
          Specification, the string "type1" is stored in this file.

          bootctl will now write this file automatically when installing the
          systemd-boot boot loader.

        * kernel-install supports a new initrd_generator= setting in
          /etc/kernel/install.conf, that is exported as
          $KERNEL_INSTALL_INITRD_GENERATOR to kernel-install plugins. This
          allows choosing different initrd generators.

        * kernel-install will now create a "staging area" (an initially-empty
          directory to gather files for a Boot Loader Specification Type #1
          entry). The path to this directory is exported as
          $KERNEL_INSTALL_STAGING_AREA to kernel-install plugins, which should
          drop files there instead of writing them directly to the final
          location. kernel-install will move them when all files have been
          prepared successfully.

        * New option sort-key= has been added to the Boot Loader Specification
          to override the sorting order of the entries in the boot menu. It is
          read by sd-boot and bootctl, and will be written by kernel-install,
          with the default value of IMAGE_ID= or ID= fields from
          os-release. Together, this means that on multiboot installations,
          entries should be grouped and sorted in a predictable way.

        * The sort order of boot entries has been updated: entries which have
          the new field sort-key= are sorted by it first, and all entries
          without it are ordered later. After that, entries are sorted by
          version so that newest entries are towards the beginning of the list.

        * The kernel-install tool gained a new 'inspect' verb which shows the
          paths and other settings used.

        * sd-boot can now optionally beep when the menu is shown and menu
          entries are selected, which can be useful on machines without a
          working display. (Controllable via a loader.conf setting.)

        * The --make-machine-id-directory= switch to bootctl has been replaced
          by --make-entry-directory=, given that the entry directory is not
          necessarily named after the machine ID, but after some other suitable
          ID as selected via --entry-token= described above. The old name of
          the option is still understood to maximize compatibility.

        * 'bootctl list' gained support for a new --json= switch to output boot
          menu entries in JSON format.

        * 'bootctl is-installed' now supports the --graceful, and various verbs
          omit output with the new option --quiet.

        Changes in systemd-homed:

        * Starting with v250 systemd-homed uses UID/GID mapping on the mounts
          of activated home directories it manages (if the kernel and selected
          file systems support it). So far it mapped three UID ranges: the
          range from 0…60000, the user's own UID, and the range 60514…65534,
          leaving everything else unmapped (in other words, the 16-bit UID range
          is mapped almost fully, with the exception of the UID subrange used
          for systemd-homed users, with one exception: the user's own UID).
          Unmapped UIDs may not be used for file ownership in the home
          directory — any chown() attempts with them will fail. With this
          release a fourth range is added to these mappings:
          524288…1879048191. This range is the UID range intended for container
          uses, see:

                  https://systemd.io/UIDS-GIDS

          This range may be used for container managers that place container OS
          trees in the home directory (which is a questionable approach, for
          quota, permission, SUID handling and network file system
          compatibility reasons, but nonetheless apparently commonplace). Note
          that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
          UID assignments from the range are not managed or mapped by
          `systemd-homed`, and must be managed with other mechanisms, in the
          context of the local system.

          Typically, a better approach to user namespacing in relevant
          container managers would be to leave container OS trees on disk at
          UID offset 0, but then map them to a dynamically allocated runtime
          UID range via another UID mount map at container invocation
          time. That way user namespace UID ranges become strictly a runtime
          concept, and do not leak into persistent file systems, persistent
          user databases or persistent configuration, thus greatly simplifying
          handling, and improving compatibility with home directories intended
          to be portable like the ones managed by systemd-homed.

        Changes in shared libraries:

        * A new libsystemd-core-<version>.so private shared library is
          installed under /usr/lib/systemd/system, mirroring the existing
          libsystemd-shared-<version>.so library. This allows the total
          installation size to be reduced by binary code reuse.

        * The <version> tag used in the name of libsystemd-shared.so and
          libsystemd-core.so can be configured via the meson option
          'shared-lib-tag'. Distributions may build subsequent versions of the
          systemd package with unique tags (e.g. the full package version),
          thus allowing multiple installations of those shared libraries to be
          available at the same time. This is intended to fix an issue where
          programs that link to those libraries would fail to execute because
          they were installed earlier or later than the appropriate version of
          the library.

        * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
          similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
          format instead of as a simple series of hex characters.

        * The sd-device API gained two new calls sd_device_new_from_devname()
          and sd_device_new_from_path() which permit allocating an sd_device
          object from a device node name or file system path.

        * sd-device also gained a new call sd_device_open() which will open the
          device node associated with a device for which an sd_device object
          has been allocated. The call is supposed to address races around
          device nodes being removed/recycled due to hotplug events, or media
          change events: the call checks internally whether the major/minor of
          the device node and the "diskseq" (in case of block devices) match
          with the metadata loaded in the sd_device object, thus ensuring that
          the device once opened really matches the provided sd_device object.

        Changes in PID1, systemctl, and systemd-oomd:

        * A new set of service monitor environment variables will be passed to
          OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
          handler unit as OnFailure=/OnSuccess=. The variables are:
          $MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS,
          $MONITOR_INVOCATION_ID and $MONITOR_UNIT. For cases when a single
          handler needs to watch multiple units, use a templated handler.

        * A new ExtensionDirectories= setting in service unit files allows
          system extensions to be loaded from a directory. (It is similar to
          ExtensionImages=, but takes paths to directories, instead of
          disk image files.)

          'portablectl attach --extension=' now also accepts directory paths.

        * The user.delegate and user.invocation_id extended attributes on
          cgroups are used in addition to trusted.delegate and
          trusted.invocation_id. The latter pair requires privileges to set,
          but the former doesn't and can be also set by the unprivileged user
          manager.

          (Only supported on kernels ≥5.6.)

        * Units that were killed by systemd-oomd will now have a service result
          of 'oom-kill'. The number of times a service was killed is tallied
          in the 'user.oomd_ooms' extended attribute.

          The OOMPolicy= unit file setting is now also honoured by
          systemd-oomd.

        * In unit files the new %y/%Y specifiers can be used to refer to
          normalized unit file path, which is particularly useful for symlinked
          unit files.

          The new %q specifier resolves to the pretty hostname
          (i.e. PRETTY_HOSTNAME= from /etc/machine-info).

          The new %d specifier resolves to the credentials directory of a
          service (same as $CREDENTIALS_DIRECTORY).

        * The RootDirectory=, MountAPIVFS=, ExtensionDirectories=,
          *Capabilities*=, ProtectHome=, *Directory=, TemporaryFileSystem=,
          PrivateTmp=, PrivateDevices=, PrivateNetwork=, NetworkNamespacePath=,
          PrivateIPC=, IPCNamespacePath=, PrivateUsers=, ProtectClock=,
          ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=,
          MountFlags= service settings now also work in unprivileged user
          services, i.e. those run by the user's --user service manager, as long
          as user namespaces are enabled on the system.

        * Services with Restart=always and a failing ExecCondition= will no
          longer be restarted, to bring ExecCondition= behaviour in line with
          Condition*= settings.

        * LoadCredential= now accepts a directory as the argument; all files
          from the directory will be loaded as credentials.

        * A new D-Bus property ControlGroupId is now exposed on service units,
          that encapsulates the service's numeric cgroup ID that newer kernels
          assign to each cgroup.

        * PID 1 gained support for configuring the "pre-timeout" of watchdog
          devices and the associated governor, via the new
          RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
          options in /etc/systemd/system.conf.

        * systemctl's --timestamp= option gained a new choice "unix", to show
          timestamp as unix times, i.e. seconds since 1970, Jan 1st.

        * A new "taint" flag named "old-kernel" is introduced which is set when
          the kernel systemd runs on is older then the current baseline version
          (see above). The flag is shown in "systemctl status" output.

        * Two additional taint flags "short-uid-range" and "short-gid-range"
          have been added as well, which are set when systemd notices it is run
          within a userns namespace that does not define the full 0…65535 UID
          range

        * A new "unmerged-usr" taint flag has been added that is set whenever
          running on systems where /bin/ + /sbin/ are *not* symlinks to their
          counterparts in /usr/, i.e. on systems where the /usr/-merge has not
          been completed.

        * Generators invoked by PID 1 will now have a couple of useful
          environment variables set describing the execution context a
          bit. $SYSTEMD_SCOPE encodes whether the generator is called from the
          system service manager, or from the per-user service
          manager. $SYSTEMD_IN_INITRD encodes whether the generator is invoked
          in initrd context or on the host. $SYSTEMD_FIRST_BOOT encodes whether
          systemd considers the current boot to be a "first"
          boot. $SYSTEMD_VIRTUALIZATION encode whether virtualization is
          detected and which type of hypervisor/container
          manager. $SYSTEMD_ARCHITECTURE indicates which architecture the
          kernel is built for.

        * PID 1 will now automatically pick up system credentials from qemu's
          fw_cfg interface, thus allowing passing arbitrary data into VM
          systems similar to how this is already supported for passing them
          into `systemd-nspawn` containers. Credentials may now also be passed
          in via the new kernel command line option `systemd.set_credential=`
          (note that kernel command line options are world-readable during
          runtime, and only useful for credentials that require no
          confidentiality). The credentials that can be passed to unified
          kernels that use the `systemd-stub` UEFI stub are now similarly
          picked up automatically. Automatic importing of system credentials
          this way can be turned off via the new
          `systemd.import_credentials=no` kernel command line option.

        * LoadCredential= will now automatically look for credentials in the
          /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
          the argument is not an absolute path. Similarly,
          LoadCredentialEncrypted= will check the same directories plus
          /etc/credstore.encrypted/, /run/credstore.encrypted/ and
          /usr/lib/credstore.encrypted/. The idea is to use those directories
          as the system-wide location for credentials that services should pick
          up automatically.

        * System and service credentials are described in great detail in a new
          document:

          https://systemd.io/CREDENTIALS

        Changes in systemd-journald:

        * The journal JSON export format has been added to listed of stable
          interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).

        * journalctl --list-boots now supports JSON output and the --reverse option.

        * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
          updated, BUILDING_IMAGES is new:

          https://systemd.io/JOURNAL_EXPORT_FORMATS
          https://systemd.io/BUILDING_IMAGES

        Changes in udev:

        * Two new hwdb files have been added. One lists "handhelds" (PDAs,
          calculators, etc.), the other AV production devices (DJ tables,
          keypads, etc.) that should accessible to the seat owner user by
          default.

        * udevadm trigger gained a new --prioritized-subsystem= option to
          process certain subsystems (and all their parent devices) earlier.

          systemd-udev-trigger.service now uses this new option to trigger
          block and TPM devices first, hopefully making the boot a bit faster.

        * udevadm trigger now implements --type=all, --initialized-match,
          --initialized-nomatch to trigger both subsystems and devices, only
          already-initialized devices, and only devices which haven't been
          initialized yet, respectively.

        * udevadm gained a new "wait" command for safely waiting for a specific
          device to show up in the udev device database. This is useful in
          scripts that asynchronously allocate a block device (e.g. through
          repartitioning, or allocating a loopback device or similar) and need
          to synchronize on the creation to complete.

        * udevadm gained a new "lock" command for locking one or more block
          devices while formatting it or writing a partition table to it. It is
          an implementation of https://systemd.io/BLOCK_DEVICE_LOCKING and
          usable in scripts dealing with block devices.

        * udevadm info will show a couple of additional device fields in its
          output, and will not apply a limited set of coloring to line types.

        * udevadm info --tree will now show a tree of objects (i.e. devices and
          suchlike) in the /sys/ hierarchy.

        * Block devices will now get a new set of device symlinks in
          /dev/disk/by-diskseq/<nr>, which may be used to reference block
          device nodes via the kernel's "diskseq" value. Note that this does
          not guarantee that opening a device by a symlink like this will
          guarantee that the opened device actually matches the specified
          diskseq value. To be safe against races, the actual diskseq value of
          the opened device (BLKGETDISKSEQ ioctl()) must still be compred with
          the one in the symlink path.

        * .link files gained support for setting MDI/MID-X on a link.

        * .link files gained support for [Match] Firmware= setting to match on
          the device firmware description string. By mistake, it was previously
          only supported in .network files.

        * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
          and [SR-IOV] section to configure SR-IOV virtual functions.

        Changes in systemd-networkd:

        * The default scope for unicast routes configured through [Route]
          section is changed to "link", to make the behavior consistent with
          "ip route" command. The manual configuration of [Route] Scope= is
          still honored.

        * A new unit systemd-networkd-wait-online@<interface>.service has been
          added that can be used to wait for a specific network interface to be
          up.

        * systemd-networkd gained a new [Bridge] Isolated=true|false setting
          that configures the eponymous kernel attribute on the bridge.

        * .netdev files now can be used to create virtual WLAN devices, and
          configure various settings on them, via the [WLAN] section.

        * .link/.network files gained support for [Match] Kind= setting to match
          on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)

          This value is also shown by 'networkctl status'.

        * The Local= setting in .netdev files for various virtual network
          devices gained support for specifying, in addition to the network
          address, the name of a local interface which must have the specified
          address.

        * systemd-networkd gained a new [Tunnel] External= setting in .netdev
          files, to configure tunnels in external mode (a.k.a. collect metadata
          mode).

        * [Network] L2TP= setting was removed. Please use interface specifier in
          Local= setting in .netdev files of corresponding L2TP interface.

        * New [DHCPServer] BootServerName=, BootServerAddress=, and
          BootFilename= settings can be used to configure the server address,
          server name, and file name sent in the DHCP packet (e.g. to configure
          PXE boot).

        Changes in systemd-resolved:

        * systemd-resolved is started earlier (in sysinit.target), so it
          available earlier and will also be started in the initrd if installed
          there.

        Changes in disk encryption:

        * systemd-cryptenroll can now control whether to require the user to
          enter a PIN when using TPM-based unlocking of a volume via the new
          --tpm2-with-pin= option.

          Option tpm2-pin= can be used in /etc/crypttab.

        * When unlocking devices via TPM, TPM2 parameter encryption is now
          used, to ensure that communication between CPU and discrete TPM chips
          cannot be eavesdropped to acquire disk encryption keys.

        * A new switch --fido2-credential-algorithm= has been added to
          systemd-cryptenroll allowing selection of the credential algorithm to
          use when binding encryption to FIDO2 tokens.

        Changes in systemd-hostnamed:

        * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
          to override the values gleaned from the hwdb.

        * A ID_CHASSIS property can be set in the hwdb (for the DMI device
          /sys/class/dmi/id) to override the chassis that is reported by
          hostnamed.

        * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
          for reading the hardware serial number, as reportd by DMI. It also
          exposes a new method D-Bus property FirmwareVersion that encode the
          firmware version of the system.

        Changes in other components:

        * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
          handling with the values that were configured during systemd build
          (if /etc/locale.conf has not been created through some other
          mechanism). This means that /etc/locale.conf should always have
          reasonable contents and we avoid a potential mismatch in defaults.

        * The userdbctl tool will now show UID range information as part of the
          list of known users.

        * A new build-time configuration setting default-user-shell= can be
          used to set the default shell for user records and nspawn shell
          invocations (instead of the default /bin/bash).

        * systemd-timesyncd now provides a D-Bus API for receiving NTP server
          information dynamically at runtime via IPC.

        * The systemd-creds tool gained a new "has-tpm2" verb, which reports
          whether a functioning TPM2 infrastructure is available, i.e. if
          firmware, kernel driver and systemd all have TPM2 support enabled and
          a device found.

        * The systemd-creds tool gained support for generating encrypted
          credentials that are using an empty encryption key. While this
          provides no integrity nor confidentiality it's useful to implement
          codeflows that work the same on TPM-ful and TPM2-less systems. The
          service manager will only accept credentials "encrypted" that way if
          a TPM2 device cannot be detected, to ensure that credentials
          "encrypted" like that cannot be used to trick TPM2 systems.

        * When deciding whether to colorize output, all systemd programs now
          also check $COLORTERM (in addition to $NO_COLOR, $SYSTEMD_COLORS, and
          $TERM).

        * Meson's new install_tag feature is now in use for several components,
          allowing to build and install select binaries only: pam, nss, devel
          (pkg-config files), systemd-boot, libsystemd, libudev. Example:
           $ meson build systemd-boot
           $ meson install --tags systemd-boot --no-rebuild
          https://mesonbuild.com/Installing.html#installation-tags

        * A new build configuration option has been added, to allow selecting the
          default compression algorithm used by systemd-journald and systemd-coredump.
          This allows to build-in support for decompressing all supported formats,
          but choose a specific one for compression. E.g.:
           $ meson -Ddefault-compression=xz

        Experimental features:

        * sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
          loader.conf that implements booting Microsoft Windows from the
          sd-boot in a way that first reboots the system, to reset the TPM
          PCRs. This improves compatibility with BitLocker's TPM use, as the
          PCRs will only record the Windows boot process, and not sd-boot
          itself, thus retaining the PCR measurements not involving sd-boot.
          Note that this feature is experimental for now, and is likely going
          to be generalized and renamed in a future release, without retaining
          compatibility with the current implementation.

        * A new systemd-sysupdate component has been added that automatically
          discovers, downloads, and installs A/B-style updates for the host
          installation itself, or container images, portable service images,
          and other assets. See the new systemd-sysupdate man page for updates.

        Contributions from: 4piu, Adam Williamson, adrian5, Albert Brox,
        AlexCatze, Alex Henrie, Alfonso Sánchez-Beato, Alice S,
        Alvin Šipraga, amarjargal, Amarjargal, Andrea Pappacoda,
        Andreas Rammhold, Andy Chi, Anita Zhang, Antonio Alvarez Feijoo,
        Arfrever Frehtes Taifersar Arahesis, ash, Bastien Nocera, Be,
        bearhoney, Ben Efros, Benjamin Berg, Benjamin Franzke,
        Brett Holman, Christian Brauner, Clyde Byrd III, Curtis Klein,
        Daan De Meyer, Daniele Medri, Daniel Mack, Danilo Krummrich,
        David, David Bond, Davide Cavalca, David Tardon, davijosw,
        dependabot[bot], Donald Chan, Dorian Clay, Eduard Tolosa,
        Elias Probst, Eli Schwartz, Erik Sjölund, Evgeny Vereshchagin,
        Federico Ceratto, Franck Bui, Frantisek Sumsal, Gaël PORTAY,
        Georges Basile Stavracas Neto, Gibeom Gwon, Goffredo Baroncelli,
        Grigori Goronzy, Hans de Goede, Heiko Becker, Hugo Carvalho,
        Jakob Lell, James Hilliard, Jan Janssen, Jason A. Donenfeld,
        Joan Bruguera, Joerie de Gram, Josh Triplett, Julia Kartseva,
        Kazuo Moriwaka, Khem Raj, ksa678491784, Lance, Lan Tian,
        Laura Barcziova, Lennart Poettering, Leviticoh, licunlong,
        Lidong Zhong, lincoln auster, Lubomir Rintel, Luca Boccassi,
        Luca BRUNO, lucagoc, Ludwig Nussel, Marcel Hellwig, march1993,
        Marco Scardovi, Mario Limonciello, Mariusz Tkaczyk,
        Markus Weippert, Martin, Martin Liska, Martin Wilck, Matija Skala,
        Matthew Blythe, Matthias Lisin, Matthijs van Duin, Matt Walton,
        Max Gautier, Michael Biebl, Michael Olbrich, Michal Koutný,
        Michal Sekletár, Mike Gilbert, MkfsSion, Morten Linderud,
        Nick Rosbrook, Nikolai Grigoriev, Nikolai Kostrigin,
        Nishal Kulkarni, Noel Kuntze, Pablo Ceballos, Peter Hutterer,
        Peter Morrow, Pigmy-penguin, Piotr Drąg, prumian, Richard Neill,
        Rike-Benjamin Schuppner, rodin-ia, Romain Naour, Ruben Kerkhof,
        Ryan Hendrickson, Santa Wiryaman, Sebastian Pucilowski, Seth Falco,
        Simon Ellmann, Sonali Srivastava, Stefan Seering,
        Stephen Hemminger, tawefogo, techtino, Temuri Doghonadze,
        Thomas Batten, Thomas Haller, Thomas Weißschuh, Tobias Stoeckmann,
        Tomasz Pala, Tyson Whitehead, Vishal Chillara Srinivas,
        Vivien Didelot, w30023233, wangyuhang, Weblate, Xiaotian Wu,
        yangmingtai, YmrDtnJu, Yonathan Randolph, Yutsuten, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, наб

        — Edinburgh, 2022-05-21

CHANGES WITH 250:

        * Support for encrypted and authenticated credentials has been added.
          This extends the credential logic introduced with v247 to support
          non-interactive symmetric encryption and authentication, based on a
          key that is stored on the /var/ file system or in the TPM2 chip (if
          available), or the combination of both (by default if a TPM2 chip
          exists the combination is used, otherwise the /var/ key only). The
          credentials are automatically decrypted at the moment a service is
          started, and are made accessible to the service itself in unencrypted
          form. A new tool 'systemd-creds' encrypts credentials for this
          purpose, and two new service file settings LoadCredentialEncrypted=
          and SetCredentialEncrypted= configure such credentials.

          This feature is useful to store sensitive material such as SSL
          certificates, passwords and similar securely at rest and only decrypt
          them when needed, and in a way that is tied to the local OS
          installation or hardware.

        * systemd-gpt-auto-generator can now automatically set up discoverable
          LUKS2 encrypted swap partitions.

        * The GPT Discoverable Partitions Specification has been substantially
          extended with support for root and /usr/ partitions for the majority
          of architectures systemd supports. This includes platforms that do
          not natively support UEFI, because even though GPT is specified under
          UEFI umbrella, it is useful on other systems too. Specifically,
          systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
          Portable Services use the concept without requiring UEFI.

        * The GPT Discoverable Partitions Specifications has been extended with
          a new set of partitions that may carry PKCS#7 signatures for Verity
          partitions, encoded in a simple JSON format. This implements a simple
          mechanism for building disk images that are fully authenticated and
          can be tested against a set of cryptographic certificates. This is
          now implemented for the various systemd tools that can operate with
          disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
          Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
          The PKCS#7 signatures are passed to the kernel (where they are
          checked against certificates from the kernel keyring), or can be
          verified against certificates provided in userspace (via a simple
          drop-in file mechanism).

        * systemd-dissect's inspection logic will now report for which uses a
          disk image is intended. Specifically, it will display whether an
          image is suitable for booting on UEFI or in a container (using
          systemd-nspawn's --image= switch), whether it can be used as portable
          service, or attached as system extension.

        * The system-extension.d/ drop-in files now support a new field
          SYSEXT_SCOPE= that may encode which purpose a system extension image
          is for: one of "initrd", "system" or "portable". This is useful to
          make images more self-descriptive, and to ensure system extensions
          cannot be attached in the wrong contexts.

        * The os-release file learnt a new PORTABLE_PREFIXES= field which may
          be used in portable service images to indicate which unit prefixes
          are supported.

        * The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
          now is able to decode images for non-native architectures as well.
          This allows systemd-nspawn to boot images of non-native architectures
          if the corresponding user mode emulator is installed and
          systemd-binfmtd is running.

        * systemd-logind gained new settings HandlePowerKeyLongPress=,
          HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
          HandleHibernateKeyLongPress= which may be used to configure actions
          when the relevant keys are pressed for more than 5s. This is useful
          on devices that only have hardware for a subset of these keys. By
          default, if the reboot key is pressed long the poweroff operation is
          now triggered, and when the suspend key is pressed long the hibernate
          operation is triggered. Long pressing the other two keys currently
          does not trigger any operation by default.

        * When showing unit status updates on the console during boot and
          shutdown, and a service is slow to start so that the cylon animation
          is shown, the most recent sd_notify() STATUS= text is now shown as
          well. Services may use this to make the boot/shutdown output easier
          to understand, and to indicate what precisely a service that is slow
          to start or stop is waiting for. In particular, the per-user service
          manager instance now reports what it is doing and which service it is
          waiting for this way to the system service manager.

        * The service manager will now re-execute on reception of the
          SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
          only when running as PID 1. There was no signal to request this when
          running as per-user service manager, i.e. as any other PID than 1.
          SIGRTMIN+25 works for both system and user managers.

        * The hardware watchdog logic in PID 1 gained support for operating
          with the default timeout configured in the hardware, instead of
          insisting on re-configuring it. Set RuntimeWatchdogSec=default to
          request this behavior.

        * A new kernel command line option systemd.watchdog_sec= is now
          understood which may be used to override the hardware watchdog
          time-out for the boot.

        * A new setting DefaultOOMScoreAdjust= is now supported in
          /etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
          to set the default process OOM score adjustment value for processes
          started by the service manager. For per-user service managers this
          now defaults to 100, but for per-system service managers is left as
          is. This means that by default now services forked off the user
          service manager are more likely to be killed by the OOM killer than
          system services or the managers themselves.

        * A new per-service setting RestrictFileSystems= as been added that
          restricts the file systems a service has access to by their type.
          This is based on the new BPF LSM of the Linux kernel. It provides an
          effective way to make certain API file systems unavailable to
          services (and thus minimizing attack surface). A new command
          "systemd-analyze filesystems" has been added that lists all known
          file system types (and how they are grouped together under useful
          group handles).

        * Services now support a new setting RestrictNetworkInterfaces= for
          restricting access to specific network interfaces.

        * Service unit files gained new settings StartupAllowedCPUs= and
          StartupAllowedMemoryNodes=. These are similar to their counterparts
          without the "Startup" prefix and apply during the boot process
          only. This is useful to improve boot-time behavior of the system and
          assign resources differently during boot than during regular
          runtime. This is similar to the preexisting StartupCPUWeight=
          vs. CPUWeight.

        * Related to this: the various StartupXYZ= settings
          (i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
          during shutdown. The settings not prefixed with "Startup" hence apply
          during regular runtime, and those that are prefixed like that apply
          during boot and shutdown.

        * A new per-unit set of conditions/asserts
          [Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
          unit skip/fail activation if the system's (or a slice's) memory/cpu/io
          pressure is above the configured threshold, using the kernel PSI
          feature. For more details see systemd.unit(5) and
          https://docs.kernel.org/accounting/psi.html

        * The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
          ProtectKernelLogs=yes can now be used.

        * The default maximum numbers of inodes have been raised from 64k to 1M
          for /dev/, and from 400k to 1M for /tmp/.

        * The per-user service manager learnt support for communicating with
          systemd-oomd to acquire OOM kill information.

        * A new service setting ExecSearchPath= has been added that allows
          changing the search path for executables for services. It affects
          where we look for the binaries specified in ExecStart= and similar,
          and the specified directories are also added the $PATH environment
          variable passed to invoked processes.

        * A new setting RuntimeRandomizedExtraSec= has been added for service
          and scope units that allows extending the runtime time-out as
          configured by RuntimeMaxSec= with a randomized amount.

        * The syntax of the service unit settings RuntimeDirectory=,
          StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
          if the specified value is now suffixed with a colon, followed by
          another filename, the latter will be created as symbolic link to the
          specified directory. This allows creating these service directories
          together with alias symlinks to make them available under multiple
          names.

        * Service unit files gained two new settings TTYRows=/TTYColumns= for
          configuring rows/columns of the TTY device passed to
          stdin/stdout/stderr of the service. This is useful to propagate TTY
          dimensions to a virtual machine.

        * A new service unit file setting ExitType= has been added that
          specifies when to assume a service has exited. By default systemd
          only watches the main process of a service. By setting
          ExitType=cgroup it can be told to wait for the last process in a
          cgroup instead.

        * Automount unit files gained a new setting ExtraOptions= that can be
          used to configure additional mount options to pass to the kernel when
          mounting the autofs instance.

        * "Urlification" (generation of ESC sequences that generate clickable
          hyperlinks in modern terminals) may now be turned off altogether
          during build-time.

        * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
          settings that default to 200 and 2 s respectively. The ratelimit
          ensures that a path unit cannot cause PID1 to busy-loop when it is
          trying to trigger a service that is skipped because of a Condition*=
          not being satisfied. This matches the configuration and behaviour of
          socket units.

        * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
          as a plug-in for cryptsetup. This means the plain cryptsetup command
          may now be used to unlock volumes set up this way.

        * The TPM2 logic in cryptsetup will now automatically detect systems
          where the TPM2 chip advertises SHA256 PCR banks but the firmware only
          updates the SHA1 banks. In such a case PCR policies will be
          automatically bound to the latter, not the former. This makes the PCR
          policies reliable, but of course do not provide the same level of
          trust as SHA256 banks.

        * The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
          RSA primary keys in addition to ECC, improving compatibility with
          TPM2 chips that do not support ECC. RSA keys are much slower to use
          than ECC, and hence are only used if ECC is not available.

        * /etc/crypttab gained support for a new token-timeout= setting for
          encrypted volumes that allows configuration of the maximum time to
          wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
          the logic will query the user for a regular passphrase/recovery key
          instead.

        * Support for activating dm-integrity volumes at boot via a new file
          /etc/integritytab and the tool systemd-integritysetup have been
          added. This is similar to /etc/crypttab and /etc/veritytab, but deals
          with dm-integrity instead of dm-crypt/dm-verity.

        * The systemd-veritysetup-generator now understands a new usrhash=
          kernel command line option for specifying the Verity root hash for
          the partition backing the /usr/ file system. A matching set of
          systemd.verity_usr_* kernel command line options has been added as
          well. These all work similar to the corresponding options for the
          root partition.

        * The sd-device API gained a new API call sd_device_get_diskseq() to
          return the DISKSEQ property of a device structure. The "disk
          sequence" concept is a new feature recently introduced to the Linux
          kernel that allows detecting reuse cycles of block devices, i.e. can
          be used to recognize when loopback block devices are reused for a
          different purpose or CD-ROM drives get their media changed.

        * A new unit systemd-boot-update.service has been added. If enabled
          (the default) and the sd-boot loader is detected to be installed, it
          is automatically updated to the newest version when out of date. This
          is useful to ensure the boot loader remains up-to-date, and updates
          automatically propagate from the OS tree in /usr/.

        * sd-boot will now build with SBAT by default in order to facilitate
          working with recent versions of Shim that require it to be present.

        * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
          This is used to robustly generate boot entry titles for Windows.

        * A new generic target unit factory-reset.target has been added. It is
          hooked into systemd-logind similar in fashion to
          reboot/poweroff/suspend/hibernate, and is supposed to be used to
          initiate a factory reset operation. What precisely this operation
          entails is up for the implementer to decide, the primary goal of the
          new unit is provide a framework where to plug in the implementation
          and how to trigger it.

        * A new meson build-time option 'clock-valid-range-usec-max' has been
          added which takes a time in µs and defaults to 15 years. If the RTC
          time is noticed to be more than the specified time ahead of the
          built-in epoch of systemd (which by default is the release timestamp
          of systemd) it is assumed that the RTC is not working correctly, and
          the RTC is reset to the epoch. (It already is reset to the epoch when
          noticed to be before it.) This should increase the chance that time
          doesn't accidentally jump too far ahead due to faulty hardware or
          batteries.

        * A new setting SaveIntervalSec= has been added to systemd-timesyncd,
          which may be used to automatically save the current system time to
          disk in regular intervals. This is useful to maintain a roughly
          monotonic clock even without RTC hardware and with some robustness
          against abnormal system shutdown.

        * systemd-analyze verify gained support for a pair of new --image= +
          --root= switches for verifying units below a specific root
          directory/image instead of on the host.

        * systemd-analyze verify gained support for verifying unit files under
          an explicitly specified unit name, independently of what the filename
          actually is.

        * systemd-analyze verify gained a new switch --recursive-errors= which
          controls whether to only fail on errors found in the specified units
          or recursively any dependent units.

        * systemd-analyze security now supports a new --offline mode for
          analyzing unit files stored on disk instead of loaded units. It may
          be combined with --root=/--image to analyze unit files under a root
          directory or disk image. It also learnt a new --threshold= parameter
          for specifying an exposure level threshold: if the exposure level
          exceeds the specified value the call will fail. It also gained a new
          --security-policy= switch for configuring security policies to
          enforce on the units. A policy is a JSON file that lists which tests
          shall be weighted how much to determine the overall exposure
          level. Altogether these new features are useful for fully automatic
          analysis and enforcement of security policies on unit files.

        * systemd-analyze security gain a new --json= switch for JSON output.

        * systemd-analyze learnt a new --quiet switch for reducing
          non-essential output. It's honored by the "dot", "syscall-filter",
          "filesystems" commands.

        * systemd-analyze security gained a --profile= option that can be used
          to take into account a portable profile when analyzing portable
          services, since a lot of the security-related settings are enabled
          through them.

        * systemd-analyze learnt a new inspect-elf verb that parses ELF core
          files, binaries and executables and prints metadata information,
          including the build-id and other info described on:
          https://systemd.io/COREDUMP_PACKAGE_METADATA/

        * .network files gained a new UplinkInterface= in the [IPv6SendRA]
          section, for automatically propagating DNS settings from other
          interfaces.

        * The static lease DHCP server logic in systemd-networkd may now serve
          IP addresses outside of the configured IP pool range for the server.

        * CAN support in systemd-networkd gained four new settings Loopback=,
          OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
          control modes. It gained a number of further settings for tweaking
          CAN timing quanta.

        * The [CAN] section in .network file gained new TimeQuantaNSec=,
          PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
          SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
          DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
          DataSyncJumpWidth= settings to control bit-timing processed by the
          CAN interface.

        * DHCPv4 client support in systemd-networkd learnt a new Label= option
          for configuring the address label to apply to configure IPv4
          addresses.

        * The [IPv6AcceptRA] section of .network files gained support for a new
          UseMTU= setting that may be used to control whether to apply the
          announced MTU settings to the local interface.

        * The [DHCPv4] section in .network file gained a new Use6RD= boolean
          setting to control whether the DHCPv4 client request and process the
          DHCP 6RD option.

        * The [DHCPv6PrefixDelegation] section in .network file is renamed to
          [DHCPPrefixDelegation], as now the prefix delegation is also supported
          with DHCPv4 protocol by enabling the Use6RD= setting.

        * The [DHCPPrefixDelegation] section in .network file gained a new
          setting UplinkInterface= to specify the upstream interface.

        * The [DHCPv6] section in .network file gained a new setting
          UseDelegatedPrefix= to control whether the delegated prefixes will be
          propagated to the downstream interfaces.

        * The [IPv6AcceptRA] section of .network files now understands two new
          settings UseGateway=/UseRoutePrefix= for explicitly configuring
          whether to use the relevant fields from the IPv6 Router Advertisement
          records.

        * The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
          has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
          settings in the [DHCPv6] section and the DHCPv6Client= setting in the
          [IPv6AcceptRA] section to control when the DHCPv6 client is started
          and how the delegated prefixes are handled by the DHCPv6 client.

        * The IPv6Token= section in the [Network] section is deprecated, and
          the [IPv6AcceptRA] section gained the Token= setting for its
          replacement. The [IPv6Prefix] section also gained the Token= setting.
          The Token= setting gained 'eui64' mode to explicitly configure an
          address with the EUI64 algorithm based on the interface MAC address.
          The 'prefixstable' mode can now optionally take a secret key. The
          Token= setting in the [DHCPPrefixDelegation] section now supports all
          algorithms supported by the same settings in the other sections.

        * The [RoutingPolicyRule] section of .network file gained a new
          SuppressInterfaceGroup= setting.

        * The IgnoreCarrierLoss= setting in the [Network] section of .network
          files now allows a duration to be specified, controlling how long to
          wait before reacting to carrier loss.

        * The [DHCPServer] section of .network file gained a new Router=
          setting to specify the router address.

        * The [CAKE] section of .network files gained various new settings
          AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
          MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
          and UseRawPacketSize= for configuring CAKE.

        * systemd-networkd now ships with new default .network files:
          80-container-vb.network which matches host-side network bridge device
          created by systemd-nspawn's --network-bridge or --network-zone
          switch, and 80-6rd-tunnel.network which matches automatically created
          sit tunnel with 6rd prefix when the DHCP 6RD option is received.

        * systemd-networkd's handling of Endpoint= resolution for WireGuard
          interfaces has been improved.

        * systemd-networkd will now automatically configure routes to addresses
          specified in AllowedIPs=. This feature can be controlled via
          RouteTable= and RouteMetric= settings in [WireGuard] or
          [WireGuardPeer] sections.

        * systemd-networkd will now once again automatically generate persistent
          MAC addresses for batadv and bridge interfaces. Users can disable this
          by using MACAddress=none in .netdev files.

        * systemd-networkd and systemd-udevd now support IP over InfiniBand
          interfaces. The Kind= setting in .netdev file accepts "ipoib". And
          systemd.netdev files gained the [IPoIB] section.

        * systemd-networkd and systemd-udevd now support net.ifname_policy=
          option on the kernel command-line. This is implemented through the
          systemd-network-generator service that automatically generates
          appropriate .link, .network, and .netdev files.

        * The various systemd-udevd "ethtool" buffer settings now understand
          the special value "max" to configure the buffers to the maximum the
          hardware supports.

        * systemd-udevd's .link files may now configure a large variety of
          NIC coalescing settings, plus more hardware offload settings.

        * .link files gained a new WakeOnLanPassword= setting in the [Link]
          section that allows to specify a WoL "SecureOn" password on hardware
          that supports this.

        * systemd-nspawn's --setenv= switch now supports an additional syntax:
          if only a variable name is specified (i.e. without being suffixed by
          a '=' character and a value) the current value of the environment
          variable is propagated to the container. e.g. --setenv=FOO will
          lookup the current value of $FOO in the environment, and pass it down
          to the container. Similar behavior has been added to homectl's,
          machinectl's and systemd-run's --setenv= switch.

        * systemd-nspawn gained a new switch --suppress-sync= which may be used
          to optionally suppress the effect of the sync()/fsync()/fdatasync()
          system calls for the container payload. This is useful for build
          system environments where safety against abnormal system shutdown is
          not essential as all build artifacts can be regenerated any time, but
          the performance win is beneficial.

        * systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
          same value that PID 1 uses for most forked off processes.

        * systemd-nspawn's --bind=/--bind-ro= switches now optionally take
          uidmap/nouidmap options as last parameter. If "uidmap" is used the
          bind mounts are created with UID mapping taking place that ensures
          the host's file ownerships are mapped 1:1 to container file
          ownerships, even if user namespacing is used. This way
          files/directories bound into containers will no longer show up as
          owned by the nobody user as they typically did if no special care was
          taken to shift them manually.

        * When discovering Windows installations sd-boot will now attempt to
          show the Windows version.

        * The color scheme to use in sd-boot may now be configured at
          build-time.

        * sd-boot gained the ability to change screen resolution during
          boot-time, by hitting the "r" key. This will cycle through available
          resolutions and save the last selection.

        * sd-boot learnt a new hotkey "f". When pressed the system will enter
          firmware setup. This is useful in environments where it is difficult
          to hit the right keys early enough to enter the firmware, and works
          on any firmware regardless which key it natively uses.

        * sd-boot gained support for automatically booting into the menu item
          selected on the last boot (using the "@saved" identifier for menu
          items).

        * sd-boot gained support for automatically loading all EFI drivers
          placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
          Partition (ESP). These drivers are loaded before the menu entries are
          loaded. This is useful e.g. to load additional file system drivers
          for the XBOOTLDR partition.

        * systemd-boot will now paint the input cursor on its own instead of
          relying on the firmware to do so, increasing compatibility with broken
          firmware that doesn't make the cursor reasonably visible.

        * sd-boot now embeds a .osrel PE section like we expect from Boot
          Loader Specification Type #2 Unified Kernels. This means sd-boot
          itself may be used in place of a Type #2 Unified Kernel. This is
          useful for debugging purposes as it allows chain-loading one a
          (development) sd-boot instance from another.

        * sd-boot now supports a new "devicetree" field in Boot Loader
          Specification Type #1 entries: if configured the specified device
          tree file is installed before the kernel is invoked. This is useful
          for installing/applying new devicetree files without updating the
          kernel image.

        * Similarly, sd-stub now can read devicetree data from a PE section
          ".dtb" and apply it before invoking the kernel.

        * sd-stub (the EFI stub that can be glued in front of a Linux kernel)
          gained the ability to pick up credentials and sysext files, wrap them
          in a cpio archive, and pass as an additional initrd to the invoked
          Linux kernel, in effect placing those files in the /.extra/ directory
          of the initrd environment. This is useful to implement trusted initrd
          environments which are fully authenticated but still can be extended
          (via sysexts) and parameterized (via encrypted/authenticated
          credentials, see above).

          Credentials can be located next to the kernel image file (credentials
          specific to a single boot entry), or in one of the shared directories
          (credentials applicable to multiple boot entries).

        * sd-stub now comes with a full man page, that explains its feature set
          and how to combine a kernel image, an initrd and the stub to build a
          complete EFI unified kernel image, implementing Boot Loader
          Specification Type #2.

        * sd-stub may now provide the initrd to the executed kernel via the
          LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
          non-x86 architectures.

        * bootctl learnt new set-timeout and set-timeout-oneshot commands that
          may be used to set the boot menu time-out of the boot loader (for all
          or just the subsequent boot).

        * bootctl and kernel-install will now read variables
          KERNEL_INSTALL_LAYOUT= from /etc/machine-info and layout= from
          /etc/kernel/install.conf. When set, it specifies the layout to use
          for installation directories on the boot partition, so that tools
          don't need to guess it based on the already-existing directories. The
          only value that is defined natively is "bls", corresponding to the
          layout specified in
          https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
          kernel-install that implement a different layout can declare other
          values for this variable.

          'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
          assumption that if the user installed sd-boot to the ESP, they intend
          to use the entry layout understood by sd-boot. It'll also write
          KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
          (and it wasn't specified in the config file yet). Similarly,
          kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
          wasn't specified in the config file yet). Effectively, those changes
          mean that the machine-id used for boot loader entry installation is
          "frozen" upon first use and becomes independent of the actual
          machine-id.

          Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
          images created for distribution ("golden images") are built with no
          machine-id, so that a unique machine-id can be created on the first
          boot. But those images may contain boot loader entries with the
          machine-id used during build included in paths. Using a "frozen"
          value allows unambiguously identifying entries that match the
          specific installation, while still permitting parallel installations
          without conflict.

          Configuring KERNEL_INSTALL_LAYOUT obviates the need for
          kernel-install to guess the installation layout. This fixes the
          problem where a (possibly empty) directory in the boot partition is
          created from a different layout causing kernel-install plugins to
          assume the wrong layout. A particular example of how this may happen
          is the grub2 package in Fedora which includes directories under /boot
          directly in its file list. Various other packages pull in grub2 as a
          dependency, so it may be installed even if unused, breaking
          installations that use the bls layout.

        * bootctl and systemd-bless-boot can now be linked statically.

        * systemd-sysext now optionally doesn't insist on extension-release.d/
          files being placed in the image under the image's file name. If the
          file system xattr user.extension-release.strict is set on the
          extension release file, it is accepted regardless of its name. This
          relaxes security restrictions a bit, as system extension may be
          attached under a wrong name this way.

        * udevadm's test-builtin command learnt a new --action= switch for
          testing the built-in with the specified action (in place of the
          default 'add').

        * udevadm info gained new switches --property=/--value for showing only
          specific udev properties/values instead of all.

        * A new hwdb database has been added that contains matches for various
          types of signal analyzers (protocol analyzers, logic analyzers,
          oscilloscopes, multimeters, bench power supplies, etc.) that should
          be accessible to regular users.

        * A new hwdb database entry has been added that carries information
          about types of cameras (regular or infrared), and in which direction
          they point (front or back).

        * A new rule to allow console users access to rfkill by default has been
          added to hwdb.

        * Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
          now also owned by the system group "sgx".

        * A new build-time meson option "extra-net-naming-schemes=" has been
          added to define additional naming schemes for udev's network
          interface naming logic. This is useful for enterprise distributions
          and similar which want to pin the schemes of certain distribution
          releases under a specific name and previously had to patch the
          sources to introduce new named schemes.

        * The predictable naming logic for network interfaces has been extended
          to generate stable names from Xen netfront device information.

        * hostnamed's chassis property can now be sourced from chassis-type
          field encoded in devicetree (in addition to the existing DMI
          support).

        * systemd-cgls now optionally displays cgroup IDs and extended
          attributes for each cgroup. (Controllable via the new --xattr= +
          --cgroup-id= switches.)

        * coredumpctl gained a new --all switch for operating on all
          Journal files instead of just the local ones.

        * systemd-coredump will now use libdw/libelf via dlopen() rather than
          directly linking, allowing users to easily opt-out of backtrace/metadata
          analysis of core files, and reduce image sizes when this is not needed.

        * systemd-coredump will now analyze core files with libdw/libelf in a
          forked, sandboxed process.

        * systemd-homed will now try to unmount an activate home area in
          regular intervals once the user logged out fully. Previously this was
          attempted exactly once but if the home directory was busy for some
          reason it was not tried again.

        * systemd-homed's LUKS2 home area backend will now create a BSD file
          system lock on the image file while the home area is active
          (i.e. mounted). If a home area is found to be locked, logins are
          politely refused. This should improve behavior when using home areas
          images that are accessible via the network from multiple clients, and
          reduce the chance of accidental file system corruption in that case.

        * Optionally, systemd-homed will now drop the kernel buffer cache once
          a user has fully logged out, configurable via the new --drop-caches=
          homectl switch.

        * systemd-homed now makes use of UID mapped mounts for the home areas.
          If the kernel and used file system support it, files are now
          internally owned by the "nobody" user (i.e. the user typically used
          for indicating "this ownership is not mapped"), and dynamically
          mapped to the UID used locally on the system via the UID mapping
          mount logic of recent kernels. This makes migrating home areas
          between different systems cheaper because recursively chown()ing file
          system trees is no longer necessary.

        * systemd-homed's CIFS backend now optionally supports CIFS service
          names with a directory suffix, in order to place home directories in
          a subdirectory of a CIFS share, instead of the top-level directory.

        * systemd-homed's CIFS backend gained support for specifying additional
          mount options in the JSON user record (cifsExtraMountOptions field,
          and --cifs-extra-mount-options= homectl switch). This is for example
          useful for configuring mount options such as "noserverino" that some
          SMB3 services require (use that to run a homed home directory from a
          FritzBox SMB3 share this way).

        * systemd-homed will now default to btrfs' zstd compression for home
          areas. This is inspired by Fedora's recent decision to switch to zstd
          by default.

        * Additional mount options to use when mounting the file system of
          LUKS2 volumes in systemd-homed has been added. Via the
          $SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, $SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
          $SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
          systemd-homed or via the luksExtraMountOptions user record JSON
          property. (Exposed via homectl --luks-extra-mount-options)

        * homectl's resize command now takes the special size specifications
          "min" and "max" to shrink/grow the home area to the minimum/maximum
          size possible, taking disk usage/space constraints and file system
          limitations into account. Resizing is now generally graceful: the
          logic will try to get as close to the specified size as possible, but
          not consider it a failure if the request couldn't be fulfilled
          precisely.

        * systemd-homed gained the ability to automatically shrink home areas
          on logout to their minimal size and grow them again on next
          login. This ensures that while inactive, a home area only takes up
          the minimal space necessary, but once activated, it provides
          sufficient space for the user's needs. This behavior is only
          supported if btrfs is used as file system inside the home area
          (because only for btrfs online growing/shrinking is implemented in
          the kernel). This behavior is now enabled by default, but may be
          controlled via the new --auto-resize-mode= setting of homectl.

        * systemd-homed gained support for automatically re-balancing free disk
          space among active home areas, in case the LUKS2 backends are used,
          and no explicit disk size was requested. This way disk space is
          automatically managed and home areas resized in regular intervals and
          manual resizing when disk space becomes scarce should not be
          necessary anymore. This behavior is only supported if btrfs is used
          within the home areas (as only then online shrinking and growing is
          supported), and may be configured via the new rebalanceWeight JSON
          user record field (as exposed via the new --rebalance-weight= homectl
          setting). Re-balancing is mostly automatic, but can also be requested
          explicitly via "homectl rebalance", which is synchronous, and thus
          may be used to wait until the rebalance run is complete.

        * userdbctl gained a --json= switch for configured the JSON formatting
          to use when outputting user or group records.

        * userdbctl gained a new --multiplexer= switch for explicitly
          configuring whether to use the systemd-userdbd server side user
          record resolution logic.

        * userdbctl's ssh-authorized-keys command learnt a new --chain switch,
          for chaining up another command to execute after completing the
          look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
          configuration of a single command to invoke, this maybe used to
          invoke multiple: first userdbctl's own implementation, and then any
          other also configured in the command line.

        * The sd-event API gained a new function sd_event_add_inotify_fd() that
          is similar to sd_event_add_inotify() but accepts a file descriptor
          instead of a path in the file system for referencing the inode to
          watch.

        * The sd-event API gained a new function
          sd_event_source_set_ratelimit_expire_callback() that may be used to
          define a callback function that is called whenever an event source
          leaves the rate limiting phase.

        * New documentation has been added explaining which steps are necessary
          to port systemd to a new architecture:

          https://systemd.io/PORTING_TO_NEW_ARCHITECTURES

        * The x-systemd.makefs option in /etc/fstab now explicitly supports
          ext2, ext3, and f2fs file systems.

        * Mount units and units generated from /etc/fstab entries with 'noauto'
          are now ordered the same as other units. Effectively, they will be
          started earlier (if something actually pulled them in) and stopped
          later, similarly to normal mount units that are part of
          fs-local.target. This change should be invisible to users, but
          should prevent those units from being stopped too early during
          shutdown.

        * The systemd-getty-generator now honors a new kernel command line
          argument systemd.getty_auto= and a new environment variable
          $SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
          example useful to turn off gettys inside of containers or similar
          environments.

        * systemd-resolved now listens on a second DNS stub address: 127.0.0.54
          (in addition to 127.0.0.53, as before). If DNS requests are sent to
          this address they are propagated in "bypass" mode only, i.e. are
          almost not processed locally, but mostly forwarded as-is to the
          current upstream DNS servers. This provides a stable DNS server
          address that proxies all requests dynamically to the right upstream
          DNS servers even if these dynamically change. This stub does not do
          mDNS/LLMNR resolution. However, it will translate look-ups to
          DNS-over-TLS if necessary. This new stub is particularly useful in
          container/VM environments, or for tethering setups: use DNAT to
          redirect traffic to any IP address to this stub.

        * systemd-importd now honors new environment variables
          $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA,
          $SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
          generation, btrfs quota setup and disk synchronization.

        * systemd-importd and systemd-resolved can now be optionally built with
          OpenSSL instead of libgcrypt.

        * systemd-repart no longer requires OpenSSL.

        * systemd-sysusers will no longer create the redundant 'nobody' group
          by default, as the 'nobody' user is already created with an
          appropriate primary group.

        * If a unit uses RuntimeMaxSec, systemctl show will now display it.

        * systemctl show-environment gained support for --output=json.

        * pam_systemd will now first try to use the X11 abstract socket, and
          fallback to the socket file in /tmp/.X11-unix/ only if that does not
          work.

        * systemd-journald will no longer go back to volatile storage
          regardless of configuration when its unit is restarted.

        * Initial support for the LoongArch architecture has been added (system
          call lists, GPT partition table UUIDs, etc).

        * systemd-journald's own logging messages are now also logged to the
          journal itself when systemd-journald logs to /dev/kmsg.

        * systemd-journald now re-enables COW for archived journal files on
          filesystems that support COW. One benefit of this change is that
          archived journal files will now get compressed on btrfs filesystems
          that have compression enabled.

        * systemd-journald now deduplicates fields in a single log message
          before adding it to the journal. In archived journal files, it will
          also punch holes for unused parts and truncate the file as
          appropriate, leading to reductions in disk usage.

        * journalctl --verify was extended with more informative error
          messages.

        * More of sd-journal's functions are now resistant against journal file
          corruption.

        * The shutdown command learnt a new option --show, to display the
          scheduled shutdown.

        * A LICENSES/ directory is now included in the git tree. It contains a
          README.md file that explains the licenses used by source files in
          this repository. It also contains the text of all applicable
          licenses as they appear on spdx.org.

        Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
        Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
        alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
        Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
        Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
        Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
        Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
        Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
        Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
        Christian Brauner, Christian Göttsche, Christian Wehrli,
        Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
        Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
        David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
        Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
        Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
        Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
        Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
        Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
        Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
        Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
        I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
        Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
        jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
        Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
        Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
        Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
        lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
        Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
        Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
        Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
        Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
        Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
        Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
        nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
        Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
        Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
        Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
        Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
        StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
        Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
        Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
        Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
        Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
        xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
        Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
        Дамјан Георгиевски, наб

        — Warsaw, 2021-12-23

CHANGES WITH 249:

        * When operating on disk images via the --image= switch of various
          tools (such as systemd-nspawn or systemd-dissect), or when udev finds
          no 'root=' parameter on the kernel command line, and multiple
          suitable root or /usr/ partitions exist in the image, then a simple
          comparison inspired by strverscmp() is done on the GPT partition
          label, and the newest partition is picked. This permits a simple and
          generic whole-file-system A/B update logic where new operating system
          versions are dropped into partitions whose label is then updated with
          a matching version identifier.

        * systemd-sysusers now supports querying the passwords to set for the
          users it creates via the "credentials" logic introduced in v247: the
          passwd.hashed-password.<user> and passwd.plaintext-password.<user>
          credentials are consulted for the password to use (either in UNIX
          hashed form, or literally). By default these credentials are inherited
          down from PID1 (which in turn imports it from a container manager if
          there is one). This permits easy configuration of user passwords
          during first boot. Example:

          # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo

          Note that systemd-sysusers operates in purely additive mode: it
          executes no operation if the declared users already exist, and hence
          doesn't set any passwords as effect of the command line above if the
          specified root user exists already in the image. (Note that
          --volatile=yes ensures it doesn't, though.)

        * systemd-firstboot now also supports querying various system
          parameters via the credential subsystems. Thus, as above this may be
          used to initialize important system parameters on first boot of
          previously unprovisioned images (i.e. images with a mostly empty
          /etc/).

        * PID 1 may now show both the unit name and the unit description
          strings in its status output during boot. This may be configured with
          StatusUnitFormat=combined in system.conf or
          systemd.status-unit-format=combined on the kernel command line.

        * The systemd-machine-id-setup tool now supports a --image= switch for
          provisioning a machine ID file into an OS disk image, similar to how
          --root= operates on an OS file tree. This matches the existing switch
          of the same name for systemd-tmpfiles, systemd-firstboot, and
          systemd-sysusers tools.

        * Similarly, systemd-repart gained support for the --image= switch too.
          In combination with the existing --size= option, this makes the tool
          particularly useful for easily growing disk images in a single
          invocation, following the declarative rules included in the image
          itself.

        * systemd-repart's partition configuration files gained support for a
          new switch MakeDirectories= which may be used to create arbitrary
          directories inside file systems that are created, before registering
          them in the partition table. This is useful in particular for root
          partitions to create mount point directories for other partitions
          included in the image. For example, a disk image that contains a
          root, /home/, and /var/ partitions, may set MakeDirectories=yes to
          create /home/ and /var/ as empty directories in the root file system
          on its creation, so that the resulting image can be mounted
          immediately, even in read-only mode.

        * systemd-repart's CopyBlocks= setting gained support for the special
          value "auto". If used, a suitable matching partition on the booted OS
          is found as source to copy blocks from. This is useful when
          implementing replicating installers, that are booted from one medium
          and then stream their own root partition onto the target medium.

        * systemd-repart's partition configuration files gained support for a
          Flags=, a ReadOnly= and a NoAuto= setting, allowing control of these
          GPT partition flags for the created partitions: this is useful for
          marking newly created partitions as read-only, or as not being
          subject for automatic mounting from creation on.

        * The /etc/os-release file has been extended with two new (optional)
          variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
          information for OS images that are updated comprehensively and
          atomically as one image. Two new specifiers %M, %A now resolve to
          these two fields in the various configuration options that resolve
          specifiers.

        * portablectl gained a new switch --extension= for enabling portable
          service images with extensions that follow the extension image
          concept introduced with v248, and thus allows layering multiple
          images when setting up the root filesystem of the service.

        * systemd-coredump will now extract ELF build-id information from
          processes dumping core and include it in the coredump report.
          Moreover, it will look for ELF .note.package sections with
          distribution packaging meta-information about the crashing process.
          This is useful to directly embed the rpm or deb (or any other)
          package name and version in ELF files, making it easy to match
          coredump reports with the specific package for which the software was
          compiled. This is particularly useful on environments with ELF files
          from multiple vendors, different distributions and versions, as is
          common today in our containerized and sand-boxed world. For further
          information, see:

          https://systemd.io/COREDUMP_PACKAGE_METADATA

        * A new udev hardware database has been added for FireWire devices
          (IEEE 1394).

        * The "net_id" built-in of udev has been updated with three
          backwards-incompatible changes:

          - PCI hotplug slot names on s390 systems are now parsed as
            hexadecimal numbers. They were incorrectly parsed as decimal
            previously, or ignored if the name was not a valid decimal
            number.

          - PCI onboard indices up to 65535 are allowed. Previously, numbers
            above 16383 were rejected. This primarily impacts s390 systems,
            where values up to 65535 are used.

          - Invalid characters in interface names are replaced with "_".

          The new version of the net naming scheme is "v249". The previous
          scheme can be selected via the "net.naming_scheme=v247" kernel
          command line parameter.

        * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
          NULL bus object, for which they will return false. Or in other words,
          an unallocated bus connection is neither ready nor open.

        * The sd-device API acquired a new API function
          sd_device_get_usec_initialized() that returns the monotonic time when
          the udev device first appeared in the database.

        * sd-device gained a new APIs sd_device_trigger_with_uuid() and
          sd_device_get_trigger_uuid(). The former is similar to
          sd_device_trigger() but returns a randomly generated UUID that is
          associated with the synthetic uevent generated by the call. This UUID
          may be read from the sd_device object a monitor eventually receives,
          via the sd_device_get_trigger_uuid(). This interface requires kernel
          4.13 or above to work, and allows tracking a synthetic uevent through
          the entire device management stack. The "udevadm trigger --settle"
          logic has been updated to make use of this concept if available to
          wait precisely for the uevents it generates. "udevadm trigger" also
          gained a new parameter --uuid that prints the UUID for each generated
          uevent.

        * sd-device also gained new APIs sd_device_new_from_ifname() and
          sd_device_new_from_ifindex() for allocating an sd-device object for
          the specified network interface. The former accepts an interface name
          (either a primary or an alternative name), the latter an interface
          index.

        * The native Journal protocol has been documented. Clients may talk
          this as alternative to the classic BSD syslog protocol for locally
          delivering log records to the Journal. The protocol has been stable
          for a long time and in fact been implemented already in a variety
          of alternative client libraries. This documentation makes the support
          for that official:

          https://systemd.io/JOURNAL_NATIVE_PROTOCOL

        * A new BPFProgram= setting has been added to service files. It may be
          set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
          file, or a bind mount or symlink to one. This may be used to upload
          and manage BPF programs externally and then hook arbitrary systemd
          services into them.

        * The "home.arpa" domain that has been officially declared as the
          choice for domain for local home networks per RFC 8375 has been added
          to the default NTA list of resolved, since DNSSEC is generally not
          available on private domains.

        * The CPUAffinity= setting of unit files now resolves "%" specifiers.

        * A new ManageForeignRoutingPolicyRules= setting has been added to
          .network files which may be used to exclude foreign-created routing
          policy rules from systemd-networkd management.

        * systemd-network-wait-online gained two new switches -4 and -6 that
          may be used to tweak whether to wait for only IPv4 or only IPv6
          connectivity.

        * .network files gained a new RequiredFamilyForOnline= setting to
          fine-tune whether to require an IPv4 or IPv6 address in order to
          consider an interface "online".

        * networkctl will now show an over-all "online" state in the per-link
          information.

        * In .network files a new OutgoingInterface= setting has been added to
          specify the output interface in bridge FDB setups.

        * In .network files the Multipath group ID may now be configured for
          [NextHop] entries, via the new Group= setting.

        * The DHCP server logic configured in .network files gained a new
          setting RelayTarget= that turns the server into a DHCP server relay.
          The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
          to further tweak the DHCP relay behaviour.

        * The DHCP server logic also gained a new ServerAddress= setting in
          .network files that explicitly specifies the server IP address to
          use. If not specified, the address is determined automatically, as
          before.

        * The DHCP server logic in systemd-networkd gained support for static
          DHCP leases, configurable via the [DHCPServerStaticLease]
          section. This allows explicitly mapping specific MAC addresses to
          fixed IP addresses and vice versa.

        * The RestrictAddressFamilies= setting in service files now supports a
          new special value "none". If specified sockets of all address
          families will be made unavailable to services configured that way.

        * systemd-fstab-generator and systemd-repart have been updated to
          support booting from disks that carry only a /usr/ partition but no
          root partition yet, and where systemd-repart can add it in on the
          first boot. This is useful for implementing systems that ship with a
          single /usr/ file system, and whose root file system shall be set up
          and formatted on a LUKS-encrypted volume whose key is generated
          locally (and possibly enrolled in the TPM) during the first boot.

        * The [Address] section of .network files now accepts a new
          RouteMetric= setting that configures the routing metric to use for
          the prefix route created as effect of the address configuration.
          Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
          gained matching settings for their prefix routes. (The option of the
          same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
          it conceptually belongs there; the old option is still understood for
          compatibility.)

        * The DHCPv6 IAID and DUID are now explicitly configurable in .network
          files.

        * A new udev property ID_NET_DHCP_BROADCAST on network interface
          devices is now honoured by systemd-networkd, controlling whether to
          issue DHCP offers via broadcasting. This is used to ensure that s390
          layer 3 network interfaces work out-of-the-box with systemd-networkd.

        * nss-myhostname and systemd-resolved will now synthesize address
          records for a new special hostname "_outbound". The name will always
          resolve to the local IP addresses most likely used for outbound
          connections towards the default routes. On multi-homed hosts this is
          useful to have a stable handle referring to "the" local IP address
          that matters most, to the point where this is defined.

        * The Discoverable Partition Specification has been updated with a new
          GPT partition flag "grow-file-system" defined for its partition
          types. Whenever partitions with this flag set are automatically
          mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
          of systemd-nspawn or other tools; and as opposed to explicit mounting
          via /etc/fstab), the file system within the partition is
          automatically grown to the full size of the partition. If the file
          system size already matches the partition size this flag has no
          effect. Previously, this functionality has been available via the
          explicit x-systemd.growfs mount option, and this new flag extends
          this to automatically discovered mounts. A new GrowFileSystem=
          setting has been added to systemd-repart drop-in files that allows
          configuring this partition flag. This new flag defaults to on for
          partitions automatically created by systemd-repart, except if they
          are marked read-only. See the specification for further details:

          https://systemd.io/DISCOVERABLE_PARTITIONS

        * .network files gained a new setting RoutesToNTP= in the [DHCPv4]
          section. If enabled (which is the default), and an NTP server address
          is acquired through a DHCP lease on this interface an explicit route
          to this address is created on this interface to ensure that NTP
          traffic to the NTP server acquired on an interface is also routed
          through that interface. The pre-existing RoutesToDNS= setting that
          implements the same for DNS servers is now enabled by default.

        * A pair of service settings SocketBindAllow= + SocketBindDeny= have
          been added that may be used to restrict the network interfaces
          sockets created by the service may be bound to. This is implemented
          via BPF.

        * A new ConditionFirmware= setting has been added to unit files to
          conditionalize on certain firmware features. At the moment it may
          check whether running on a UEFI system, a device.tree system, or if
          the system is compatible with some specified device-tree feature.

        * A new ConditionOSRelease= setting has been added to unit files to
          check os-release(5) fields. The "=", "!=", "<", "<=", ">=", ">"
          operators may be used to check if some field has some specific value
          or do an alphanumerical comparison. Equality comparisons are useful
          for fields like ID, but relative comparisons for fields like
          VERSION_ID or IMAGE_VERSION.

        * hostnamed gained a new Describe() D-Bus method that returns a JSON
          serialization of the host data it exposes. This is exposed via
          "hostnamectl --json=" to acquire a host identity description in JSON.
          It's our intention to add a similar features to most services and
          objects systemd manages, in order to simplify integration with
          program code that can consume JSON.

        * Similarly, networkd gained a Describe() method on its Manager and
          Link bus objects. This is exposed via "networkctl --json=".

        * hostnamectl's various "get-xyz"/"set-xyz" verb pairs
          (e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
          been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
          that is used both to get the value (when no argument is given), and
          to set the value (when an argument is specified). The old names
          continue to be supported for compatibility.

        * systemd-detect-virt and ConditionVirtualization= are now able to
          correctly identify Amazon EC2 environments.

        * The LogLevelMax= setting of unit files now applies not only to log
          messages generated *by* the service, but also to log messages
          generated *about* the service by PID 1. To suppress logs concerning a
          specific service comprehensively, set this option to a high log
          level.

        * bootctl gained support for a new --make-machine-id-directory= switch
          that allows precise control on whether to create the top-level
          per-machine directory in the boot partition that typically contains
          Type 1 boot loader entries.

        * During build SBAT data to include in the systemd-boot EFI PE binaries
          may be specified now.

        * /etc/crypttab learnt a new option "headless". If specified any
          requests to query the user interactively for passwords or PINs will
          be skipped. This is useful on systems that are headless, i.e. where
          an interactive user is generally not present.

        * /etc/crypttab also learnt a new option "password-echo=" that allows
          configuring whether the encryption password prompt shall echo the
          typed password and if so, do so literally or via asterisks. (The
          default is the same behaviour as before: provide echo feedback via
          asterisks.)

        * FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
          systemd-homed has been updated to allow explicit configuration of the
          "user presence" and "user verification" checks, as well as whether a
          PIN is required for authentication, via the new switches
          --fido2-with-user-presence=, --fido2-with-user-verification=,
          --fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
          features are available, and may be enabled or disabled depends on the
          used FIDO2 token.

        * systemd-nspawn's --private-user= switch now accepts the special value
          "identity" which configures a user namespacing environment with an
          identity mapping of 65535 UIDs. This means the container UID 0 is
          mapped to the host UID 0, and the UID 1 to host UID 1. On first look
          this doesn't appear to be useful, however it does reduce the attack
          surface a bit, since the resulting container will possess process
          capabilities only within its namespace and not on the host.

        * systemd-nspawn's --private-user-chown switch has been replaced by a
          more generic --private-user-ownership= switch that accepts one of
          three values: "chown" is equivalent to the old --private-user-chown,
          and "off" is equivalent to the absence of the old switch. The value
          "map" uses the new UID mapping mounts of Linux 5.12 to map ownership
          of files and directories of the underlying image to the chosen UID
          range for the container. "auto" is equivalent to "map" if UID mapping
          mount are supported, otherwise it is equivalent to "chown". The short
          -U switch systemd-nspawn now implies --private-user-ownership=auto
          instead of the old --private-user-chown. Effectively this means: if
          the backing file system supports UID mapping mounts the feature is
          now used by default if -U is used. Generally, it's a good idea to use
          UID mapping mounts instead of recursive chown()ing, since it allows
          running containers off immutable images (since no modifications of
          the images need to take place), and share images between multiple
          instances. Moreover, the recursive chown()ing operation is slow and
          can be avoided. Conceptually it's also a good thing if transient UID
          range uses do not leak into persistent file ownership anymore. TLDR:
          finally, the last major drawback of user namespacing has been
          removed, and -U should always be used (unless you use btrfs, where
          UID mapped mounts do not exist; or your container actually needs
          privileges on the host).

        * nss-systemd now synthesizes user and group shadow records in addition
          to the main user and group records. Thus, hashed passwords managed by
          systemd-homed are now accessible via the shadow database.

        * The userdb logic (and thus nss-systemd, and so on) now read
          additional user/group definitions in JSON format from the drop-in
          directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
          /usr/lib/userdb/. This is a simple and powerful mechanism for making
          additional users available to the system, with full integration into
          NSS including the shadow databases. Since the full JSON user/group
          record format is supported this may also be used to define users with
          resource management settings and other runtime settings that
          pam_systemd and systemd-logind enforce at login.

        * The userdbctl tool gained two new switches --with-dropin= and
          --with-varlink= which can be used to fine-tune the sources used for
          user database lookups.

        * systemd-nspawn gained a new switch --bind-user= for binding a host
          user account into the container. This does three things: the user's
          home directory is bind mounted from the host into the container,
          below the /run/userdb/home/ hierarchy. A free UID is picked in the
          container, and a user namespacing UID mapping to the host user's UID
          installed. And finally, a minimal JSON user and group record (along
          with its hashed password) is dropped into /run/host/userdb/. These
          records are picked up automatically by the userdb drop-in logic
          describe above, and allow the user to login with the same password as
          on the host. Effectively this means: if host and container run new
          enough systemd versions making a host user available to the container
          is trivially simple.

        * systemd-journal-gatewayd now supports the switches --user, --system,
          --merge, --file= that are equivalent to the same switches of
          journalctl, and permit exposing only the specified subset of the
          Journal records.

        * The OnFailure= dependency between units is now augmented with a
          implicit reverse dependency OnFailureOf= (this new dependency cannot
          be configured directly it's only created as effect of an OnFailure=
          dependency in the reverse order — it's visible in "systemctl show"
          however). Similar, Slice= now has an reverse dependency SliceOf=,
          that is also not configurable directly, but useful to determine all
          units that are members of a slice.

        * A pair of new dependency types between units PropagatesStopTo= +
          StopPropagatedFrom= has been added, that allows propagation of unit
          stop events between two units. It operates similar to the existing
          PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.

        * A new dependency type OnSuccess= has been added (plus the reverse
          dependency OnSuccessOf=, which cannot be configured directly, but
          exists only as effect of the reverse OnSuccess=). It is similar to
          OnFailure=, but triggers in the opposite case: when a service exits
          cleanly. This allows "chaining up" of services where one or more
          services are started once another service has successfully completed.

        * A new dependency type Upholds= has been added (plus the reverse
          dependency UpheldBy=, which cannot be configured directly, but exists
          only as effect of Upholds=). This dependency type is a stronger form
          of Wants=: if a unit has an UpHolds= dependency on some other unit
          and the former is active then the latter is started whenever it is
          found inactive (and no job is queued for it). This is an alternative
          to Restart= inside service units, but less configurable, and the
          request to uphold a unit is not encoded in the unit itself but in
          another unit that intends to uphold it.

        * The systemd-ask-password tool now also supports reading passwords
          from the credentials subsystem, via the new --credential= switch.

        * The systemd-ask-password tool learnt a new switch --emoji= which may
          be used to explicit control whether the lock and key emoji (🔐) is
          shown in the password prompt on suitable TTYs.

        * The --echo switch of systemd-ask-password now optionally takes a
          parameter that controls character echo. It may either show asterisks
          (default, as before), turn echo off entirely, or echo the typed
          characters literally.

        * The systemd-ask-password tool also gained a new -n switch for
          suppressing output of a trailing newline character when writing the
          acquired password to standard output, similar to /bin/echo's -n
          switch.

        * New documentation has been added that describes the organization of
          the systemd source code tree:

          https://systemd.io/ARCHITECTURE

        * Units using ConditionNeedsUpdate= will no longer be activated in
          the initrd.

        * It is now possible to list a template unit in the WantedBy= or
          RequiredBy= settings of the [Install] section of another template
          unit, which will be instantiated using the same instance name.

        * A new MemoryAvailable property is available for units. If the unit,
          or the slices it is part of, have a memory limit set via MemoryMax=/
          MemoryHigh=, MemoryAvailable will indicate how much more memory the
          unit can claim before hitting the limits.

        * systemd-coredump will now try to stay below the cgroup memory limit
          placed on itself or one of the slices it runs under, if the storage
          area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
          since files written on such filesystems count toward the cgroup memory
          limit. If there is not enough available memory in such cases to store
          the core file uncompressed, systemd-coredump will skip to compressed
          storage directly (if enabled) and it will avoid analyzing the core file
          to print backtrace and metadata in the journal.

        * tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
          of a path matches the configured expectations, and remove it if not.

        * tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
          specify which of the several available filesystem timestamps (access
          time, birth time, change time, modification time) to look at when
          deciding whether a path has aged enough to be cleaned.

        * A new IPv6StableSecretAddress= setting has been added to .network
          files, which takes an IPv6 address to use as secret for IPv6 address
          generation.

        * The [DHCPServer] logic in .network files gained support for a new
          UplinkInterface= setting that permits configuration of the uplink
          interface name to propagate DHCP lease information from.

        * The WakeOnLan= setting in .link files now accepts a list of flags
          instead of a single one, to configure multiple wake-on-LAN policies.

        * User-space defined tracepoints (USDT) have been added to udev at
          strategic locations. This is useful for tracing udev behaviour and
          performance with bpftrace and similar tools.

        * systemd-journald-upload gained a new NetworkTimeoutSec= option for
          setting a network timeout time.

        * If a system service is running in a new mount namespace (RootDirectory=
          and friends), all file systems will be mounted with MS_NOSUID by
          default, unless the system is running with SELinux enabled.

        * When enumerating time zones the timedatectl tool will now consult the
          'tzdata.zi' file shipped by the IANA time zone database package, in
          addition to 'zone1970.tab', as before. This makes sure time zone
          aliases are now correctly supported. Some distributions so far did
          not install this additional file, most do however. If you
          distribution does not install it yet, it might make sense to change
          that.

        * Intel HID rfkill event is no longer masked, since it's the only
          source of rfkill event on newer HP laptops. To have both backward and
          forward compatibility, userspace daemon needs to debounce duplicated
          events in a short time window.

        Contributions from: Aakash Singh, adrian5, Albert Brox,
        Alexander Sverdlin, Alexander Tsoy, Alexey Rubtsov, alexlzhu,
        Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
        Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
        borna-blazevic, caoxia2008cxx, Carlo Teubner, Christian Göttsche,
        Christian Hesse, Daniel Schaefer, Dan Streetman,
        David Santamaría Rogado, David Tardon, Deepak Rawat, dgcampea,
        Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
        Eric Cook, Flos Lonicerae, Franck Bui, Francois Gervais,
        Frantisek Sumsal, Gibeom Gwon, gitm0, Hamish Moffatt, Hans de Goede,
        Harsh Barsaiyan, Henri Chain, Hristo Venev, Icenowy Zheng, Igor Zhbanov,
        imayoda, Jakub Warczarek, James Buren, Jan Janssen, Jan Macku,
        Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban, Jeremy Szu,
        Jérôme Carretero, Jesse Stricker, jiangchuangang, Joerg Behrmann,
        Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Juergen Hoetzel,
        Julia Kartseva, Kai-Heng Feng, Khem Raj, KoyamaSohei, laineantti,
        Lennart Poettering, LetzteInstanz, Luca Adrian L, Luca Boccassi,
        Lucas Magasweran, Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard,
        Masahiro Matsuya, Matt Johnston, Michael Catanzaro, Michal Koutný,
        Michal Sekletár, Mike Crowe, Mike Kazantsev, Milan, milaq,
        Miroslav Suchý, Morten Linderud, nerdopolis, nl6720, Noah Meyerhans,
        Oleg Popov, Olle Lundberg, Ondrej Kozina, Paweł Marciniak, Perry.Yuan,
        Peter Hutterer, Peter Kjellerstedt, Peter Morrow, Phaedrus Leeds,
        plattrap, qhill, Raul Tambre, Roman Beranek, Roshan Shariff,
        Ryan Hendrickson, Samuel BF, scootergrisen, Sebastian Blunt,
        Seong-ho Cho, Sergey Bugaev, Sevan Janiyan, Sibo Dong, simmon,
        Simon Watts, Srinidhi Kaushik, Štěpán Němec, Steve Bonds, Susant Sahani,
        sverdlin, syyhao1994, Takashi Sakamoto, Topi Miettinen, tramsay,
        Trent Piepho, Uwe Kleine-König, Viktor Mihajlovski, Vincent Dechenaux,
        Vito Caputo, William A. Kennington III, Yangyang Shen, Yegor Alexeyev,
        Yi Gao, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб

        — Edinburgh, 2021-07-07

CHANGES WITH 248:

        * A concept of system extension images is introduced. Such images may
          be used to extend the /usr/ and /opt/ directory hierarchies at
          runtime with additional files (even if the file system is read-only).
          When a system extension image is activated, its /usr/ and /opt/
          hierarchies and os-release information are combined via overlayfs
          with the file system hierarchy of the host OS.

          A new systemd-sysext tool can be used to merge, unmerge, list, and
          refresh system extension hierarchies. See
          https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.

          The systemd-sysext.service automatically merges installed system
          extensions during boot (before basic.target, but not in very early
          boot, since various file systems have to be mounted first).

          The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
          supported system extension level.

        * A new ExtensionImages= unit setting can be used to apply the same
          system extension image concept from systemd-sysext to the namespaced
          file hierarchy of specific services, following the same rules and
          constraints.

        * Support for a new special "root=tmpfs" kernel command-line option has
          been added. When specified, a tmpfs is mounted on /, and mount.usr=
          should be used to point to the operating system implementation.

        * A new configuration file /etc/veritytab may be used to configure
          dm-verity integrity protection for block devices. Each line is in the
          format "volume-name data-device hash-device roothash options",
          similar to /etc/crypttab.

        * A new kernel command-line option systemd.verity.root_options= may be
          used to configure dm-verity behaviour for the root device.

        * The key file specified in /etc/crypttab (the third field) may now
          refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
          acquired by connecting to that socket and reading from it. This
          allows the implementation of a service to provide key information
          dynamically, at the moment when it is needed.

        * When the hostname is set explicitly to "localhost", systemd-hostnamed
          will respect this. Previously such a setting would be mostly silently
          ignored. The goal is to honour configuration as specified by the
          user.

        * The fallback hostname that will be used by the system manager and
          systemd-hostnamed can now be configured in two new ways: by setting
          DEFAULT_HOSTNAME= in os-release(5), or by setting
          $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
          also be configured during compilation. The environment variable is
          intended for testing and local overrides, the os-release(5) field is
          intended to allow customization by different variants of a
          distribution that share the same compiled packages.

        * The environment block of the manager itself may be configured through
          a new ManagerEnvironment= setting in system.conf or user.conf. This
          complements existing ways to set the environment block (the kernel
          command line for the system manager, the inherited environment and
          user@.service unit file settings for the user manager).

        * systemd-hostnamed now exports the default hostname and the source of
          the configured hostname ("static", "transient", or "default") as
          D-Bus properties.

        * systemd-hostnamed now exports the "HardwareVendor" and
          "HardwareModel" D-Bus properties, which are supposed to contain a
          pair of cleaned up, human readable strings describing the system's
          vendor and model. It's typically sourced from the firmware's DMI
          tables, but may be augmented from a new hwdb database. hostnamectl
          shows this in the status output.

        * Support has been added to systemd-cryptsetup for extracting the
          PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
          metadata header. This allows the information how to open the
          encrypted device to be embedded directly in the device and obviates
          the need for configuration in an external file.

        * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
          TPM2 hardware, as well as FIDO2 security tokens (in addition to the
          pre-existing support for PKCS#11 security tokens).

        * systemd-repart may enroll encrypted partitions using TPM2
          hardware. This may be useful for example to create an encrypted /var
          partition bound to the machine on first boot.

        * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
          and PKCS#11 security tokens to LUKS volumes, list and destroy
          them. See:

          https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html

          It also supports enrolling "recovery keys" and regular passphrases.

        * The libfido2 dependency is now based on dlopen(), so that the library
          is used at runtime when installed, but is not a hard runtime
          dependency.

        * systemd-cryptsetup gained support for two new options in
          /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
          request synchronous processing of encryption/decryption IO.

        * The manager may be configured at compile time to use the fexecve()
          instead of the execve() system call when spawning processes. Using
          fexecve() closes a window between checking the security context of an
          executable and spawning it, but unfortunately the kernel displays
          stale information in the process' "comm" field, which impacts ps
          output and such.

        * The configuration option -Dcompat-gateway-hostname has been dropped.
          "_gateway" is now the only supported name.

        * The ConditionSecurity=tpm2 unit file setting may be used to check if
          the system has at least one TPM2 (tpmrm class) device.

        * A new ConditionCPUFeature= has been added that may be used to
          conditionalize units based on CPU features. For example,
          ConditionCPUFeature=rdrand will condition a unit so that it is only
          run when the system CPU supports the RDRAND opcode.

        * The existing ConditionControlGroupController= setting has been
          extended with two new values "v1" and "v2". "v2" means that the
          unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
          hierarchy or the hybrid hierarchy are used.

        * A new PrivateIPC= setting on a unit file allows executed processes to
          be moved into a private IPC namespace, with separate System V IPC
          identifiers and POSIX message queues.

          A new IPCNamespacePath= allows the unit to be joined to an existing
          IPC namespace.

        * The tables of system calls in seccomp filters are now automatically
          generated from kernel lists exported on
          https://fedora.juszkiewicz.com.pl/syscalls.html.

          The following architectures should now have complete lists:
          alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
          powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.

        * The MountAPIVFS= service file setting now additionally mounts a tmpfs
          on /run/ if it is not already a mount point. A writable /run/ has
          always been a requirement for a functioning system, but this was not
          guaranteed when using a read-only image.

          Users can always specify BindPaths= or InaccessiblePaths= as
          overrides, and they will take precedence. If the host's root mount
          point is used, there is no change in behaviour.

        * New bind mounts and file system image mounts may be injected into the
          mount namespace of a service (without restarting it). This is exposed
          respectively as 'systemctl bind <unit> <path>…' and
          'systemctl mount-image <unit> <image>…'.

        * The StandardOutput= and StandardError= settings can now specify files
          to be truncated for output (as "truncate:<path>").

        * The ExecPaths= and NoExecPaths= settings may be used to specify
          noexec for parts of the file system.

        * sd-bus has a new function sd_bus_open_user_machine() to open a
          connection to the session bus of a specific user in a local container
          or on the local host. This is exposed in the existing -M switch to
          systemctl and similar tools:

              systemctl --user -M lennart@foobar start foo

          This will connect to the user bus of a user "lennart" in container
          "foobar". If no container name is specified, the specified user on
          the host itself is connected to

              systemctl --user -M lennart@ start quux

        * sd-bus also gained a convenience function sd_bus_message_send() to
          simplify invocations of sd_bus_send(), taking only a single
          parameter: the message to send.

        * sd-event allows rate limits to be set on event sources, for dealing
          with high-priority event sources that might starve out others. See
          the new man page sd_event_source_set_ratelimit(3) for details.

        * systemd.link files gained a [Link] Promiscuous= switch, which allows
          the device to be raised in promiscuous mode.

          New [Link] TransmitQueues= and ReceiveQueues= settings allow the
          number of TX and RX queues to be configured.

          New [Link] TransmitQueueLength= setting allows the size of the TX
          queue to be configured.

          New [Link] GenericSegmentOffloadMaxBytes= and
          GenericSegmentOffloadMaxSegments= allow capping the packet size and
          the number of segments accepted in Generic Segment Offload.

        * systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
          wireless routing protocol that operates on ISO/OSI Layer 2 only and
          uses ethernet frames to route/bridge packets. This encompasses a new
          "batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
          new settings in .netdev files, and a new BatmanAdvanced= setting in
          .network files.

        * systemd.network files gained a [Network] RouteTable= configuration
          switch to select the routing policy table.

          systemd.network files gained a [RoutingPolicyRule] Type=
          configuration switch (one of "blackhole, "unreachable", "prohibit").

          systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
          RouteAllowList= settings to ignore/accept route advertisements from
          routers matching specified prefixes. The DenyList= setting has been
          renamed to PrefixDenyList= and a new PrefixAllowList= option has been
          added.

          systemd.network files gained a [DHCPv6] UseAddress= setting to
          optionally ignore the address provided in the lease.

          systemd.network files gained a [DHCPv6PrefixDelegation]
          ManageTemporaryAddress= switch.

          systemd.network files gained a new ActivationPolicy= setting which
          allows configuring how the UP state of an interface shall be managed,
          i.e. whether the interface is always upped, always downed, or may be
          upped/downed by the user using "ip link set dev".

        * The default for the Broadcast= setting in .network files has slightly
          changed: the broadcast address will not be configured for wireguard
          devices.

        * systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
          EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
          configuration options for VLAN packet handling.

        * udev rules may now set log_level= option. This allows debug logs to
          be enabled for select events, e.g. just for a specific subsystem or
          even a single device.

        * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
          DATA_PREPARED_ID properties for block devices with ISO9660 file
          systems.

        * udev now exports decoded DMI information about installed memory slots
          as device properties under the /sys/class/dmi/id/ pseudo device.

        * /dev/ is not mounted noexec anymore. This didn't provide any
          significant security benefits and would conflict with the executable
          mappings used with /dev/sgx device nodes. The previous behaviour can
          be restored for individual services with NoExecPaths=/dev (or by allow-
          listing and excluding /dev from ExecPaths=).

        * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
          and /dev/vhost-net are owned by the kvm group.

        * The hardware database has been extended with a list of fingerprint
          readers that correctly support USB auto-suspend using data from
          libfprint.

        * systemd-resolved can now answer DNSSEC questions through the stub
          resolver interface in a way that allows local clients to do DNSSEC
          validation themselves. For a question with DO+CD set, it'll proxy the
          DNS query and respond with a mostly unmodified packet received from
          the upstream server.

        * systemd-resolved learnt a new boolean option CacheFromLocalhost= in
          resolved.conf. If true the service will provide caching even for DNS
          lookups made to an upstream DNS server on the 127.0.0.1/::1
          addresses. By default (and when the option is false) systemd-resolved
          will not cache such lookups, in order to avoid duplicate local
          caching, under the assumption the local upstream server caches
          anyway.

        * systemd-resolved now implements RFC5001 NSID in its local DNS
          stub. This may be used by local clients to determine whether they are
          talking to the DNS resolver stub or a different DNS server.

        * When resolving host names and other records resolvectl will now
          report where the data was acquired from (i.e. the local cache, the
          network, locally synthesized, …) and whether the network traffic it
          effected was encrypted or not. Moreover the tool acquired a number of
          new options --cache=, --synthesize=, --network=, --zone=,
          --trust-anchor=, --validate= that take booleans and may be used to
          tweak a lookup, i.e. whether it may be answered from cached
          information, locally synthesized information, information acquired
          through the network, the local mDNS/LLMNR zone, the DNSSEC trust
          anchor, and whether DNSSEC validation shall be executed for the
          lookup.

        * systemd-nspawn gained a new --ambient-capability= setting
          (AmbientCapability= in .nspawn files) to configure ambient
          capabilities passed to the container payload.

        * systemd-nspawn gained the ability to configure the firewall using the
          nftables subsystem (in addition to the existing iptables
          support). Similarly, systemd-networkd's IPMasquerade= option now
          supports nftables as back-end, too. In both cases NAT on IPv6 is now
          supported too, in addition to IPv4 (the iptables back-end still is
          IPv4-only).

          "IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
          retains its meaning, but has been deprecated. Please switch to either
          "ivp4" or "both" (if covering IPv6 is desired).

        * systemd-importd will now download .verity and .roothash.p7s files
          along with the machine image (as exposed via machinectl pull-raw).

        * systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
          setting to configure the time a unit's cgroup needs to exceed memory
          pressure limits before action will be taken, and a new
          ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
          units.

          systemd-oomd is now considered fully supported (the usual
          backwards-compatibility promises apply). Swap is not required for
          operation, but it is still recommended.

        * systemd-timesyncd gained a new ConnectionRetrySec= setting which
          configures the retry delay when trying to contact servers.

        * systemd-stdio-bridge gained --system/--user options to connect to the
          system bus (previous default) or the user session bus.

        * systemd-localed may now call locale-gen to generate missing locales
          on-demand (UTF-8-only). This improves integration with Debian-based
          distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.

        * systemctl --check-inhibitors=true may now be used to obey inhibitors
          even when invoked non-interactively. The old --ignore-inhibitors
          switch is now deprecated and replaced by --check-inhibitors=false.

        * systemctl import-environment will now emit a warning when called
          without any arguments (i.e. to import the full environment block of
          the called program). This command will usually be invoked from a
          shell, which means that it'll inherit a bunch of variables which are
          specific to that shell, and usually to the TTY the shell is connected
          to, and don't have any meaning in the global context of the system or
          user service manager. Instead, only specific variables should be
          imported into the manager environment block.

          Similarly, programs which update the manager environment block by
          directly calling the D-Bus API of the manager, should also push
          specific variables, and not the full inherited environment.

        * systemctl's status output now shows unit state with a more careful
          choice of Unicode characters: units in maintenance show a "○" symbol
          instead of the usual "●", failed units show "×", and services being
          reloaded "↻".

        * coredumpctl gained a --debugger-arguments= switch to pass arguments
          to the debugger. It also gained support for showing coredump info in
          a simple JSON format.

        * systemctl/loginctl/machinectl's --signal= option now accept a special
          value "list", which may be used to show a brief table with known
          process signals and their numbers.

        * networkctl now shows the link activation policy in status.

        * Various tools gained --pager/--no-pager/--json= switches to
          enable/disable the pager and provide JSON output.

        * Various tools now accept two new values for the SYSTEMD_COLORS
          environment variable: "16" and "256", to configure how many terminal
          colors are used in output.

        * less 568 or newer is now required for the auto-paging logic of the
          various tools. Hyperlink ANSI sequences in terminal output are now
          used even if a pager is used, and older versions of less are not able
          to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
          disable this output again.

        * Builds with support for separate / and /usr/ hierarchies ("split-usr"
          builds, non-merged-usr builds) are now officially deprecated. A
          warning is emitted during build. Support is slated to be removed in
          about a year (when the Debian Bookworm release development starts).

        * Systems with the legacy cgroup v1 hierarchy are now marked as
          "tainted", to make it clearer that using the legacy hierarchy is not
          recommended.

        * systemd-localed will now refuse to configure a keymap which is not
          installed in the file system. This is intended as a bug fix, but
          could break cases where systemd-localed was used to configure the
          keymap in advanced of it being installed. It is necessary to install
          the keymap file first.

        * The main git development branch has been renamed to 'main'.

        * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
          for partitions, as in the vast majority of cases they contain none
          and are used internally by the bootloader (eg: uboot).

        * systemd will now set the $SYSTEMD_EXEC_PID environment variable for
          spawned processes to the PID of the process itself. This may be used
          by programs for detecting whether they were forked off by the service
          manager itself or are a process forked off further down the tree.

        * The sd-device API gained four new calls: sd_device_get_action() to
          determine the uevent add/remove/change/… action the device object has
          been seen for, sd_device_get_seqno() to determine the uevent sequence
          number, sd_device_new_from_stat_rdev() to allocate a new sd_device
          object from stat(2) data of a device node, and sd_device_trigger() to
          write to the 'uevent' attribute of a device.

        * For most tools the --no-legend= switch has been replaced by
          --legend=no and --legend=yes, to force whether tables are shown with
          headers/legends.

        * Units acquired a new property "Markers" that takes a list of zero,
          one or two of the following strings: "needs-reload" and
          "needs-restart". These markers may be set via "systemctl
          set-property". Once a marker is set, "systemctl reload-or-restart
          --marked" may be invoked to execute the operation the units are
          marked for. This is useful for package managers that want to mark
          units for restart/reload while updating, but effect the actual
          operations at a later step at once.

        * The sd_bus_message_read_strv() API call of sd-bus may now also be
          used to parse arrays of D-Bus signatures and D-Bus paths, in addition
          to regular strings.

        * bootctl will now report whether the UEFI firmware used a TPM2 device
          and measured the boot process into it.

        * systemd-tmpfiles learnt support for a new environment variable
          $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
          the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
          even if the root fs of the system is not itself a btrfs volume.

        * systemd-detect-virt/ConditionVirtualization= will now explicitly
          detect Docker/Podman environments where possible. Moreover, they
          should be able to generically detect any container manager as long as
          it assigns the container a cgroup.

        * portablectl gained a new "reattach" verb for detaching/reattaching a
          portable service image, useful for updating images on-the-fly.

        * Intel SGX enclave device nodes (which expose a security feature of
          newer Intel CPUs) will now be owned by a new system group "sgx".

        Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
        Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
        Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
        Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
        A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
        caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
        Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
        Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
        Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
        Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
        Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
        feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
        Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
        Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
        Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
        Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
        Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
        Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
        Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
        Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
        l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
        Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
        Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
        Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
        Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
        Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
        Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
        Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
        Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
        Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
        Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
        Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
        Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
        Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
        walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
        Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
        Zmicer Turok, Дамјан Георгиевски

        — Berlin, 2021-03-30

CHANGES WITH 247:

        * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
          "bind" and "unbind" to the Linux device model. When this kernel
          change was made, systemd-udevd was only minimally updated to handle
          and propagate these new event types. The introduction of these new
          uevents (which are typically generated for USB devices and devices
          needing a firmware upload before being functional) resulted in a
          number of issues which we so far didn't address. We hoped the kernel
          maintainers would themselves address these issues in some form, but
          that did not happen. To handle them properly, many (if not most) udev
          rules files shipped in various packages need updating, and so do many
          programs that monitor or enumerate devices with libudev or sd-device,
          or otherwise process uevents. Please note that this incompatibility
          is not fault of systemd or udev, but caused by an incompatible kernel
          change that happened back in Linux 4.14, but is becoming more and
          more visible as the new uevents are generated by more kernel drivers.

          To minimize issues resulting from this kernel change (but not avoid
          them entirely) starting with systemd-udevd 247 the udev "tags"
          concept (which is a concept for marking and filtering devices during
          enumeration and monitoring) has been reworked: udev tags are now
          "sticky", meaning that once a tag is assigned to a device it will not
          be removed from the device again until the device itself is removed
          (i.e. unplugged). This makes sure that any application monitoring
          devices that match a specific tag is guaranteed to both see uevents
          where the device starts being relevant, and those where it stops
          being relevant (the latter now regularly happening due to the new
          "unbind" uevent type). The udev tags concept is hence now a concept
          tied to a *device* instead of a device *event* — unlike for example
          udev properties whose lifecycle (as before) is generally tied to a
          device event, meaning that the previously determined properties are
          forgotten whenever a new uevent is processed.

          With the newly redefined udev tags concept, sometimes it's necessary
          to determine which tags are the ones applied by the most recent
          uevent/database update, in order to discern them from those
          originating from earlier uevents/database updates of the same
          device. To accommodate for this a new automatic property CURRENT_TAGS
          has been added that works similar to the existing TAGS property but
          only lists tags set by the most recent uevent/database
          update. Similarly, the libudev/sd-device API has been updated with
          new functions to enumerate these 'current' tags, in addition to the
          existing APIs that now enumerate the 'sticky' ones.

          To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
          essential that all udev rules files and applications are updated to
          handle the new events. Specifically:

          • All rule files that currently use a header guard similar to
            ACTION!="add|change",GOTO="xyz_end" should be updated to use
            ACTION=="remove",GOTO="xyz_end" instead, so that the
            properties/tags they add are also applied whenever "bind" (or
            "unbind") is seen. (This is most important for all physical device
            types — those for which "bind" and "unbind" are currently
            generated, for all other device types this change is still
            recommended but not as important — but certainly prepares for
            future kernel uevent type additions).

          • Similarly, all code monitoring devices that contains an 'if' branch
            discerning the "add" + "change" uevent actions from all other
            uevents actions (i.e. considering devices only relevant after "add"
            or "change", and irrelevant on all other events) should be reworked
            to instead negatively check for "remove" only (i.e. considering
            devices relevant after all event types, except for "remove", which
            invalidates the device). Note that this also means that devices
            should be considered relevant on "unbind", even though conceptually
            this — in some form — invalidates the device. Since the precise
            effect of "unbind" is not generically defined, devices should be
            considered relevant even after "unbind", however I/O errors
            accessing the device should then be handled gracefully.

          • Any code that uses device tags for deciding whether a device is
            relevant or not most likely needs to be updated to use the new
            udev_device_has_current_tag() API (or sd_device_has_current_tag()
            in case sd-device is used), to check whether the tag is set at the
            moment an uevent is seen (as opposed to the existing
            udev_device_has_tag() API which checks if the tag ever existed on
            the device, following the API concept redefinition explained
            above).

          We are very sorry for this breakage and the requirement to update
          packages using these interfaces. We'd again like to underline that
          this is not caused by systemd/udev changes, but result of a kernel
          behaviour change.

        * UPCOMING INCOMPATIBILITY: So far most downstream distribution
          packages have not retriggered devices once the udev package (or any
          auxiliary package installing additional udev rules) is updated. We
          intend to work with major distributions to change this, so that
          "udevadm trigger -c change" is issued on such upgrades, ensuring that
          the updated ruleset is applied to the devices already discovered, so
          that (asynchronously) after the upgrade completed the udev database
          is consistent with the updated rule set. This means udev rules must
          be ready to be retriggered with a "change" action any time, and
          result in correct and complete udev database entries. While the
          majority of udev rule files known to us currently get this right,
          some don't. Specifically, there are udev rules files included in
          various packages that only set udev properties on the "add" action,
          but do not handle the "change" action. If a device matching those
          rules is retriggered with the "change" action (as is intended here)
          it would suddenly lose the relevant properties. This always has been
          problematic, but as soon as all udev devices are triggered on relevant
          package upgrades this will become particularly so. It is strongly
          recommended to fix offending rules so that they can handle a "change"
          action at any time, and acquire all necessary udev properties even
          then. Or in other words: the header guard mentioned above
          (ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
          this, as it makes sure rules are rerun on "change" correctly, and
          accumulate the correct and complete set of udev properties. udev rule
          definitions that cannot handle "change" events being triggered at
          arbitrary times should be considered buggy.

        * The MountAPIVFS= service file setting now defaults to on if
          RootImage= and RootDirectory= are used, which means that with those
          two settings /proc/, /sys/ and /dev/ are automatically properly set
          up for services. Previous behaviour may be restored by explicitly
          setting MountAPIVFS=off.

        * Since PAM 1.2.0 (2015) configuration snippets may be placed in
          /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
          latter it takes precedence over the former, similar to how most of
          systemd's own configuration is handled. Given that PAM stack
          definitions are primarily put together by OS vendors/distributions
          (though possibly overridden by users), this systemd release moves its
          own PAM stack configuration for the "systemd-user" PAM service (i.e.
          for the PAM session invoked by the per-user user@.service instance)
          from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
          packages' vendor versions of their PAM stack definitions from
          /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
          desired the location to which systemd installs its PAM stack
          configuration may be changed via the -Dpamconfdir Meson option.

        * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
          libpwquality and libcryptsetup have been changed to be based on
          dlopen(): instead of regular dynamic library dependencies declared in
          the binary ELF headers, these libraries are now loaded on demand
          only, if they are available. If the libraries cannot be found the
          relevant operations will fail gracefully, or a suitable fallback
          logic is chosen. This is supposed to be useful for general purpose
          distributions, as it allows minimizing the list of dependencies the
          systemd packages pull in, permitting building of more minimal OS
          images, while still making use of these "weak" dependencies should
          they be installed. Since many package managers automatically
          synthesize package dependencies from ELF shared library dependencies,
          some additional manual packaging work has to be done now to replace
          those (slightly downgraded from "required" to "recommended" or
          whatever is conceptually suitable for the package manager). Note that
          this change does not alter build-time behaviour: as before the
          build-time dependencies have to be installed during build, even if
          they now are optional during runtime.

        * sd-event.h gained a new call sd_event_add_time_relative() for
          installing timers relative to the current time. This is mostly a
          convenience wrapper around the pre-existing sd_event_add_time() call
          which installs absolute timers.

        * sd-event event sources may now be placed in a new "exit-on-failure"
          mode, which may be controlled via the new
          sd_event_source_get_exit_on_failure() and
          sd_event_source_set_exit_on_failure() functions. If enabled, any
          failure returned by the event source handler functions will result in
          exiting the event loop (unlike the default behaviour of just
          disabling the event source but continuing with the event loop). This
          feature is useful to set for all event sources that define "primary"
          program behaviour (where failure should be fatal) in contrast to
          "auxiliary" behaviour (where failure should remain local).

        * Most event source types sd-event supports now accept a NULL handler
          function, in which case the event loop is exited once the event
          source is to be dispatched, using the userdata pointer — converted to
          a signed integer — as exit code of the event loop. Previously this
          was supported for IO and signal event sources already. Exit event
          sources still do not support this (simply because it makes little
          sense there, as the event loop is already exiting when they are
          dispatched).

        * A new per-unit setting RootImageOptions= has been added which allows
          tweaking the mount options for any file system mounted as effect of
          the RootImage= setting.

        * Another new per-unit setting MountImages= has been added, that allows
          mounting additional disk images into the file system tree accessible
          to the service.

        * Timer units gained a new FixedRandomDelay= boolean setting. If
          enabled, the random delay configured with RandomizedDelaySec= is
          selected in a way that is stable on a given system (though still
          different for different units).

        * Socket units gained a new setting Timestamping= that takes "us", "ns"
          or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
          options.

        * systemd-repart now generates JSON output when requested with the new
          --json= switch.

        * systemd-machined's OpenMachineShell() bus call will now pass
          additional policy metadata data fields to the PolicyKit
          authentication request.

        * systemd-tmpfiles gained a new -E switch, which is equivalent to
          --exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
          --exclude=/sys. It's particularly useful in combination with --root=,
          when operating on OS trees that do not have any of these four runtime
          directories mounted, as this means no files below these subtrees are
          created or modified, since those mount points should probably remain
          empty.

        * systemd-tmpfiles gained a new --image= switch which is like --root=,
          but takes a disk image instead of a directory as argument. The
          specified disk image is mounted inside a temporary mount namespace
          and the tmpfiles.d/ drop-ins stored in the image are executed and
          applied to the image. systemd-sysusers similarly gained a new
          --image= switch, that allows the sysusers.d/ drop-ins stored in the
          image to be applied onto the image.

        * Similarly, the journalctl command also gained an --image= switch,
          which is a quick one-step solution to look at the log data included
          in OS disk images.

        * journalctl's --output=cat option (which outputs the log content
          without any metadata, just the pure text messages) will now make use
          of terminal colors when run on a suitable terminal, similarly to the
          other output modes.

        * JSON group records now support a "description" string that may be
          used to add a human-readable textual description to such groups. This
          is supposed to match the user's GECOS field which traditionally
          didn't have a counterpart for group records.

        * The "systemd-dissect" tool that may be used to inspect OS disk images
          and that was previously installed to /usr/lib/systemd/ has now been
          moved to /usr/bin/, reflecting its updated status of an officially
          supported tool with a stable interface. It gained support for a new
          --mkdir switch which when combined with --mount has the effect of
          creating the directory to mount the image to if it is missing
          first. It also gained two new commands --copy-from and --copy-to for
          copying files and directories in and out of an OS image without the
          need to manually mount it. It also acquired support for a new option
          --json= to generate JSON output when inspecting an OS image.

        * The cgroup2 file system is now mounted with the
          "memory_recursiveprot" mount option, supported since kernel 5.7. This
          means that the MemoryLow= and MemoryMin= unit file settings now apply
          recursively to whole subtrees.

        * systemd-homed now defaults to using the btrfs file system — if
          available — when creating home directories in LUKS volumes. This may
          be changed with the DefaultFileSystemType= setting in homed.conf.
          It's now the default file system in various major distributions and
          has the major benefit for homed that it can be grown and shrunk while
          mounted, unlike the other contenders ext4 and xfs, which can both be
          grown online, but not shrunk (in fact xfs is the technically most
          limited option here, as it cannot be shrunk at all).

        * JSON user records managed by systemd-homed gained support for
          "recovery keys". These are basically secondary passphrases that can
          unlock user accounts/home directories. They are computer-generated
          rather than user-chosen, and typically have greater entropy.
          homectl's --recovery-key= option may be used to add a recovery key to
          a user account. The generated recovery key is displayed as a QR code,
          so that it can be scanned to be kept in a safe place. This feature is
          particularly useful in combination with systemd-homed's support for
          FIDO2 or PKCS#11 authentication, as a secure fallback in case the
          security tokens are lost. Recovery keys may be entered wherever the
          system asks for a password.

        * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
          home directory which indicates that a home directory has not been
          deactivated cleanly when offline. This flag is useful to identify
          home directories for which the offline discard logic did not run when
          offlining, and where it would be a good idea to log in again to catch
          up.

        * systemctl gained a new parameter --timestamp= which may be used to
          change the style in which timestamps are output, i.e. whether to show
          them in local timezone or UTC, or whether to show µs granularity.

        * Alibaba's "pouch" container manager is now detected by
          systemd-detect-virt, ConditionVirtualization= and similar
          constructs. Similar, they now also recognize IBM PowerVM machine
          virtualization.

        * systemd-nspawn has been reworked to use the /run/host/incoming/ as
          place to use for propagating external mounts into the
          container. Similarly /run/host/notify is now used as the socket path
          for container payloads to communicate with the container manager
          using sd_notify(). The container manager now uses the
          /run/host/inaccessible/ directory to place "inaccessible" file nodes
          of all relevant types which may be used by the container payload as
          bind mount source to over-mount inodes to make them inaccessible.
          /run/host/container-manager will now be initialized with the same
          string as the $container environment variable passed to the
          container's PID 1. /run/host/container-uuid will be initialized with
          the same string as $container_uuid. This means the /run/host/
          hierarchy is now the primary way to make host resources available to
          the container. The Container Interface documents these new files and
          directories:

          https://systemd.io/CONTAINER_INTERFACE

        * Support for the "ConditionNull=" unit file condition has been
          deprecated and undocumented for 6 years. systemd started to warn
          about its use 1.5 years ago. It has now been removed entirely.

        * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
          a sd_bus_error struct and a list of error names, and checks if the
          error matches one of these names. It's a convenience wrapper that is
          useful in cases where multiple errors shall be handled the same way.

        * A new system call filter list "@known" has been added, that contains
          all system calls known at the time systemd was built.

        * Behaviour of system call filter allow lists has changed slightly:
          system calls that are contained in @known will result in EPERM by
          default, while those not contained in it result in ENOSYS. This
          should improve compatibility because known system calls will thus be
          communicated as prohibited, while unknown (and thus newer ones) will
          be communicated as not implemented, which hopefully has the greatest
          chance of triggering the right fallback code paths in client
          applications.

        * "systemd-analyze syscall-filter" will now show two separate sections
          at the bottom of the output: system calls known during systemd build
          time but not included in any of the filter groups shown above, and
          system calls defined on the local kernel but known during systemd
          build time.

        * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
          systemd-nspawn all system call filter violations will be logged by
          the kernel (audit). This is useful for tracking down system calls
          invoked by container payloads that are prohibited by the container's
          system call filter policy.

        * If the $SYSTEMD_SECCOMP=0 environment variable is set for
          systemd-nspawn (and other programs that use seccomp) all seccomp
          filtering is turned off.

        * Two new unit file settings ProtectProc= and ProcSubset= have been
          added that expose the hidepid= and subset= mount options of procfs.
          All processes of the unit will only see processes in /proc that are
          are owned by the unit's user. This is an important new sandboxing
          option that is recommended to be set on all system services. All
          long-running system services that are included in systemd itself set
          this option now. This option is only supported on kernel 5.8 and
          above, since the hidepid= option supported on older kernels was not a
          per-mount option but actually applied to the whole PID namespace.

        * Socket units gained a new boolean setting FlushPending=. If enabled
          all pending socket data/connections are flushed whenever the socket
          unit enters the "listening" state, i.e. after the associated service
          exited.

        * The unit file setting NUMAMask= gained a new "all" value: when used,
          all existing NUMA nodes are added to the NUMA mask.

        * A new "credentials" logic has been added to system services. This is
          a simple mechanism to pass privileged data to services in a safe and
          secure way. It's supposed to be used to pass per-service secret data
          such as passwords or cryptographic keys but also associated less
          private information such as user names, certificates, and similar to
          system services. Each credential is identified by a short user-chosen
          name and may contain arbitrary binary data. Two new unit file
          settings have been added: SetCredential= and LoadCredential=. The
          former allows setting a credential to a literal string, the latter
          sets a credential to the contents of a file (or data read from a
          user-chosen AF_UNIX stream socket). Credentials are passed to the
          service via a special credentials directory, one file for each
          credential. The path to the credentials directory is passed in a new
          $CREDENTIALS_DIRECTORY environment variable. Since the credentials
          are passed in the file system they may be easily referenced in
          ExecStart= command lines too, thus no explicit support for the
          credentials logic in daemons is required (though ideally daemons
          would look for the bits they need in $CREDENTIALS_DIRECTORY
          themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
          backed by unswappable memory if privileges allow it, immutable if
          privileges allow it, is accessible only to the service's UID, and is
          automatically destroyed when the service stops.

        * systemd-nspawn supports the same credentials logic. It can both
          consume credentials passed to it via the aforementioned
          $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
          to its payload. The service manager/PID 1 has been updated to match
          this: it can also accept credentials from the container manager that
          invokes it (in fact: any process that invokes it), and passes them on
          to its services. Thus, credentials can be propagated recursively down
          the tree: from a system's service manager to a systemd-nspawn
          service, to the service manager that runs as container payload and to
          the service it runs below. Credentials may also be added on the
          systemd-nspawn command line, using new --set-credential= and
          --load-credential= command line switches that match the
          aforementioned service settings.

        * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
          the partition drop-ins which may be used to format/LUKS
          encrypt/populate any created partitions. The partitions are
          encrypted/formatted/populated before they are registered in the
          partition table, so that they appear atomically: either the
          partitions do not exist yet or they exist fully encrypted, formatted,
          and populated — there is no time window where they are
          "half-initialized". Thus the system is robust to abrupt shutdown: if
          the tool is terminated half-way during its operations on next boot it
          will start from the beginning.

        * systemd-repart's --size= operation gained a new "auto" value. If
          specified, and operating on a loopback file it is automatically sized
          to the minimal size the size constraints permit. This is useful to
          use "systemd-repart" as an image builder for minimally sized images.

        * systemd-resolved now gained a third IPC interface for requesting name
          resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
          interface is now supported. The nss-resolve NSS module has been
          modified to use this new interface instead of D-Bus. Using Varlink
          has a major benefit over D-Bus: it works without a broker service,
          and thus already during earliest boot, before the dbus daemon has
          been started. This means name resolution via systemd-resolved now
          works at the same time systemd-networkd operates: from earliest boot
          on, including in the initrd.

        * systemd-resolved gained support for a new DNSStubListenerExtra=
          configuration file setting which may be used to specify additional IP
          addresses the built-in DNS stub shall listen on, in addition to the
          main one on 127.0.0.53:53.

        * Name lookups issued via systemd-resolved's D-Bus and Varlink
          interfaces (and thus also via glibc NSS if nss-resolve is used) will
          now honour a trailing dot in the hostname: if specified the search
          path logic is turned off. Thus "resolvectl query foo." is now
          equivalent to "resolvectl query --search=off foo.".

        * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
          exposes how /etc/resolv.conf is currently managed: by resolved (and
          in which mode if so) or another subsystem. "resolvctl" will display
          this property in its status output.

        * The resolv.conf snippets systemd-resolved provides will now set "."
          as the search domain if no other search domain is known. This turns
          off the derivation of an implicit search domain by nss-dns for the
          hostname, when the hostname is set to an FQDN. This change is done to
          make nss-dns using resolv.conf provided by systemd-resolved behave
          more similarly to nss-resolve.

        * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
          /tmp/ and /var/tmp/ based on file timestamps) now looks at the
          "birth" time (btime) of a file in addition to the atime, mtime, and
          ctime.

        * systemd-analyze gained a new verb "capability" that lists all known
          capabilities by the systemd build and by the kernel.

        * If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
          advance the system clock to it at boot if it is noticed to be before
          that time. Previously, PID 1 would only advance the time to an epoch
          time that is set during build-time. With this new file OS builders
          can change this epoch timestamp on individual OS images without
          having to rebuild systemd.

        * systemd-logind will now listen to the KEY_RESTART key from the Linux
          input layer and reboot the system if it is pressed, similarly to how
          it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
          was originally defined in the Multimedia context (to restart playback
          of a song or film), but is now primarily used in various embedded
          devices for "Reboot" buttons. Accordingly, systemd-logind will now
          honour it as such. This may configured in more detail via the new
          HandleRebootKey= and RebootKeyIgnoreInhibited=.

        * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
          copying OS trees, for example in "systemd-nspawn --ephemeral",
          "systemd-nspawn --template=", "machinectl clone" and similar. This is
          useful when operating with OSTree images, which use hardlinks heavily
          throughout, and where such copies previously resulting in "exploding"
          hardlinks.

        * systemd-nspawn's --console= setting gained support for a new
          "autopipe" value, which is identical to "interactive" when invoked on
          a TTY, and "pipe" otherwise.

        * systemd-networkd's .network files gained support for explicitly
          configuring the multicast membership entries of bridge devices in the
          [BridgeMDB] section. It also gained support for the PIE queuing
          discipline in the [FlowQueuePIE] sections.

        * systemd-networkd's .netdev files may now be used to create "BareUDP"
          tunnels, configured in the new [BareUDP] setting.

        * systemd-networkd's Gateway= setting in .network files now accepts the
          special values "_dhcp4" and "_ipv6ra" to configure additional,
          locally defined, explicit routes to the gateway acquired via DHCP or
          IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
          but still accepted for backwards compatibility.

        * systemd-networkd's [IPv6PrefixDelegation] section and
          IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
          IPv6SendRA= (the old names are still accepted for backwards
          compatibility).

        * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
          boolean setting in [Network] section. If enabled, the delegated prefix
          gained by another link will be configured, and an address within the
          prefix will be assigned.

        * systemd-networkd's .network files gained the Announce= boolean setting
          in [DHCPv6PrefixDelegation] section. When enabled, the delegated
          prefix will be announced through IPv6 router advertisement (IPv6 RA).
          The setting is enabled by default.

        * VXLAN tunnels may now be marked as independent of any underlying
          network interface via the new Independent= boolean setting.

        * systemctl gained support for two new verbs: "service-log-level" and
          "service-log-target" may be used on services that implement the
          generic org.freedesktop.LogControl1 D-Bus interface to dynamically
          adjust the log level and target. All of systemd's long-running
          services support this now, but ideally all system services would
          implement this interface to make the system more uniformly
          debuggable.

        * The SystemCallErrorNumber= unit file setting now accepts the new
          "kill" and "log" actions, in addition to arbitrary error number
          specifications as before. If "kill" the processes are killed on the
          event, if "log" the offending system call is audit logged.

        * A new SystemCallLog= unit file setting has been added that accepts a
          list of system calls that shall be logged about (audit).

        * The OS image dissection logic (as used by RootImage= in unit files or
          systemd-nspawn's --image= switch) has gained support for identifying
          and mounting explicit /usr/ partitions, which are now defined in the
          discoverable partition specification. This should be useful for
          environments where the root file system is
          generated/formatted/populated dynamically on first boot and combined
          with an immutable /usr/ tree that is supplied by the vendor.

        * In the final phase of shutdown, within the systemd-shutdown binary
          we'll now try to detach MD devices (i.e software RAID) in addition to
          loopback block devices and DM devices as before. This is supposed to
          be a safety net only, in order to increase robustness if things go
          wrong. Storage subsystems are expected to properly detach their
          storage volumes during regular shutdown already (or in case of
          storage backing the root file system: in the initrd hook we return to
          later).

        * If the SYSTEMD_LOG_TID environment variable is set all systemd tools
          will now log the thread ID in their log output. This is useful when
          working with heavily threaded programs.

        * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
          not use the RDRAND CPU instruction. This is useful in environments
          such as replay debuggers where non-deterministic behaviour is not
          desirable.

        * The autopaging logic in systemd's various tools (such as systemctl)
          has been updated to turn on "secure" mode in "less"
          (i.e. $LESSECURE=1) if execution in a "sudo" environment is
          detected. This disables invoking external programs from the pager,
          via the pipe logic. This behaviour may be overridden via the new
          $SYSTEMD_PAGERSECURE environment variable.

        * Units which have resource limits (.service, .mount, .swap, .slice,
          .socket, and .slice) gained new configuration settings
          ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
          ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
          limits and optional action taken by systemd-oomd.

        * A new service systemd-oomd has been added. It monitors resource
          contention for selected parts of the unit hierarchy using the PSI
          information reported by the kernel, and kills processes when memory
          or swap pressure is above configured limits. This service is only
          enabled by default in developer mode (see below) and should be
          considered a preview in this release. Behaviour details and option
          names are subject to change without the usual backwards-compatibility
          promises.

        * A new helper oomctl has been added to introspect systemd-oomd state.
          It is only enabled by default in developer mode and should be
          considered a preview without the usual backwards-compatibility
          promises.

        * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
          enabled, systemd reads the system UID boundaries from /etc/login.defs
          at runtime, instead of using the built-in values selected during
          build. This is an option to improve compatibility for upgrades from
          old systems. It's strongly recommended not to make use of this
          functionality on new systems (or even enable it during build), as it
          makes something runtime-configurable that is mostly an implementation
          detail of the OS, and permits avoidable differences in deployments
          that create all kinds of problems in the long run.

        * New meson option '-Dmode=developer|release' has been added. When
          'developer', additional checks and features are enabled that are
          relevant during upstream development, e.g. verification that
          semi-automatically-generated documentation has been properly updated
          following API changes. Those checks are considered hints for
          developers and are not actionable in downstream builds. In addition,
          extra features that are not ready for general consumption may be
          enabled in developer mode. It is thus recommended to set
          '-Dmode=release' in end-user and distro builds.

        * systemd-cryptsetup gained support for processing detached LUKS
          headers specified on the kernel command line via the header=
          parameter of the luks.options= kernel command line option. The same
          device/path syntax as for key files is supported for header files
          like this.

        * The "net_id" built-in of udev has been updated to ignore ACPI _SUN
          slot index data for devices that are connected through a PCI bridge
          where the _SUN index is associated with the bridge instead of the
          network device itself. Previously this would create ambiguous device
          naming if multiple network interfaces were connected to the same PCI
          bridge. Since this is a naming scheme incompatibility on systems that
          possess hardware like this it has been introduced as new naming
          scheme "v247". The previous scheme can be selected via the
          "net.naming_scheme=v245" kernel command line parameter.

        * ConditionFirstBoot= semantics have been modified to be safe towards
          abnormal system power-off during first boot. Specifically, the
          "systemd-machine-id-commit.service" service now acts as boot
          milestone indicating when the first boot process is sufficiently
          complete in order to not consider the next following boot also a
          first boot. If the system is reset before this unit is reached the
          first time, the next boot will still be considered a first boot; once
          it has been reached, no further boots will be considered a first
          boot. The "first-boot-complete.target" unit now acts as official hook
          point to order against this. If a service shall be run on every boot
          until the first boot fully succeeds it may thus be ordered before
          this target unit (and pull it in) and carry ConditionFirstBoot=
          appropriately.

        * bootctl's set-default and set-oneshot commands now accept the three
          special strings "@default", "@oneshot", "@current" in place of a boot
          entry id. These strings are resolved to the current default and
          oneshot boot loader entry, as well as the currently booted one. Thus
          a command "bootctl set-default @current" may be used to make the
          currently boot menu item the new default for all subsequent boots.

        * "systemctl edit" has been updated to show the original effective unit
          contents in commented form in the text editor.

        * Units in user mode are now segregated into three new slices:
          session.slice (units that form the core of graphical session),
          app.slice ("normal" user applications), and background.slice
          (low-priority tasks). Unless otherwise configured, user units are
          placed in app.slice. The plan is to add resource limits and
          protections for the different slices in the future.

        * New GPT partition types for RISCV32/64 for the root and /usr
          partitions, and their associated Verity partitions have been defined,
          and are now understood by systemd-gpt-auto-generator, and the OS
          image dissection logic.

        Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
        Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
        Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
        Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
        Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
        Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
        Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
        Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
        Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
        Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
        Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
        Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
        huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
        Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
        Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
        Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
        Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
        lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
        Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
        Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
        Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
        Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
        Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
        Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
        Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
        Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
        Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
        Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
        Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
        Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
        Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
        williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски

        – Warsaw, 2020-11-26

CHANGES WITH 246:

        * The service manager gained basic support for cgroup v2 freezer. Units
          can now be suspended or resumed either using new systemctl verbs,
          freeze and thaw respectively, or via D-Bus.

        * PID 1 may now automatically load pre-compiled AppArmor policies from
          /etc/apparmor/earlypolicy during early boot.

        * The CPUAffinity= setting in service unit files now supports a new
          special value "numa" that causes the CPU affinity masked to be set
          based on the NUMA mask.

        * systemd will now log about all left-over processes remaining in a
          unit when the unit is stopped. It will now warn about services using
          KillMode=none, as this is generally an unsafe thing to make use of.

        * Two new unit file settings
          ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
          added. They may be used to check whether a specific file system path
          resides on a block device that is encrypted on the block level
          (i.e. using dm-crypt/LUKS).

        * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
          has been added that may be used for simple environment checks. This
          is particularly useful when passing in environment variables from a
          container manager (or from PAM in case of the systemd --user
          instance).

        * .service unit files now accept a new setting CoredumpFilter= which
          allows configuration of the memory sections coredumps of the
          service's processes shall include.

        * .mount units gained a new ReadWriteOnly= boolean option. If set
          it will not be attempted to mount a file system read-only if mounting
          in read-write mode doesn't succeed. An option x-systemd.rw-only is
          available in /etc/fstab to control the same.

        * .socket units gained a new boolean setting PassPacketInfo=. If
          enabled, the kernel will attach additional per-packet metadata to all
          packets read from the socket, as an ancillary message. This controls
          the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
          depending on socket type.

        * .service units gained a new setting RootHash= which may be used to
          specify the root hash for verity enabled disk images which are
          specified in RootImage=. RootVerity= may be used to specify a path to
          the Verity data matching a RootImage= file system. (The latter is
          only useful for images that do not contain the Verity data embedded
          into the same image that carries a GPT partition table following the
          Discoverable Partition Specification). Similarly, systemd-nspawn
          gained a new switch --verity-data= that takes a path to a file with
          the verity data of the disk image supplied in --image=, if the image
          doesn't contain the verity data itself.

        * .service units gained a new setting RootHashSignature= which takes
          either a base64 encoded PKCS#7 signature of the root hash specified
          with RootHash=, or a path to a file to read the signature from. This
          allows validation of the root hash against public keys available in
          the kernel keyring, and is only supported on recent kernels
          (>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
          systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
          this mechanism has also been added to systemd-veritysetup.

        * .service unit files gained two new options
          TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
          tune behaviour if a start or stop timeout is hit, i.e. whether to
          terminate the service with SIGTERM, SIGABRT or SIGKILL.

        * Most options in systemd that accept hexadecimal values prefixed with
          0x in additional to the usual decimal notation now also support octal
          notation when the 0o prefix is used and binary notation if the 0b
          prefix is used.

        * Various command line parameters and configuration file settings that
          configure key or certificate files now optionally take paths to
          AF_UNIX sockets in the file system. If configured that way a stream
          connection is made to the socket and the required data read from
          it. This is a simple and natural extension to the existing regular
          file logic, and permits other software to provide keys or
          certificates via simple IPC services, for example when unencrypted
          storage on disk is not desired. Specifically, systemd-networkd's
          Wireguard and MACSEC key file settings as well as
          systemd-journal-gatewayd's and systemd-journal-remote's PEM
          key/certificate parameters support this now.

        * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
          configuration files that support specifier expansion learnt six new
          specifiers: %a resolves to the current architecture, %o/%w/%B/%W
          resolve to the various ID fields from /etc/os-release, %l resolves to
          the "short" hostname of the system, i.e. the hostname configured in
          the kernel truncated at the first dot.

        * Support for the .include syntax in unit files has been removed. The
          concept has been obsolete for 6 years and we started warning about
          its pending removal 2 years ago (also see NEWS file below). It's
          finally gone now.

        * StandardError= and StandardOutput= in unit files no longer support
          the "syslog" and "syslog-console" switches. They were long removed
          from the documentation, but will now result in warnings when used,
          and be converted to "journal" and "journal+console" automatically.

        * If the service setting User= is set to the "nobody" user, a warning
          message is now written to the logs (but the value is nonetheless
          accepted). Setting User=nobody is unsafe, since the primary purpose
          of the "nobody" user is to own all files whose owner cannot be mapped
          locally. It's in particular used by the NFS subsystem and in user
          namespacing. By running a service under this user's UID it might get
          read and even write access to all these otherwise unmappable files,
          which is quite likely a major security problem.

        * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
          and others) now have a size and inode limits applied (50% of RAM for
          /tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
          that the implicit kernel default is 50% too, so there is no change
          in the size limit for /tmp and /dev/shm.

        * nss-mymachines lost support for resolution of users and groups, and
          now only does resolution of hostnames. This functionality is now
          provided by nss-systemd. Thus, the 'mymachines' entry should be
          removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
          (and 'systemd' added if it is not already there).

        * A new kernel command line option systemd.hostname= has been added
          that allows controlling the hostname that is initialized early during
          boot.

        * A kernel command line option "udev.blockdev_read_only" has been
          added. If specified all hardware block devices that show up are
          immediately marked as read-only by udev. This option is useful for
          making sure that a specific boot under no circumstances modifies data
          on disk. Use "blockdev --setrw" to undo the effect of this, per
          device.

        * A new boolean kernel command line option systemd.swap= has been
          added, which may be used to turn off automatic activation of swap
          devices listed in /etc/fstab.

        * New kernel command line options systemd.condition_needs_update= and
          systemd.condition_first_boot= have been added, which override the
          result of the ConditionNeedsUpdate= and ConditionFirstBoot=
          conditions.

        * A new kernel command line option systemd.clock_usec= has been added
          that allows setting the system clock to the specified time in µs
          since Jan 1st, 1970 early during boot. This is in particular useful
          in order to make test cases more reliable.

        * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
          systemd-coredump to save core files for suid processes. When saving
          the core file, systemd-coredump will use the effective uid and gid of
          the process that faulted.

        * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
          now automatically set to "Y" at boot, in order to enable pstore
          generation for collection with systemd-pstore.

        * We provide a set of udev rules to enable auto-suspend on PCI and USB
          devices that were tested to correctly support it. Previously, this
          was distributed as a set of udev rules, but has now been replaced by
          by a set of hwdb entries (and a much shorter udev rule to take action
          if the device modalias matches one of the new hwdb entries).

          As before, entries are periodically imported from the database
          maintained by the ChromiumOS project. If you have a device that
          supports auto-suspend correctly and where it should be enabled by
          default, please submit a patch that adds it to the database (see
          /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).

        * systemd-udevd gained the new configuration option timeout_signal= as well
          as a corresponding kernel command line option udev.timeout_signal=.
          The option can be used to configure the UNIX signal that the main
          daemon sends to the worker processes on timeout. Setting the signal
          to SIGABRT is useful for debugging.

        * .link files managed by systemd-udevd gained options RxFlowControl=,
          TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
          order to configure various flow control parameters. They also gained
          RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
          frame ring buffer sizes.

        * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
          enabled systemd-networkd manages all routes configured by other tools.

        * .network files managed by systemd-networkd gained a new section
          [SR-IOV], in order to configure SR-IOV capable network devices.

        * systemd-networkd's [IPv6Prefix] section in .network files gained a
          new boolean setting Assign=. If enabled an address from the prefix is
          automatically assigned to the interface.

        * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
          controls delegated prefixes assigned by DHCPv6 client. The section
          has three settings: SubnetID=, Assign=, and Token=. The setting
          SubnetID= allows explicit configuration of the preferred subnet that
          systemd-networkd's Prefix Delegation logic assigns to interfaces. If
          Assign= is enabled (which is the default) an address from any acquired
          delegated prefix is automatically chosen and assigned to the
          interface. The setting Token= specifies an optional address generation
          mode for Assign=.

        * systemd-networkd's [Network] section gained a new setting
          IPv4AcceptLocal=. If enabled the interface accepts packets with local
          source addresses.

        * systemd-networkd gained support for configuring the HTB queuing
          discipline in the [HierarchyTokenBucket] and
          [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
          be configured in the [PFIFO] section, "GRED" in
          [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
          in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
          [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
          "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
          in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
          "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].

        * systemd-networkd gained support for a new Termination= setting in the
          [CAN] section for configuring the termination resistor. It also
          gained a new ListenOnly= setting for controlling whether to only
          listen on CAN interfaces, without interfering with traffic otherwise
          (which is useful for debugging/monitoring CAN network
          traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
          been added to configure various CAN-FD aspects.

        * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
          When enabled, DHCPv6 will be attempted right-away without requiring an
          Router Advertisement packet suggesting it first (i.e. without the 'M'
          or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
          DHCPv6Client= that may be used to turn off the DHCPv6 client even if
          the RA packets suggest it.

        * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
          which may be used to turn off use of the gateway information provided
          by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
          used to configure how to process leases that lack a lifetime option.

        * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
          setting SendVendorOption= allowing configuration of additional vendor
          options to send in the DHCP requests/responses. The [DHCPv6] section
          gained a new SendOption= setting for sending arbitrary DHCP
          options. RequestOptions= has been added to request arbitrary options
          from the server. UserClass= has been added to set the DHCP user class
          field.

        * systemd-networkd's [DHCPServer] section gained a new set of options
          EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
          information about these three protocols in the DHCP lease. It also
          gained support for including "MUD" URLs ("Manufacturer Usage
          Description"). Support for "MUD" URLs was also added to the LLDP
          stack, configurable in the [LLDP] section in .network files.

        * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
          mode. Also, the sections now support a new setting SourceMACAddress=.

        * systemd-networkd's .netdev files now support a new setting
          VLANProtocol= in the [Bridge] section that allows configuration of
          the VLAN protocol to use.

        * systemd-networkd supports a new Group= setting in the [Link] section
          of the .network files, to control the link group.

        * systemd-networkd's [Network] section gained a new
          IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
          link local address is generated.

        * A new default .network file is now shipped that matches TUN/TAP
          devices that begin with "vt-" in their name. Such interfaces will
          have IP routing onto the host links set up automatically. This is
          supposed to be used by VM managers to trivially acquire a network
          interface which is fully set up for host communication, simply by
          carefully picking an interface name to use.

        * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
          which sets the route priority for routes specified by the DHCP server.

        * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
          which configures the vendor class information sent to DHCP server.

        * The BlackList= settings in .network files' [DHCPv4] and
          [IPv6AcceptRA] sections have been renamed DenyList=. The old names
          are still understood to provide compatibility.

        * networkctl gained the new "forcerenew" command for forcing all DHCP
          server clients to renew their lease. The interface "status" output
          will now show numerous additional fields of information about an
          interface. There are new "up" and "down" commands to bring specific
          interfaces up or down.

        * systemd-resolved's DNS= configuration option now optionally accepts a
          port number (after ":") and a host name (after "#"). When the host
          name is specified, the DNS-over-TLS certificate is validated to match
          the specified hostname. Additionally, in case of IPv6 addresses, an
          interface may be specified (after "%").

        * systemd-resolved may be configured to forward single-label DNS names.
          This is not standard-conformant, but may make sense in setups where
          public DNS servers are not used.

        * systemd-resolved's DNS-over-TLS support gained SNI validation.

        * systemd-nspawn's --resolv-conf= switch gained a number of new
          supported values. Specifically, options starting with "replace-" are
          like those prefixed "copy-" but replace any existing resolv.conf
          file. And options ending in "-uplink" and "-stub" can now be used to
          propagate other flavours of resolv.conf into the container (as
          defined by systemd-resolved).

        * The various programs included in systemd can now optionally output
          their log messages on stderr prefixed with a timestamp, controlled by
          the $SYSTEMD_LOG_TIME environment variable.

        * systemctl gained a new "-P" switch that is a shortcut for "--value
          --property=…".

        * "systemctl list-units" and "systemctl list-machines" no longer hide
          their first output column with --no-legend. To hide the first column,
          use --plain.

        * "systemctl reboot" takes the option "--reboot-argument=".
          The optional positional argument to "systemctl reboot" is now
          being deprecated in favor of this option.

        * systemd-run gained a new switch --slice-inherit. If specified the
          unit it generates is placed in the same slice as the systemd-run
          process itself.

        * systemd-journald gained support for zstd compression of large fields
          in journal files. The hash tables in journal files have been hardened
          against hash collisions. This is an incompatible change and means
          that journal files created with new systemd versions are not readable
          with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
          environment variable for systemd-journald.service is set to 0 this
          new hardening functionality may be turned off, so that generated
          journal files remain compatible with older journalctl
          implementations.

        * journalctl will now include a clickable link in the default output for
          each log message for which a URL with further documentation is
          known. This is only supported on terminal emulators that support
          clickable hyperlinks, and is turned off if a pager is used (since
          "less" still doesn't support hyperlinks,
          unfortunately). Documentation URLs may be included in log messages
          either by including a DOCUMENTATION= journal field in it, or by
          associating a journal message catalog entry with the log message's
          MESSAGE_ID, which then carries a "Documentation:" tag.

        * journald.conf gained a new boolean setting Audit= that may be used to
          control whether systemd-journald will enable audit during
          initialization.

        * when systemd-journald's log stream is broken up into multiple lines
          because the PID of the sender changed this is indicated in the
          generated log records via the _LINE_BREAK=pid-change field.

        * journalctl's "-o cat" output mode will now show one or more journal
          fields specified with --output-fields= instead of unconditionally
          MESSAGE=. This is useful to retrieve a very specific set of fields
          without any decoration.

        * The sd-journal.h API gained two new functions:
          sd_journal_enumerate_available_unique() and
          sd_journal_enumerate_available_data() that operate like their
          counterparts that lack the _available_ in the name, but skip items
          that cannot be read and processed by the local implementation
          (i.e. are compressed in an unsupported format or such),

        * coredumpctl gained a new --file= switch, matching the same one in
          journalctl: a specific journal file may be specified to read the
          coredump data from.

        * coredumps collected by systemd-coredump may now be compressed using
          the zstd algorithm.

        * systemd-binfmt gained a new switch --unregister for unregistering all
          registered entries at once. This is now invoked automatically at
          shutdown, so that binary formats registered with the "F" flag will
          not block clean file system unmounting.

        * systemd-notify's --pid= switch gained new values: "parent", "self",
          "auto" for controlling which PID to send to the service manager: the
          systemd-notify process' PID, or the one of the process invoking it.

        * systemd-logind's Session bus object learnt a new method call
          SetType() for temporarily updating the session type of an already
          allocated session. This is useful for upgrading tty sessions to
          graphical ones once a compositor is invoked.

        * systemd-socket-proxy gained a new switch --exit-idle-time= for
          configuring an exit-on-idle time.

        * systemd-repart's --empty= setting gained a new value "create". If
          specified a new empty regular disk image file is created under the
          specified name. Its size may be specified with the new --size=
          option. The latter is also supported without the "create" mode, in
          order to grow existing disk image files to the specified size. These
          two new options are useful when creating or manipulating disk images
          instead of operating on actual block devices.

        * systemd-repart drop-ins now support a new UUID= setting to control
          the UUID to assign to a newly created partition.

        * systemd-repart's SizeMin= per-partition parameter now defaults to 10M
          instead of 0.

        * systemd-repart's Label= setting now support the usual, simple
          specifier expansion.

        * systemd-homed's LUKS backend gained the ability to discard empty file
          system blocks automatically when the user logs out. This is enabled
          by default to ensure that home directories take minimal space when
          logged out but get full size guarantees when logged in. This may be
          controlled with the new --luks-offline-discard= switch to homectl.

        * If systemd-homed detects that /home/ is encrypted as a whole it will
          now default to the directory or subvolume backends instead of the
          LUKS backend, in order to avoid double encryption. The default
          storage and file system may now be configured explicitly, too, via
          the new /etc/systemd/homed.conf configuration file.

        * systemd-homed now supports unlocking home directories with FIDO2
          security tokens that support the 'hmac-secret' extension, in addition
          to the existing support for PKCS#11 security token unlocking
          support. Note that many recent hardware security tokens support both
          interfaces. The FIDO2 support is accessible via homectl's
          --fido2-device= option.

        * homectl's --pkcs11-uri= setting now accepts two special parameters:
          if "auto" is specified and only one suitable PKCS#11 security token
          is plugged in, its URL is automatically determined and enrolled for
          unlocking the home directory. If "list" is specified a brief table of
          suitable PKCS#11 security tokens is shown. Similar, the new
          --fido2-device= option also supports these two special values, for
          automatically selecting and listing suitable FIDO2 devices.

        * The /etc/crypttab tmp option now optionally takes an argument
          selecting the file system to use. Moreover, the default is now
          changed from ext2 to ext4.

        * There's a new /etc/crypttab option "keyfile-erase". If specified the
          key file listed in the same line is removed after use, regardless if
          volume activation was successful or not. This is useful if the key
          file is only acquired transiently at runtime and shall be erased
          before the system continues to boot.

        * There's also a new /etc/crypttab option "try-empty-password". If
          specified, before asking the user for a password it is attempted to
          unlock the volume with an empty password. This is useful for
          installing encrypted images whose password shall be set on first boot
          instead of at installation time.

        * systemd-cryptsetup will now attempt to load the keys to unlock
          volumes with automatically from files in
          /etc/cryptsetup-keys.d/<volume>.key and
          /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.

        * systemd-cryptsetup may now activate Microsoft BitLocker volumes via
          /etc/crypttab, during boot.

        * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
          control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
          instance.

        * A new generator systemd-xdg-autostart-generator has been added. It
          generates systemd unit files from XDG autostart .desktop files, and
          may be used to let the systemd user instance manage services that are
          started automatically as part of the desktop session.

        * "bootctl" gained a new verb "reboot-to-firmware" that may be used
          to query and change the firmware's 'Reboot Into Firmware Interface'
          setup flag.

        * systemd-firstboot gained a new switch --kernel-command-line= that may
          be used to initialize the /etc/kernel/cmdline file of the image. It
          also gained a new switch --root-password-hashed= which is like
          --root-password= but accepts a pre-hashed UNIX password as
          argument. The new option --delete-root-password may be used to unset
          any password for the root user (dangerous!). The --root-shell= switch
          may be used to control the shell to use for the root account. A new
          --force option may be used to override any already set settings with
          the parameters specified on the command line (by default, the tool
          will not override what has already been set before, i.e. is purely
          incremental).

        * systemd-firstboot gained support for a new --image= switch, which is
          similar to --root= but accepts the path to a disk image file, on
          which it then operates.

        * A new sd-path.h API has been added to libsystemd. It provides a
          simple API for retrieving various search paths and primary
          directories for various resources.

        * A new call sd_notify_barrier() has been added to the sd-daemon.h
          API. The call will block until all previously sent sd_notify()
          messages have been processed by the service manager. This is useful
          to remove races caused by a process already having disappeared at the
          time a notification message is processed by the service manager,
          making correct attribution impossible. The systemd-notify tool will
          now make use of this call implicitly, but this can be turned off again
          via the new --no-block switch.

        * When sending a file descriptor (fd) to the service manager to keep
          track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
          may be specified. If passed the service manager will refrain from
          poll()ing on the file descriptor. Traditionally (and when the
          parameter is not specified), the service manager will poll it for
          POLLHUP or POLLERR events, and immediately close the fds in that
          case.

        * The service manager (PID1) gained a new D-Bus method call
          SetShowStatus() which may be used to control whether it shall show
          boot-time status output on the console. This method has a similar
          effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.

        * The sd-bus API gained a number of convenience functions that take
          va_list arguments rather than "...". For example, there's now
          sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
          it easier to build wrappers that accept variadic arguments and want
          to pass a ready va_list structure to sd-bus.

        * sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
          flag which alters how the userdata pointer to pass to the callbacks
          is determined. When the flag is set, the offset field is converted
          as-is into a pointer, without adding it to the object pointer the
          vtable is associated with.

        * sd-bus now exposes four new functions:
          sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
          sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
          validate strings to check if they qualify as various D-Bus concepts.

        * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
          SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
          that simplify adding argument names to D-Bus methods and signals.

        * The man pages for the sd-bus and sd-hwdb APIs have been completed.

        * Various D-Bus APIs of systemd daemons now have man pages that
          document the methods, signals and properties.

        * The expectations on user/group name syntax are now documented in
          detail; documentation on how classic home directories may be
          converted into home directories managed by homed has been added;
          documentation regarding integration of homed/userdb functionality in
          desktops has been added:

              https://systemd.io/USER_NAMES
              https://systemd.io/CONVERTING_TO_HOMED
              https://systemd.io/USERDB_AND_DESKTOPS

        * Documentation for the on-disk Journal file format has been updated
          and has now moved to:

              https://systemd.io/JOURNAL_FILE_FORMAT

        * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
          has been extended by a set of environment variables that expose
          select fields from the host's os-release file to the container
          payload. Similarly, host's os-release files can be mounted into the
          container underneath /run/host. Together, those mechanisms provide a
          standardized way to expose information about the host to the
          container payload. Both interfaces are implemented in systemd-nspawn.

        * All D-Bus services shipped in systemd now implement the generic
          LogControl1 D-Bus API which allows clients to change log level +
          target of the service during runtime.

        * Only relevant for developers: the mkosi.default symlink has been
          dropped from version control. Please create a symlink to one of the
          distribution-specific defaults in .mkosi/ based on your preference.

        Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
        Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
        Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
        antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
        Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
        Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
        Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
        codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
        Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
        Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
        John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
        Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
        ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
        Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
        Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
        Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
        Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
        Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
        Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
        Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
        Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
        Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
        Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
        S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
        Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
        Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
        Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
        Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
        nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
        Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
        Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
        Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
        Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
        Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
        Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
        Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
        Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб

        – Warsaw, 2020-07-30

CHANGES WITH 245:

        * A new tool "systemd-repart" has been added, that operates as an
          idempotent declarative repartitioner for GPT partition tables.
          Specifically, a set of partitions that must or may exist can be
          configured via drop-in files, and during every boot the partition
          table on disk is compared with these files, creating missing
          partitions or growing existing ones based on configurable relative
          and absolute size constraints. The tool is strictly incremental,
          i.e. does not delete, shrink or move partitions, but only adds and
          grows them. The primary use-case is OS images that ship in minimized
          form, that on first boot are grown to the size of the underlying
          block device or augmented with additional partitions. For example,
          the root partition could be extended to cover the whole disk, or a
          swap or /home partitions could be added on first boot. It can also be
          used for systems that use an A/B update scheme but ship images with
          just the A partition, with B added on first boot. The tool is
          primarily intended to be run in the initrd, shortly before
          transitioning into the host OS, but can also be run after the
          transition took place. It automatically discovers the disk backing
          the root file system, and should hence not require any additional
          configuration besides the partition definition drop-ins. If no
          configuration drop-ins are present, no action is taken.

        * A new component "userdb" has been added, along with a small daemon
          "systemd-userdbd.service" and a client tool "userdbctl". The framework
          allows defining rich user and group records in a JSON format,
          extending on the classic "struct passwd" and "struct group"
          structures. Various components in systemd have been updated to
          process records in this format, including systemd-logind and
          pam-systemd. The user records are intended to be extensible, and
          allow setting various resource management, security and runtime
          parameters that shall be applied to processes and sessions of the
          user as they log in. This facility is intended to allow associating
          such metadata directly with user/group records so that they can be
          produced, extended and consumed in unified form. We hope that
          eventually frameworks such as sssd will generate records this way, so
          that for the first time resource management and various other
          per-user settings can be configured in LDAP directories and then
          provided to systemd (specifically to systemd-logind and pam-system)
          to apply on login. For further details see:

          https://systemd.io/USER_RECORD
          https://systemd.io/GROUP_RECORD
          https://systemd.io/USER_GROUP_API

        * A small new service systemd-homed.service has been added, that may be
          used to securely manage home directories with built-in encryption.
          The complete user record data is unified with the home directory,
          thus making home directories naturally migratable. Its primary
          back-end is based on LUKS volumes, but fscrypt, plain directories,
          and other storage schemes are also supported. This solves a couple of
          problems we saw with traditional ways to manage home directories, in
          particular when it comes to encryption. For further discussion of
          this, see the video of Lennart's talk at AllSystemsGo! 2019:

          https://media.ccc.de/v/ASG2019-164-reinventing-home-directories

          For further details about the format and expectations on home
          directories this new daemon makes, see:

          https://systemd.io/HOME_DIRECTORY

        * systemd-journald is now multi-instantiable. In addition to the main
          instance systemd-journald.service there's now a template unit
          systemd-journald@.service, with each instance defining a new named
          log 'namespace' (whose name is specified via the instance part of the
          unit name). A new unit file setting LogNamespace= has been added,
          taking such a namespace name, that assigns services to the specified
          log namespaces. As each log namespace is serviced by its own
          independent journal daemon, this functionality may be used to improve
          performance and increase isolation of applications, at the price of
          losing global message ordering. Each instance of journald has a
          separate set of configuration files, with possibly different disk
          usage limitations and other settings.

          journalctl now takes a new option --namespace= to show logs from a
          specific log namespace. The sd-journal.h API gained
          sd_journal_open_namespace() for opening the log stream of a specific
          log namespace. systemd-journald also gained the ability to exit on
          idle, which is useful in the context of log namespaces, as this means
          log daemons for log namespaces can be activated automatically on
          demand and will stop automatically when no longer used, minimizing
          resource usage.

        * When systemd-tmpfiles copies a file tree using the 'C' line type it
          will now label every copied file according to the SELinux database.

        * When systemd/PID 1 detects it is used in the initrd it will now boot
          into initrd.target rather than default.target by default. This should
          make it simpler to build initrds with systemd as for many cases the
          only difference between a host OS image and an initrd image now is
          the presence of the /etc/initrd-release file.

        * A new kernel command line option systemd.cpu_affinity= is now
          understood. It's equivalent to the CPUAffinity= option in
          /etc/systemd/system.conf and allows setting the CPU mask for PID 1
          itself and the default for all other processes.

        * When systemd/PID 1 is reloaded (with systemctl daemon-reload or
          equivalent), the SELinux database is now reloaded, ensuring that
          sockets and other file system objects are generated taking the new
          database into account.

        * systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
          "quiet" has been changed to imply that instead of
          "systemd.show-status=auto". In this mode, only messages about errors
          and significant delays in boot are shown on the console.

        * The sd-event.h API gained native support for the new Linux "pidfd"
          concept. This permits watching processes using file descriptors
          instead of PID numbers, which fixes a number of races and makes
          process supervision more robust and efficient. All of systemd's
          components will now use pidfds if the kernel supports it for process
          watching, with the exception of PID 1 itself, unfortunately. We hope
          to move PID 1 to exclusively using pidfds too eventually, but this
          requires some more kernel work first. (Background: PID 1 watches
          processes using waitid() with the P_ALL flag, and that does not play
          together nicely with pidfds yet.)

        * Closely related to this, the sd-event.h API gained two new calls
          sd_event_source_send_child_signal() (for sending a signal to a
          watched process) and sd_event_source_get_child_process_own() (for
          marking a process so that it is killed automatically whenever the
          event source watching it is freed).

        * systemd-networkd gained support for configuring Token Bucket Filter
          (TBF) parameters in its qdisc configuration support. Similarly,
          support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
          Active Queue Management (CoDel), and Fair Queue (FQ) has been added.

        * systemd-networkd gained support for Intermediate Functional Block
          (IFB) network devices.

        * systemd-networkd gained support for configuring multi-path IP routes,
          using the new MultiPathRoute= setting in the [Route] section.

        * systemd-networkd's DHCPv4 client has been updated to support a new
          SendDecline= option. If enabled, duplicate address detection is done
          after a DHCP offer is received from the server. If a conflict is
          detected, the address is declined. The DHCPv4 client also gained
          support for a new RouteMTUBytes= setting that allows to configure the
          MTU size to be used for routes generated from DHCPv4 leases.

        * The PrefixRoute= setting in systemd-networkd's [Address] section of
          .network files has been deprecated, and replaced by AddPrefixRoute=,
          with its sense inverted.

        * The Gateway= setting of [Route] sections of .network files gained
          support for a special new value "_dhcp". If set, the configured
          static route uses the gateway host configured via DHCP.

        * New User= and SuppressPrefixLength= settings have been implemented
          for the [RoutingPolicyRule] section of .network files to configure
          source routing based on UID ranges and prefix length, respectively.

        * The Type= match property of .link files has been generalized to
          always match the device type shown by 'networkctl status', even for
          devices where udev does not set DEVTYPE=. This allows e.g. Type=ether
          to be used.

        * sd-bus gained a new API call sd_bus_message_sensitive() that marks a
          D-Bus message object as "sensitive". Those objects are erased from
          memory when they are freed. This concept is intended to be used for
          messages that contain security sensitive data. A new flag
          SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
          in sd-bus vtables, causing any incoming and outgoing messages of
          those methods to be implicitly marked as "sensitive".

        * sd-bus gained a new API call sd_bus_message_dump() for dumping the
          contents of a message (or parts thereof) to standard output for
          debugging purposes.

        * systemd-sysusers gained support for creating users with the primary
          group named differently than the user.

        * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
          gained support for growing XFS partitions. Previously it supported
          only ext4 and btrfs partitions.

        * The support for /etc/crypttab gained a new x-initrd.attach option. If
          set, the specified encrypted volume is unlocked already in the
          initrd. This concept corresponds to the x-initrd.mount option in
          /etc/fstab.

        * systemd-cryptsetup gained native support for unlocking encrypted
          volumes utilizing PKCS#11 smartcards, i.e. for example to bind
          encryption of volumes to YubiKeys. This is exposed in the new
          pkcs11-uri= option in /etc/crypttab.

        * The /etc/fstab support in systemd now supports two new mount options
          x-systemd.{required,wanted}-by=, for explicitly configuring the units
          that the specified mount shall be pulled in by, in place of
          the usual local-fs.target/remote-fs.target.

        * The https://systemd.io/ web site has been relaunched, directly
          populated with most of the documentation included in the systemd
          repository. systemd also acquired a new logo, thanks to Tobias
          Bernard.

        * systemd-udevd gained support for managing "alternative" network
          interface names, as supported by new Linux kernels. For the first
          time this permits assigning multiple (and longer!) names to a network
          interface. systemd-udevd will now by default assign the names
          generated via all supported naming schemes to each interface. This
          may be further tweaked with .link files and the AlternativeName= and
          AlternativeNamesPolicy= settings. Other components of systemd have
          been updated to support the new alternative names wherever
          appropriate. For example, systemd-nspawn will now generate
          alternative interface names for the host-facing side of container
          veth links based on the full container name without truncation.

        * systemd-nspawn interface naming logic has been updated in another way
          too: if the main interface name (i.e. as opposed to new-style
          "alternative" names) based on the container name is truncated, a
          simple hashing scheme is used to give different interface names to
          multiple containers whose names all begin with the same prefix. Since
          this changes the primary interface names pointing to containers if
          truncation happens, the old scheme may still be requested by
          selecting an older naming scheme, via the net.naming_scheme= kernel
          command line option.

        * PrivateUsers= in service files now works in services run by the
          systemd --user per-user instance of the service manager.

        * A new per-service sandboxing option ProtectClock= has been added that
          locks down write access to the system clock. It takes away device
          node access to /dev/rtc as well as the system calls that set the
          system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
          Note that this option does not affect access to auxiliary services
          that allow changing the clock, for example access to
          systemd-timedated.

        * The systemd-id128 tool gained a new "show" verb for listing or
          resolving a number of well-known UUIDs/128-bit IDs, currently mostly
          GPT partition table types.

        * The Discoverable Partitions Specification has been updated to support
          /var and /var/tmp partition discovery. Support for this has been
          added to systemd-gpt-auto-generator. For details see:

          https://systemd.io/DISCOVERABLE_PARTITIONS

        * "systemctl list-unit-files" has been updated to show a new column
          with the suggested enablement state based on the vendor preset files
          for the respective units.

        * "systemctl" gained a new option "--with-dependencies". If specified
          commands such as "systemctl status" or "systemctl cat" will now show
          all specified units along with all units they depend on.

        * networkctl gained support for showing per-interface logs in its
          "status" output.

        * systemd-networkd-wait-online gained support for specifying the maximum
          operational state to wait for, and to wait for interfaces to
          disappear.

        * The [Match] section of .link and .network files now supports a new
          option PermanentMACAddress= which may be used to check against the
          permanent MAC address of a network device even if a randomized MAC
          address is used.

        * The [TrafficControlQueueingDiscipline] section in .network files has
          been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
          dropped from the individual setting names.

        * Any .link and .network files that have an empty [Match] section (this
          also includes empty and commented-out files) will now be
          rejected. systemd-udev and systemd-networkd started warning about
          such files in version 243.

        * systemd-logind will now validate access to the operation of changing
          the virtual terminal via a polkit action. By default, only users
          with at least one session on a local VT are granted permission.

        * When systemd sets up PAM sessions that invoked service processes
          shall run in, the pam_setcred() API is now invoked, thus permitting
          PAM modules to set additional credentials for the processes.

        * portablectl attach/detach verbs now accept --now and --enable options
          to combine attachment with enablement and invocation, or detachment
          with stopping and disablement.

        * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
          fixed, which in turn exposed bugs in unit configuration of services
          which have Type=oneshot and should only run once, but do not have
          RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
          service may be started again after exiting successfully, for example
          as a dependency in another transaction. Affected services included
          some internal systemd services (most notably
          systemd-vconsole-setup.service, which was updated to have
          RemainAfterExit=yes), and plymouth-start.service. Please ensure that
          plymouth has been suitably updated or patched before upgrading to
          this systemd release. See
          https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
          additional discussion.

        Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
        Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
        Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
        (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
        Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
        Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
        Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
        ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
        Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
        Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
        Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
        Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
        Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
        Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
        Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
        Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
        Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
        Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
        Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
        Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
        Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
        Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
        Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
        Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
        DONG

        – Warsaw, 2020-03-06

CHANGES WITH 244:

        * Support for the cpuset cgroups v2 controller has been added.
          Processes may be restricted to specific CPUs using the new
          AllowedCPUs= setting, and to specific memory NUMA nodes using the new
          AllowedMemoryNodes= setting.

        * The signal used in restart jobs (as opposed to e.g. stop jobs) may
          now be configured using a new RestartKillSignal= setting. This
          allows units which signals to request termination to implement
          different behaviour when stopping in preparation for a restart.

        * "systemctl clean" may now be used also for socket, mount, and swap
          units.

        * systemd will also read configuration options from the EFI variable
          SystemdOptions. This may be used to configure systemd behaviour when
          modifying the kernel command line is inconvenient, but configuration
          on disk is read too late, for example for the options related to
          cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
          set the EFI variable.

        * systemd will now disable printk ratelimits in early boot. This should
          allow us to capture more logs from the early boot phase where normal
          storage is not available and the kernel ring buffer is used for
          logging. Configuration on the kernel command line has higher priority
          and overrides the systemd setting.

          systemd programs which log to /dev/kmsg directly use internal
          ratelimits to prevent runaway logging. (Normally this is only used
          during early boot, so in practice this change has very little
          effect.)

        * Unit files now support top level dropin directories of the form
          <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
          that affects all corresponding unit files.

        * systemctl gained support for 'stop --job-mode=triggering' which will
          stop the specified unit and any units which could trigger it.

        * Unit status display now includes units triggering and triggered by
          the unit being shown.

        * The RuntimeMaxSec= setting is now supported by scopes, not just
          .service units. This is particularly useful for PAM sessions which
          create a scope unit for the user login. systemd.runtime_max_sec=
          setting may used with the pam_systemd module to limit the duration
          of the PAM session, for example for time-limited logins.

        * A new @pkey system call group is now defined to make it easier to
          allow-list memory protection syscalls for containers and services
          which need to use them.

        * systemd-udevd: removed the 30s timeout for killing stale workers on
          exit. systemd-udevd now waits for workers to finish. The hard-coded
          exit timeout of 30s was too short for some large installations, where
          driver initialization could be prematurely interrupted during initrd
          processing if the root file system had been mounted and init was
          preparing to switch root. If udevd is run without systemd and workers
          are hanging while udevd receives an exit signal, udevd will now exit
          when udev.event_timeout is reached for the last hanging worker. With
          systemd, the exit timeout can additionally be configured using
          TimeoutStopSec= in systemd-udevd.service.

        * udev now provides a program (fido_id) that identifies FIDO CTAP1
          ("U2F")/CTAP2 security tokens based on the usage declared in their
          report and descriptor and outputs suitable environment variables.
          This replaces the externally maintained allow lists of all known
          security tokens that were used previously.

        * Automatically generated autosuspend udev rules for allow-listed
          devices have been imported from the Chromium OS project. This should
          improve power saving with many more devices.

        * udev gained a new "CONST{key}=value" setting that allows matching
          against system-wide constants without forking a helper binary.
          Currently "arch" and "virt" keys are supported.

        * udev now opens CDROMs in non-exclusive mode when querying their
          capabilities. This should fix issues where other programs trying to
          use the CDROM cannot gain access to it, but carries a risk of
          interfering with programs writing to the disk, if they did not open
          the device in exclusive mode as they should.

        * systemd-networkd does not create a default route for IPv4 link local
          addressing anymore. The creation of the route was unexpected and was
          breaking routing in various cases, but people who rely on it being
          created implicitly will need to adjust. Such a route may be requested
          with DefaultRouteOnDevice=yes.

          Similarly, systemd-networkd will not assign a link-local IPv6 address
          when IPv6 link-local routing is not enabled.

        * Receive and transmit buffers may now be configured on links with
          the new RxBufferSize= and TxBufferSize= settings.

        * systemd-networkd may now advertise additional IPv6 routes. A new
          [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
          now supported.

        * systemd-networkd may now configure "next hop" routes using the
          [NextHop] section and Gateway= and Id= settings.

        * systemd-networkd will now retain DHCP config on restarts by default
          (but this may be overridden using the KeepConfiguration= setting).
          The default for SendRelease= has been changed to true.

        * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
          received from the server.

          The client will use the received SIP server list if UseSIP=yes is
          set.

          The client may be configured to request specific options from the
          server using a new RequestOptions= setting.

          The client may be configured to send arbitrary options to the server
          using a new SendOption= setting.

          A new IPServiceType= setting has been added to configure the "IP
          service type" value used by the client.

        * The DHCPv6 client learnt a new PrefixDelegationHint= option to
          request prefix hints in the DHCPv6 solicitation.

        * The DHCPv4 server may be configured to send arbitrary options using
          a new SendOption= setting.

        * The DHCPv4 server may now be configured to emit SIP server list using
          the new EmitSIP= and SIP= settings.

        * systemd-networkd and networkctl may now renew DHCP leases on demand.
          networkctl has a new 'networkctl renew' verb.

        * systemd-networkd may now reconfigure links on demand. networkctl
          gained two new verbs: "reload" will reload the configuration, and
          "reconfigure DEVICE…" will reconfigure one or more devices.

        * .network files may now match on SSID and BSSID of a wireless network,
          i.e. the access point name and hardware address using the new SSID=
          and BSSID= options. networkctl will display the current SSID and
          BSSID for wireless links.

          .network files may also match on the wireless network type using the
          new WLANInterfaceType= option.

        * systemd-networkd now includes default configuration that enables
          link-local addressing when connected to an ad-hoc wireless network.

        * systemd-networkd may configure the Traffic Control queueing
          disciplines in the kernel using the new
          [TrafficControlQueueingDiscipline] section and Parent=,
          NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
          NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
          NetworkEmulatorDuplicateRate= settings.

        * systemd-tmpfiles gained a new w+ setting to append to files.

        * systemd-analyze dump will now report when the memory configuration in
          the kernel does not match what systemd has configured (usually,
          because some external program has modified the kernel configuration
          on its own).

        * systemd-analyze gained a new --base-time= switch instructs the
          'calendar' verb to resolve times relative to that timestamp instead
          of the present time.

        * journalctl --update-catalog now produces deterministic output (making
          reproducible image builds easier).

        * A new devicetree-overlay setting is now documented in the Boot Loader
          Specification.

        * The default value of the WatchdogSec= setting used in systemd
          services (the ones bundled with the project itself) may be set at
          configuration time using the -Dservice-watchdog= setting. If set to
          empty, the watchdogs will be disabled.

        * systemd-resolved validates IP addresses in certificates now when GnuTLS
          is being used.

        * libcryptsetup >= 2.0.1 is now required.

        * A configuration option -Duser-path= may be used to override the $PATH
          used by the user service manager. The default is again to use the same
          path as the system manager.

        * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
          outputting the 128-bit IDs in UUID format (i.e. in the "canonical
          representation").

        * Service units gained a new sandboxing option ProtectKernelLogs= which
          makes sure the program cannot get direct access to the kernel log
          buffer anymore, i.e. the syslog() system call (not to be confused
          with the API of the same name in libc, which is not affected), the
          /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
          inaccessible to the service. It's recommended to enable this setting
          for all services that should not be able to read from or write to the
          kernel log buffer, which are probably almost all.

        Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
        Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
        Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
        Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
        Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
        Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
        A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
        Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
        Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
        Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
        Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
        Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
        Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
        Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
        Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
        Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
        Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
        Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
        Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
        Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
        Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
        Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
        Zach Smith, Zbigniew Jędrzejewski-Szmek

        – Warsaw, 2019-11-29

CHANGES WITH 243:

        * This release enables unprivileged programs (i.e. requiring neither
          setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
          by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
          kernel for the whole UNIX group range, i.e. all processes. This
          change should be reasonably safe, as the kernel support for it was
          specifically implemented to allow safe access to ICMP Echo for
          processes lacking any privileges. If this is not desirable, it can be
          disabled again by setting the parameter to "1 0".

        * Previously, filters defined with SystemCallFilter= would have the
          effect that any calling of an offending system call would terminate
          the calling thread. This behaviour never made much sense, since
          killing individual threads of unsuspecting processes is likely to
          create more problems than it solves. With this release the default
          action changed from killing the thread to killing the whole
          process. For this to work correctly both a kernel version (>= 4.14)
          and a libseccomp version (>= 2.4.0) supporting this new seccomp
          action is required. If an older kernel or libseccomp is used the old
          behaviour continues to be used. This change does not affect any
          services that have no system call filters defined, or that use
          SystemCallErrorNumber= (and thus see EPERM or another error instead
          of being killed when calling an offending system call). Note that
          systemd documentation always claimed that the whole process is
          killed. With this change behaviour is thus adjusted to match the
          documentation.

        * On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
          4194304 by default, i.e. the full 22bit range the kernel allows, up
          from the old 16-bit range. This should improve security and
          robustness, as PID collisions are made less likely (though certainly
          still possible). There are rumours this might create compatibility
          problems, though at this moment no practical ones are known to
          us. Downstream distributions are hence advised to undo this change in
          their builds if they are concerned about maximum compatibility, but
          for everybody else we recommend leaving the value bumped. Besides
          improving security and robustness this should also simplify things as
          the maximum number of allowed concurrent tasks was previously bounded
          by both "kernel.pid_max" and "kernel.threads-max" and now effectively
          only a single knob is left ("kernel.threads-max"). There have been
          concerns that usability is affected by this change because larger PID
          numbers are harder to type, but we believe the change from 5 digits
          to 7 digits doesn't hamper usability.

        * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
          DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
          hierarchically set default memory protection values for a particular
          subtree of the unit hierarchy.

        * Memory protection directives can now take a value of zero, allowing
          explicit opting out of a default value propagated by an ancestor.

        * systemd now defaults to the "unified" cgroup hierarchy setup during
          build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
          default. Previously, -Ddefault-hierarchy=hybrid was the default. This
          change reflects the fact that cgroupsv2 support has matured
          substantially in both systemd and in the kernel, and is clearly the
          way forward. Downstream production distributions might want to
          continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
          their builds as unfortunately the popular container managers have not
          caught up with the kernel API changes.

        * Man pages are not built by default anymore (html pages were already
          disabled by default), to make development builds quicker. When
          building systemd for a full installation with documentation, meson
          should be called with -Dman=true and/or -Dhtml=true as appropriate.
          The default was changed based on the assumption that quick one-off or
          repeated development builds are much more common than full optimized
          builds for installation, and people need to pass various other
          options to when doing "proper" builds anyway, so the gain from making
          development builds quicker is bigger than the one time disruption for
          packagers.

          Two scripts are created in the *build* directory to generate and
          preview man and html pages on demand, e.g.:

          build/man/man systemctl
          build/man/html systemd.index

        * libidn2 is used by default if both libidn2 and libidn are installed.
          Please use -Dlibidn=true if libidn is preferred.

        * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
          big-endian machines. Before, bytes were written and read in native
          machine order as exposed by the native libc __cpu_mask interface.
          Now, little-endian order is always used (CPUs 0–7 are described by
          bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
          This change fixes D-Bus calls that cross endianness boundary.

          The presentation format used for CPUAffinity= by "systemctl show" and
          "systemd-analyze dump" is changed to present CPU indices instead of
          the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
          shown as CPUAffinity=03000000000000000000000000000… (on
          little-endian) or CPUAffinity=00000000000000300000000000000… (on
          64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
          input format. The maximum integer that will be printed in the new
          format is 8191 (four digits), while the old format always used a very
          long number (with the length varying by architecture), so they can be
          unambiguously distinguished.

        * /usr/sbin/halt.local is no longer supported. Implementation in
          distributions was inconsistent and it seems this functionality was
          very rarely used.

          To replace this functionality, users should:
          - either define a new unit and make it a dependency of final.target
            (systemctl add-wants final.target my-halt-local.service)
          - or move the shutdown script to /usr/lib/systemd/system-shutdown/
            and ensure that it accepts "halt", "poweroff", "reboot", and
            "kexec" as an argument, see the description in systemd-shutdown(8).

        * When a [Match] section in .link or .network file is empty (contains
          no match patterns), a warning will be emitted. Please add any "match
          all" pattern instead, e.g. OriginalName=* or Name=* in case all
          interfaces should really be matched.

        * A new setting NUMAPolicy= may be used to set process memory
          allocation policy. This setting can be specified in
          /etc/systemd/system.conf and hence will set the default policy for
          PID1. The default policy can be overridden on a per-service
          basis. The related setting NUMAMask= is used to specify NUMA node
          mask that should be associated with the selected policy.

        * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
          generates when processes it manages are reaching their memory limits,
          and will place their units in a special state, and optionally kill or
          stop the whole unit.

        * The service manager will now expose bus properties for the IO
          resources used by units. This information is also shown in "systemctl
          status" now (for services that have IOAccounting=yes set). Moreover,
          the IO accounting data is included in the resource log message
          generated whenever a unit stops.

        * Units may now configure an explicit timeout to wait for when killed
          with SIGABRT, for example when a service watchdog is hit. Previously,
          the regular TimeoutStopSec= timeout was applied in this case too —
          now a separate timeout may be set using TimeoutAbortSec=.

        * Services may now send a special WATCHDOG=trigger message with
          sd_notify() to trigger an immediate "watchdog missed" event, and thus
          trigger service termination. This is useful both for testing watchdog
          handling, but also for defining error paths in services, that shall
          be handled the same way as watchdog events.

        * There are two new per-unit settings IPIngressFilterPath= and
          IPEgressFilterPath= which allow configuration of a BPF program
          (usually by specifying a path to a program uploaded to /sys/fs/bpf/)
          to apply to the IP packet ingress/egress path of all processes of a
          unit. This is useful to allow running systemd services with BPF
          programs set up externally.

        * systemctl gained a new "clean" verb for removing the state, cache,
          runtime or logs directories of a service while it is terminated. The
          new verb may also be used to remove the state maintained on disk for
          timer units that have Persistent= configured.

        * During the last phase of shutdown systemd will now automatically
          increase the log level configured in the "kernel.printk" sysctl so
          that any relevant loggable events happening during late shutdown are
          made visible. Previously, loggable events happening so late during
          shutdown were generally lost if the "kernel.printk" sysctl was set to
          high thresholds, as regular logging daemons are terminated at that
          time and thus nothing is written to disk.

        * If processes terminated during the last phase of shutdown do not exit
          quickly systemd will now show their names after a short time, to make
          debugging easier. After a longer timeout they are forcibly killed,
          as before.

        * journalctl (and the other tools that display logs) will now highlight
          warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
          shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
          are now shown in blue color, to separate them visually from regular
          logs. References to configuration files are now turned into clickable
          links on terminals that support that.

        * systemd-journald will now stop logging to /var/log/journal during
          shutdown when /var/ is on a separate mount, so that it can be
          unmounted safely during shutdown.

        * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.

        * systemd-resolved "Cache=" configuration option in resolved.conf has
          been extended to also accept the 'no-negative' value. Previously,
          only a boolean option was allowed (yes/no), having yes as the
          default. If this option is set to 'no-negative', negative answers are
          not cached while the old cache heuristics are used positive answers.
          The default remains unchanged.

        * The predictable naming scheme for network devices now supports
          generating predictable names for "netdevsim" devices.

          Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
          udev property.

          Those two changes form a new net.naming_scheme= entry.  Distributions
          which want to preserve naming stability may want to set the
          -Ddefault-net-naming-scheme= configuration option.

        * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
          interfaces natively.

        * systemd-networkd's bridge FDB support now allows configuration of a
          destination address for each entry (Destination=), as well as the
          VXLAN VNI (VNI=), as well as an option to declare what an entry is
          associated with (AssociatedWith=).

        * systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
          option for configuring the maximum number of DHCP lease requests. It
          also learnt a new BlackList= option for deny-listing DHCP servers (a
          similar setting has also been added to the IPv6 RA client), as well
          as a SendRelease= option for configuring whether to send a DHCP
          RELEASE message when terminating.

        * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
          separately in the [DHCPv4] and [DHCPv6] sections.

        * systemd-networkd's DHCP support will now optionally create an
          implicit host route to the DNS server specified in the DHCP lease, in
          addition to the routes listed explicitly in the lease. This should
          ensure that in multi-homed systems DNS traffic leaves the systems on
          the interface that acquired the DNS server information even if other
          routes such as default routes exist. This behaviour may be turned on
          with the new RoutesToDNS= option.

        * systemd-networkd's VXLAN support gained a new option
          GenericProtocolExtension= for enabling VXLAN Generic Protocol
          Extension support, as well as IPDoNotFragment= for setting the IP
          "Don't fragment" bit on outgoing packets. A similar option has been
          added to the GENEVE support.

        * In systemd-networkd's [Route] section you may now configure
          FastOpenNoCookie= for configuring per-route TCP fast-open support, as
          well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
          propagation. The Type= setting now supports local, broadcast,
          anycast, multicast, any, xresolve routes, too.

        * systemd-networkd's [Network] section learnt a new option
          DefaultRouteOnDevice= for automatically configuring a default route
          onto the network device.

        * systemd-networkd's bridging support gained two new options ProxyARP=
          and ProxyARPWifi= for configuring proxy ARP behaviour as well as
          MulticastRouter= for configuring multicast routing behaviour. A new
          option MulticastIGMPVersion= may be used to change bridge's multicast
          Internet Group Management Protocol (IGMP) version.

        * systemd-networkd's FooOverUDP support gained the ability to configure
          local and peer IP addresses via Local= and Peer=. A new option
          PeerPort= may be used to configure the peer's IP port.

        * systemd-networkd's TUN support gained a new setting VnetHeader= for
          tweaking Generic Segment Offload support.

        * The address family for policy rules may be specified using the new
          Family= option in the [RoutingPolicyRule] section.

        * networkctl gained a new "delete" command for removing virtual network
          devices, as well as a new "--stats" switch for showing device
          statistics.

        * networkd.conf gained a new setting SpeedMeter= and
          SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
          measured speed may be shown by 'networkctl status'.

        * "networkctl status" now displays MTU and queue lengths, and more
          detailed information about VXLAN and bridge devices.

        * systemd-networkd's .network and .link files gained a new Property=
          setting in the [Match] section, to match against devices with
          specific udev properties.

        * systemd-networkd's tunnel support gained a new option
          AssignToLoopback= for selecting whether to use the loopback device
          "lo" as underlying device.

        * systemd-networkd's MACAddress= setting in the [Neighbor] section has
          been renamed to LinkLayerAddress=, and it now allows configuration of
          IP addresses, too.

        * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
          simplified: systemd-networkd will disable the sysctl (enable IPv6) if
          IPv6 configuration (static or DHCPv6) was found for a given
          interface. It will not touch the sysctl otherwise.

        * The order of entries is $PATH used by the user manager instance was
          changed to put bin/ entries before the corresponding sbin/ entries.
          It is recommended to not rely on this order, and only ever have one
          binary with a given name in the system paths under /usr.

        * A new tool systemd-network-generator has been added that may generate
          .network, .netdev and .link files from IP configuration specified on
          the kernel command line in the format used by Dracut.

        * The CriticalConnection= setting in .network files is now deprecated,
          and replaced by a new KeepConfiguration= setting which allows more
          detailed configuration of the IP configuration to keep in place.

        * systemd-analyze gained a few new verbs:

          - "systemd-analyze timestamp" parses and converts timestamps. This is
            similar to the existing "systemd-analyze calendar" command which
            does the same for recurring calendar events.

          - "systemd-analyze timespan" parses and converts timespans (i.e.
            durations as opposed to points in time).

          - "systemd-analyze condition" will parse and test ConditionXYZ=
            expressions.

          - "systemd-analyze exit-status" will parse and convert exit status
            codes to their names and back.

          - "systemd-analyze unit-files" will print a list of all unit
            file paths and unit aliases.

        * SuccessExitStatus=, RestartPreventExitStatus=, and
          RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
          is equivalent to "65"). Those exit status name mappings may be
          displayed with the systemd-analyze exit-status verb describe above.

        * systemd-logind now exposes a per-session SetBrightness() bus call,
          which may be used to securely change the brightness of a kernel
          brightness device, if it belongs to the session's seat. By using this
          call unprivileged clients can make changes to "backlight" and "leds"
          devices securely with strict requirements on session membership.
          Desktop environments may use this to generically make brightness
          changes to such devices without shipping private SUID binaries or
          udev rules for that purpose.

        * "udevadm info" gained a --wait-for-initialization switch to wait for
          a device to be initialized.

        * systemd-hibernate-resume-generator will now look for resumeflags= on
          the kernel command line, which is similar to rootflags= and may be
          used to configure device timeout for the hibernation device.

        * sd-event learnt a new API call sd_event_source_disable_unref() for
          disabling and unref'ing an event source in a single function. A
          related call sd_event_source_disable_unrefp() has been added for use
          with gcc's cleanup extension.

        * The sd-id128.h public API gained a new definition
          SD_ID128_UUID_FORMAT_STR for formatting a 128-bit ID in UUID format
          with printf().

        * "busctl introspect" gained a new switch --xml-interface for dumping
          XML introspection data unmodified.

        * PID 1 may now show the unit name instead of the unit description
          string in its status output during boot. This may be configured in
          the StatusUnitFormat= setting in /etc/systemd/system.conf or the
          kernel command line option systemd.status_unit_format=.

        * PID 1 now understands a new option KExecWatchdogSec= in
          /etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
          Previously watchdog functionality was only available for regular
          reboots. The new setting defaults to off, because we don't know in
          the general case if the watchdog will be reset after kexec (some
          drivers do reset it, but not all), and the new userspace might not be
          configured to handle the watchdog.

          Moreover, the old ShutdownWatchdogSec= setting has been renamed to
          RebootWatchdogSec= to more clearly communicate what it is about. The
          old name is still accepted for compatibility.

        * The systemd.debug_shell kernel command line option now optionally
          takes a tty name to spawn the debug shell on, which allows a
          different tty to be selected than the built-in default.

        * Service units gained a new ExecCondition= setting which will run
          before ExecStartPre= and either continue execution of the unit (for
          clean exit codes), stop execution without marking the unit failed
          (for exit codes 1 through 254), or stop execution and fail the unit
          (for exit code 255 or abnormal termination).

        * A new service systemd-pstore.service has been added that pulls data
          from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
          review.

        * timedatectl gained new verbs for configuring per-interface NTP
          service configuration for systemd-timesyncd.

        * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
          2019. (You can set non-UTF-8 locales though, if you know their name.)

        * If variable assignments in sysctl.d/ files are prefixed with "-" any
          failures to apply them are now ignored.

        * systemd-random-seed.service now optionally credits entropy when
          applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
          true for the service to enable this behaviour, but please consult the
          documentation first, since this comes with a couple of caveats.

        * systemd-random-seed.service is now a synchronization point for full
          initialization of the kernel's entropy pool. Services that require
          /dev/urandom to be correctly initialized should be ordered after this
          service.

        * The systemd-boot boot loader has been updated to optionally maintain
          a random seed file in the EFI System Partition (ESP). During the boot
          phase, this random seed is read and updated with a new seed
          cryptographically derived from it. Another derived seed is passed to
          the OS. The latter seed is then credited to the kernel's entropy pool
          very early during userspace initialization (from PID 1). This allows
          systems to boot up with a fully initialized kernel entropy pool from
          earliest boot on, and thus entirely removes all entropy pool
          initialization delays from systems using systemd-boot. Special care
          is taken to ensure different seeds are derived on system images
          replicated to multiple systems. "bootctl status" will show whether
          a seed was received from the boot loader.

        * bootctl gained two new verbs:

          - "bootctl random-seed" will generate the file in ESP and an EFI
            variable to allow a random seed to be passed to the OS as described
            above.

          - "bootctl is-installed" checks whether systemd-boot is currently
            installed.

        * bootctl will warn if it detects that boot entries are misconfigured
          (for example if the kernel image was removed without purging the
          bootloader entry).

        * A new document has been added describing systemd's use and support
          for the kernel's entropy pool subsystem:

          https://systemd.io/RANDOM_SEEDS

        * When the system is hibernated the swap device to write the
          hibernation image to is now automatically picked from all available
          swap devices, preferring the swap device with the highest configured
          priority over all others, and picking the device with the most free
          space if there are multiple devices with the highest priority.

        * /etc/crypttab support has learnt a new keyfile-timeout= per-device
          option that permits selecting the timeout how long to wait for a
          device with an encryption key before asking for the password.

        * IOWeight= has learnt to properly set the IO weight when using the
          BFQ scheduler officially found in kernels 5.0+.

        * A new mailing list has been created for reporting of security issues:
          systemd-security@redhat.com. For mode details, see
          https://systemd.io/CONTRIBUTING#security-vulnerability-reports.

        Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
        Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
        Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
        Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
        Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
        Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
        Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
        Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
        Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
        Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
        Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
        Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
        Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
        Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
        Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
        Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
        Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
        Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
        Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
        Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
        Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
        Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
        Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
        Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
        Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
        Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
        Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
        Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
        William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
        Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei

        – Camerino, 2019-09-03

CHANGES WITH 242:

        * In .link files, MACAddressPolicy=persistent (the default) is changed
          to cover more devices. For devices like bridges, tun, tap, bond, and
          similar interfaces that do not have other identifying information,
          the interface name is used as the basis for persistent seed for MAC
          and IPv4LL addresses. The way that devices that were handled
          previously is not changed, and this change is about covering more
          devices then previously by the "persistent" policy.

          MACAddressPolicy=random may be used to force randomized MACs and
          IPv4LL addresses for a device if desired.

          Hint: the log output from udev (at debug level) was enhanced to
          clarify what policy is followed and which attributes are used.
          `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
          may be used to view this.

          Hint: if a bridge interface is created without any slaves, and gains
          a slave later, then now the bridge does not inherit slave's MAC.
          To inherit slave's MAC, for example, create the following file:
          ```
          # /etc/systemd/network/98-bridge-inherit-mac.link
          [Match]
          Type=bridge

          [Link]
          MACAddressPolicy=none
          ```

        * The .device units generated by systemd-fstab-generator and other
          generators do not automatically pull in the corresponding .mount unit
          as a Wants= dependency. This means that simply plugging in the device
          will not cause the mount unit to be started automatically. But please
          note that the mount unit may be started for other reasons, in
          particular if it is part of local-fs.target, and any unit which
          (transitively) depends on local-fs.target is started.

        * networkctl list/status/lldp now accept globbing wildcards for network
          interface names to match against all existing interfaces.

        * The $PIDFILE environment variable is set to point the absolute path
          configured with PIDFile= for processes of that service.

        * The fallback DNS server list was augmented with Cloudflare public DNS
          servers. Use `-Ddns-servers=` to set a different fallback.

        * A new special target usb-gadget.target will be started automatically
          when a USB Device Controller is detected (which means that the system
          is a USB peripheral).

        * A new unit setting CPUQuotaPeriodSec= assigns the time period
          relatively to which the CPU time quota specified by CPUQuota= is
          measured.

        * A new unit setting ProtectHostname= may be used to prevent services
          from modifying hostname information (even if they otherwise would
          have privileges to do so).

        * A new unit setting NetworkNamespacePath= may be used to specify a
          namespace for service or socket units through a path referring to a
          Linux network namespace pseudo-file.

        * The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
          have an effect on .socket units: when used the listening socket is
          created within the configured network namespace instead of the host
          namespace.

        * ExecStart= command lines in unit files may now be prefixed with ':'
          in which case environment variable substitution is
          disabled. (Supported for the other ExecXYZ= settings, too.)

        * .timer units gained two new boolean settings OnClockChange= and
          OnTimezoneChange= which may be used to also trigger a unit when the
          system clock is changed or the local timezone is
          modified. systemd-run has been updated to make these options easily
          accessible from the command line for transient timers.

        * Two new conditions for units have been added: ConditionMemory= may be
          used to conditionalize a unit based on installed system
          RAM. ConditionCPUs= may be used to conditionalize a unit based on
          installed CPU cores.

        * The @default system call filter group understood by SystemCallFilter=
          has been updated to include the new rseq() system call introduced in
          kernel 4.15.

        * A new time-set.target has been added that indicates that the system
          time has been set from a local source (possibly imprecise). The
          existing time-sync.target is stronger and indicates that the time has
          been synchronized with a precise external source. Services where
          approximate time is sufficient should use the new target.

        * "systemctl start" (and related commands) learnt a new
          --show-transaction option. If specified brief information about all
          jobs queued because of the requested operation is shown.

        * systemd-networkd recognizes a new operation state 'enslaved', used
          (instead of 'degraded' or 'carrier') for interfaces which form a
          bridge, bond, or similar, and an new 'degraded-carrier' operational
          state used for the bond or bridge master interface when one of the
          enslaved devices is not operational.

        * .network files learnt the new IgnoreCarrierLoss= option for leaving
          networks configured even if the carrier is lost.

        * The RequiredForOnline= setting in .network files may now specify a
          minimum operational state required for the interface to be considered
          "online" by systemd-networkd-wait-online. Related to this
          systemd-networkd-wait-online gained a new option --operational-state=
          to configure the same, and its --interface= option was updated to
          optionally also take an operational state specific for an interface.

        * systemd-networkd-wait-online gained a new setting --any for waiting
          for only one of the requested interfaces instead of all of them.

        * systemd-networkd now implements L2TP tunnels.

        * Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
          may be used to cause autonomous and onlink prefixes received in IPv6
          Router Advertisements to be ignored.

        * New MulticastFlood=, NeighborSuppression=, and Learning= .network
          file settings may be used to tweak bridge behaviour.

        * The new TripleSampling= option in .network files may be used to
          configure CAN triple sampling.

        * A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
          used to point to private or preshared key for a WireGuard interface.

        * /etc/crypttab now supports the same-cpu-crypt and
          submit-from-crypt-cpus options to tweak encryption work scheduling
          details.

        * systemd-tmpfiles will now take a BSD file lock before operating on a
          contents of directory. This may be used to temporarily exclude
          directories from aging by taking the same lock (useful for example
          when extracting a tarball into /tmp or /var/tmp as a privileged user,
          which might create files with really old timestamps, which
          nevertheless should not be deleted). For further details, see:

          https://systemd.io/TEMPORARY_DIRECTORIES

        * systemd-tmpfiles' h line type gained support for the
          FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
          controlling project quota inheritance.

        * sd-boot and bootctl now implement support for an Extended Boot Loader
          (XBOOTLDR) partition, that is intended to be mounted to /boot, in
          addition to the ESP partition mounted to /efi or /boot/efi.
          Configuration file fragments, kernels, initrds and other EFI images
          to boot will be loaded from both the ESP and XBOOTLDR partitions.
          The XBOOTLDR partition was previously described by the Boot Loader
          Specification, but implementation was missing in sd-boot. Support for
          this concept allows using the sd-boot boot loader in more
          conservative scenarios where the boot loader itself is placed in the
          ESP but the kernels to boot (and their metadata) in a separate
          partition.

        * A system may now be booted with systemd.volatile=overlay on the
          kernel command line, which causes the root file system to be set up
          an overlayfs mount combining the root-only root directory with a
          writable tmpfs. In this setup, the underlying root device is not
          modified, and any changes are lost at reboot.

        * Similar, systemd-nspawn can now boot containers with a volatile
          overlayfs root with the new --volatile=overlay switch.

        * systemd-nspawn can now consume OCI runtime bundles using a new
          --oci-bundle= option. This implementation is fully usable, with most
          features in the specification implemented, but since this a lot of
          new code and functionality, this feature should most likely not
          be used in production yet.

        * systemd-nspawn now supports various options described by the OCI
          runtime specification on the command-line and in .nspawn files:
          --inaccessible=/Inaccessible= may be used to mask parts of the file
          system tree, --console=/--pipe may be used to configure how standard
          input, output, and error are set up.

        * busctl learned the `emit` verb to generate D-Bus signals.

        * systemd-analyze cat-config may be used to gather and display
          configuration spread over multiple files, for example system and user
          presets, tmpfiles.d, sysusers.d, udev rules, etc.

        * systemd-analyze calendar now takes an optional new parameter
          --iterations= which may be used to show a maximum number of iterations
          the specified expression will elapse next.

        * The sd-bus C API gained support for naming method parameters in the
          introspection data.

        * systemd-logind gained D-Bus APIs to specify the "reboot parameter"
          the reboot() system call expects.

        * journalctl learnt a new --cursor-file= option that points to a file
          from which a cursor should be loaded in the beginning and to which
          the updated cursor should be stored at the end.

        * ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
          detected by systemd-detect-virt (and may also be used in
          ConditionVirtualization=).

        * The behaviour of systemd-logind may now be modified with environment
          variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
          $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
          $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
          skip the relevant operation completely (when set to false), or to
          create a flag file in /run/systemd (when set to true), instead of
          actually commencing the real operation when requested. The presence
          of /run/systemd/reboot-to-firmware-setup,
          /run/systemd/reboot-to-boot-loader-menu, and
          /run/systemd/reboot-to-boot-loader-entry, may be used by alternative
          boot loader implementations to replace some steps logind performs
          during reboot with their own operations.

        * systemctl can be used to request a reboot into the boot loader menu
          or a specific boot loader entry with the new --boot-load-menu= and
          --boot-loader-entry= options to a reboot command. (This requires a
          boot loader that supports this, for example sd-boot.)

        * kernel-install will no longer unconditionally create the output
          directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
          snippets, but will do only if the machine-specific parent directory
          (i.e. /efi/<machine-id>/) already exists. bootctl has been modified
          to create this parent directory during sd-boot installation.

          This makes it easier to use kernel-install with plugins which support
          a different layout of the bootloader partitions (for example grub2).

        * During package installation (with `ninja install`), we would create
          symlinks for getty@tty1.service, systemd-networkd.service,
          systemd-networkd.socket, systemd-resolved.service,
          remote-cryptsetup.target, remote-fs.target,
          systemd-networkd-wait-online.service, and systemd-timesyncd.service
          in /etc, as if `systemctl enable` was called for those units, to make
          the system usable immediately after installation. Now this is not
          done anymore, and instead calling `systemctl preset-all` is
          recommended after the first installation of systemd.

        * A new boolean sandboxing option RestrictSUIDSGID= has been added that
          is built on seccomp. When turned on creation of SUID/SGID files is
          prohibited.

        * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
          implied if DynamicUser= is turned on for a service. This hardens
          these services, so that they neither can benefit from nor create
          SUID/SGID executables. This is a minor compatibility breakage, given
          that when DynamicUser= was first introduced SUID/SGID behaviour was
          unaffected. However, the security benefit of these two options is
          substantial, and the setting is still relatively new, hence we opted
          to make it mandatory for services with dynamic users.

        Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
        Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
        Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
        Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
        Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
        Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
        Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
        Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
        Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
        Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
        Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
        Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
        Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
        Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
        Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
        Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
        Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
        Yu Watanabe, Zbigniew Jędrzejewski-Szmek

        — Warsaw, 2019-04-11

CHANGES WITH 241:

        * The default locale can now be configured at compile time. Otherwise,
          a suitable default will be selected automatically (one of C.UTF-8,
          en_US.UTF-8, and C).

        * The version string shown by systemd and other tools now includes the
          git commit hash when built from git. An override may be specified
          during compilation, which is intended to be used by distributions to
          include the package release information.

        * systemd-cat can now filter standard input and standard error streams
          for different syslog priorities using the new --stderr-priority=
          option.

        * systemd-journald and systemd-journal-remote reject entries which
          contain too many fields (CVE-2018-16865) and set limits on the
          process' command line length (CVE-2018-16864).

        * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
          again.

        * A new network device NamePolicy "keep" is implemented for link files,
          and used by default in 99-default.link (the fallback configuration
          provided by systemd). With this policy, if the network device name
          was already set by userspace, the device will not be renamed again.
          This matches the naming scheme that was implemented before
          systemd-240. If naming-scheme < 240 is specified, the "keep" policy
          is also enabled by default, even if not specified. Effectively, this
          means that if naming-scheme >= 240 is specified, network devices will
          be renamed according to the configuration, even if they have been
          renamed already, if "keep" is not specified as the naming policy in
          the .link file. The 99-default.link file provided by systemd includes
          "keep" for backwards compatibility, but it is recommended for user
          installed .link files to *not* include it.

          The "kernel" policy, which keeps kernel names declared to be
          "persistent", now works again as documented.

        * kernel-install script now optionally takes the paths to one or more
          initrd files, and passes them to all plugins.

        * The mincore() system call has been dropped from the @system-service
          system call filter group, as it is pretty exotic and may potentially
          used for side-channel attacks.

        * -fPIE is dropped from compiler and linker options. Please specify
          -Db_pie=true option to meson to build position-independent
          executables. Note that the meson option is supported since meson-0.49.

        * The fs.protected_regular and fs.protected_fifos sysctls, which were
          added in Linux 4.19 to make some data spoofing attacks harder, are
          now enabled by default. While this will hopefully improve the
          security of most installations, it is technically a backwards
          incompatible change; to disable these sysctls again, place the
          following lines in /etc/sysctl.d/60-protected.conf or a similar file:

              fs.protected_regular = 0
              fs.protected_fifos = 0

          Note that the similar hardlink and symlink protection has been
          enabled since v199, and may be disabled likewise.

        * The files read from the EnvironmentFile= setting in unit files now
          parse backslashes inside quotes literally, matching the behaviour of
          POSIX shells.

        * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
          now automatically become NOPs when run in a chroot() environment.

        * The tmpfiles.d/ "C" line type will now copy directory trees not only
          when the destination is so far missing, but also if it already exists
          as a directory and is empty. This is useful to cater for systems
          where directory trees are put together from multiple separate mount
          points but otherwise empty.

        * A new function sd_bus_close_unref() (and the associated
          sd_bus_close_unrefp()) has been added to libsystemd, that combines
          sd_bus_close() and sd_bus_unref() in one.

        * udevadm control learnt a new option for --ping for testing whether a
          systemd-udevd instance is running and reacting.

        * udevadm trigger learnt a new option for --wait-daemon for waiting
          systemd-udevd daemon to be initialized.

        Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
        Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
        Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
        Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
        John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
        Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
        James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
        Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
        Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
        Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
        marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
        Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
        Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
        James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
        Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
        Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски

        — Berlin, 2019-02-14

CHANGES WITH 240:

        * NoNewPrivileges=yes has been set for all long-running services
          implemented by systemd. Previously, this was problematic due to
          SELinux (as this would also prohibit the transition from PID1's label
          to the service's label). This restriction has since been lifted, but
          an SELinux policy update is required.
          (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)

        * DynamicUser=yes is dropped from systemd-networkd.service,
          systemd-resolved.service and systemd-timesyncd.service, which was
          enabled in v239 for systemd-networkd.service and systemd-resolved.service,
          and since v236 for systemd-timesyncd.service. The users and groups
          systemd-network, systemd-resolve and systemd-timesync are created
          by systemd-sysusers again. Distributors or system administrators
          may need to create these users and groups if they not exist (or need
          to re-enable DynamicUser= for those units) while upgrading systemd.
          Also, the clock file for systemd-timesyncd may need to move from
          /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.

        * When unit files are loaded from disk, previously systemd would
          sometimes (depending on the unit loading order) load units from the
          target path of symlinks in .wants/ or .requires/ directories of other
          units. This meant that unit could be loaded from different paths
          depending on whether the unit was requested explicitly or as a
          dependency of another unit, not honouring the priority of directories
          in search path. It also meant that it was possible to successfully
          load and start units which are not found in the unit search path, as
          long as they were requested as a dependency and linked to from
          .wants/ or .requires/. The target paths of those symlinks are not
          used for loading units anymore and the unit file must be found in
          the search path.

        * A new service type has been added: Type=exec. It's very similar to
          Type=simple but ensures the service manager will wait for both fork()
          and execve() of the main service binary to complete before proceeding
          with follow-up units. This is primarily useful so that the manager
          propagates any errors in the preparation phase of service execution
          back to the job that requested the unit to be started. For example,
          consider a service that has ExecStart= set to a file system binary
          that doesn't exist. With Type=simple starting the unit would be
          considered instantly successful, as only fork() has to complete
          successfully and the manager does not wait for execve(), and hence
          its failure is seen "too late". With the new Type=exec service type
          starting the unit will fail, as the manager will wait for the
          execve() and notice its failure, which is then propagated back to the
          start job.

          NOTE: with the next release 241 of systemd we intend to change the
          systemd-run tool to default to Type=exec for transient services
          started by it. This should be mostly safe, but in specific corner
          cases might result in problems, as the systemd-run tool will then
          block on NSS calls (such as user name look-ups due to User=) done
          between the fork() and execve(), which under specific circumstances
          might cause problems. It is recommended to specify "-p Type=simple"
          explicitly in the few cases where this applies. For regular,
          non-transient services (i.e. those defined with unit files on disk)
          we will continue to default to Type=simple.

        * The Linux kernel's current default RLIMIT_NOFILE resource limit for
          userspace processes is set to 1024 (soft) and 4096
          (hard). Previously, systemd passed this on unmodified to all
          processes it forked off. With this systemd release the hard limit
          systemd passes on is increased to 512K, overriding the kernel's
          defaults and substantially increasing the number of simultaneous file
          descriptors unprivileged userspace processes can allocate. Note that
          the soft limit remains at 1024 for compatibility reasons: the
          traditional UNIX select() call cannot deal with file descriptors >=
          1024 and increasing the soft limit globally might thus result in
          programs unexpectedly allocating a high file descriptor and thus
          failing abnormally when attempting to use it with select() (of
          course, programs shouldn't use select() anymore, and prefer
          poll()/epoll, but the call unfortunately remains undeservedly popular
          at this time). This change reflects the fact that file descriptor
          handling in the Linux kernel has been optimized in more recent
          kernels and allocating large numbers of them should be much cheaper
          both in memory and in performance than it used to be. Programs that
          want to take benefit of the increased limit have to "opt-in" into
          high file descriptors explicitly by raising their soft limit. Of
          course, when they do that they must acknowledge that they cannot use
          select() anymore (and neither can any shared library they use — or
          any shared library used by any shared library they use and so on).
          Which default hard limit is most appropriate is of course hard to
          decide. However, given reports that ~300K file descriptors are used
          in real-life applications we believe 512K is sufficiently high as new
          default for now. Note that there are also reports that using very
          high hard limits (e.g. 1G) is problematic: some software allocates
          large arrays with one element for each potential file descriptor
          (Java, …) — a high hard limit thus triggers excessively large memory
          allocations in these applications. Hopefully, the new default of 512K
          is a good middle ground: higher than what real-life applications
          currently need, and low enough for avoid triggering excessively large
          allocations in problematic software. (And yes, somebody should fix
          Java.)

        * The fs.nr_open and fs.file-max sysctls are now automatically bumped
          to the highest possible values, as separate accounting of file
          descriptors is no longer necessary, as memcg tracks them correctly as
          part of the memory accounting anyway. Thus, from the four limits on
          file descriptors currently enforced (fs.file-max, fs.nr_open,
          RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
          and keep only the latter two. A set of build-time options
          (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
          has been added to revert this change in behaviour, which might be
          an option for systems that turn off memcg in the kernel.

        * When no /etc/locale.conf file exists (and hence no locale settings
          are in place), systemd will now use the "C.UTF-8" locale by default,
          and set LANG= to it. This locale is supported by various
          distributions including Fedora, with clear indications that upstream
          glibc is going to make it available too. This locale enables UTF-8
          mode by default, which appears appropriate for 2018.

        * The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
          default. This effectively switches the RFC3704 Reverse Path filtering
          from Strict mode to Loose mode. This is more appropriate for hosts
          that have multiple links with routes to the same networks (e.g.
          a client with a Wi-Fi and Ethernet both connected to the internet).

          Consult the kernel documentation for details on this sysctl:
          https://docs.kernel.org/networking/ip-sysctl.html

        * The v239 change to turn on "net.ipv4.tcp_ecn" by default has been
          reverted.

        * CPUAccounting=yes no longer enables the CPU controller when using
          kernel 4.15+ and the unified cgroup hierarchy, as required accounting
          statistics are now provided independently from the CPU controller.

        * Support for disabling a particular cgroup controller within a sub-tree
          has been added through the DisableControllers= directive.

        * cgroup_no_v1=all on the kernel command line now also implies
          using the unified cgroup hierarchy, unless one explicitly passes
          systemd.unified_cgroup_hierarchy=0 on the kernel command line.

        * The new "MemoryMin=" unit file property may now be used to set the
          memory usage protection limit of processes invoked by the unit. This
          controls the cgroup v2 memory.min attribute. Similarly, the new
          "IODeviceLatencyTargetSec=" property has been added, wrapping the new
          cgroup v2 io.latency cgroup property for configuring per-service I/O
          latency.

        * systemd now supports the cgroup v2 devices BPF logic, as counterpart
          to the cgroup v1 "devices" cgroup controller.

        * systemd-escape now is able to combine --unescape with --template. It
          also learnt a new option --instance for extracting and unescaping the
          instance part of a unit name.

        * sd-bus now provides the sd_bus_message_readv() which is similar to
          sd_bus_message_read() but takes a va_list object. The pair
          sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
          has been added for configuring the default method call timeout to
          use. sd_bus_error_move() may be used to efficiently move the contents
          from one sd_bus_error structure to another, invalidating the
          source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
          be used to control whether a bus connection object is automatically
          flushed when an sd-event loop is exited.

        * When processing classic BSD syslog log messages, journald will now
          save the original time-stamp string supplied in the new
          SYSLOG_TIMESTAMP= journal field. This permits consumers to
          reconstruct the original BSD syslog message more correctly.

        * StandardOutput=/StandardError= in service files gained support for
          new "append:…" parameters, for connecting STDOUT/STDERR of a service
          to a file, and appending to it.

        * The signal to use as last step of killing of unit processes is now
          configurable. Previously it was hard-coded to SIGKILL, which may now
          be overridden with the new KillSignal= setting. Note that this is the
          signal used when regular termination (i.e. SIGTERM) does not suffice.
          Similarly, the signal used when aborting a program in case of a
          watchdog timeout may now be configured too (WatchdogSignal=).

        * The XDG_SESSION_DESKTOP environment variable may now be configured in
          the pam_systemd argument line, using the new desktop= switch. This is
          useful to initialize it properly from a display manager without
          having to touch C code.

        * Most configuration options that previously accepted percentage values
          now also accept permille values with the '‰' suffix (instead of '%').

        * systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
          DNS-over-TLS.

        * systemd-resolved's configuration file resolved.conf gained a new
          option ReadEtcHosts= which may be used to turn off processing and
          honoring /etc/hosts entries.

        * The "--wait" switch may now be passed to "systemctl
          is-system-running", in which case the tool will synchronously wait
          until the system finished start-up.

        * hostnamed gained a new bus call to determine the DMI product UUID.

        * On x86-64 systemd will now prefer using the RDRAND processor
          instruction over /dev/urandom whenever it requires randomness that
          neither has to be crypto-grade nor should be reproducible. This
          should substantially reduce the amount of entropy systemd requests
          from the kernel during initialization on such systems, though not
          reduce it to zero. (Why not zero? systemd still needs to allocate
          UUIDs and such uniquely, which require high-quality randomness.)

        * networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
          tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
          for forcing the "Other Information" bit in IPv6 RA messages. The
          bonding logic gained four new options AdActorSystemPriority=,
          AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
          aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
          shuffling of flows. The tunnel logic gained a new
          IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
          Deployment. The policy rule logic gained four new options IPProtocol=,
          SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
          support for the MulticastToUnicast= option. networkd also gained
          support for configuring static IPv4 ARP or IPv6 neighbor entries.

        * .preset files (as read by 'systemctl preset') may now be used to
          instantiate services.

        * /etc/crypttab now understands the sector-size= option to configure
          the sector size for an encrypted partition.

        * Key material for encrypted disks may now be placed on a formatted
          medium, and referenced from /etc/crypttab by the UUID of the file
          system, followed by "=" suffixed by the path to the key file.

        * The "collect" udev component has been removed without replacement, as
          it is neither used nor maintained.

        * When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
          LogsDirectory=, ConfigurationDirectory= settings are used in a
          service the executed processes will now receive a set of environment
          variables containing the full paths of these directories.
          Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
          LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
          are used. Note that these options may be used multiple times per
          service in which case the resulting paths will be concatenated and
          separated by colons.

        * Predictable interface naming has been extended to cover InfiniBand
          NICs. They will be exposed with an "ib" prefix.

        * tmpfiles.d/ line types may now be suffixed with a '-' character, in
          which case the respective line failing is ignored.

        * .link files may now be used to configure the equivalent to the
          "ethtool advertise" commands.

        * The sd-device.h and sd-hwdb.h APIs are now exported, as an
          alternative to libudev.h. Previously, the latter was just an internal
          wrapper around the former, but now these two APIs are exposed
          directly.

        * sd-id128.h gained a new function sd_id128_get_boot_app_specific()
          which calculates an app-specific boot ID similar to how
          sd_id128_get_machine_app_specific() generates an app-specific machine
          ID.

        * A new tool systemd-id128 has been added that can be used to determine
          and generate various 128-bit IDs.

        * /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
          and LOGO=.

        * systemd-hibernate-resume-generator will now honor the "noresume"
          kernel command line option, in which case it will bypass resuming
          from any hibernated image.

        * The systemd-sleep.conf configuration file gained new options
          AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
          AllowHybridSleep= for prohibiting specific sleep modes even if the
          kernel exports them.

        * portablectl is now officially supported and has thus moved to
          /usr/bin/.

        * bootctl learnt the two new commands "set-default" and "set-oneshot"
          for setting the default boot loader item to boot to (either
          persistently or only for the next boot). This is currently only
          compatible with sd-boot, but may be implemented on other boot loaders
          too, that follow the boot loader interface. The updated interface is
          now documented here:

          https://systemd.io/BOOT_LOADER_INTERFACE

        * A new kernel command line option systemd.early_core_pattern= is now
          understood which may be used to influence the core_pattern PID 1
          installs during early boot.

        * busctl learnt two new options -j and --json= for outputting method
          call replies, properties and monitoring output in JSON.

        * journalctl's JSON output now supports simple ANSI coloring as well as
          a new "json-seq" mode for generating RFC7464 output.

        * Unit files now support the %g/%G specifiers that resolve to the UNIX
          group/GID of the service manager runs as, similar to the existing
          %u/%U specifiers that resolve to the UNIX user/UID.

        * systemd-logind learnt a new global configuration option
          UserStopDelaySec= that may be set in logind.conf. It specifies how
          long the systemd --user instance shall remain started after a user
          logs out. This is useful to speed up repetitive re-connections of the
          same user, as it means the user's service manager doesn't have to be
          stopped/restarted on each iteration, but can be reused between
          subsequent options. This setting defaults to 10s. systemd-logind also
          exports two new properties on its Manager D-Bus objects indicating
          whether the system's lid is currently closed, and whether the system
          is on AC power.

        * systemd gained support for a generic boot counting logic, which
          generically permits automatic reverting to older boot loader entries
          if newer updated ones don't work. The boot loader side is implemented
          in sd-boot, but is kept open for other boot loaders too. For details
          see:

          https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT

        * The SuccessAction=/FailureAction= unit file settings now learnt two
          new parameters: "exit" and "exit-force", which result in immediate
          exiting of the service manager, and are only useful in systemd --user
          and container environments.

        * Unit files gained support for a pair of options
          FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
          exit status to use as service manager exit status when
          SuccessAction=/FailureAction= is set to exit or exit-force.

        * A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
          options may now be used to configure the log rate limiting applied by
          journald per-service.

        * systemd-analyze gained a new verb "timespan" for parsing and
          normalizing time span values (i.e. strings like "5min 7s 8us").

        * systemd-analyze also gained a new verb "security" for analyzing the
          security and sand-boxing settings of services in order to determine an
          "exposure level" for them, indicating whether a service would benefit
          from more sand-boxing options turned on for them.

        * "systemd-analyze syscall-filter" will now also show system calls
          supported by the local kernel but not included in any of the defined
          groups.

        * .nspawn files now understand the Ephemeral= setting, matching the
          --ephemeral command line switch.

        * sd-event gained the new APIs sd_event_source_get_floating() and
          sd_event_source_set_floating() for controlling whether a specific
          event source is "floating", i.e. destroyed along with the even loop
          object itself.

        * Unit objects on D-Bus gained a new "Refs" property that lists all
          clients that currently have a reference on the unit (to ensure it is
          not unloaded).

        * The JoinControllers= option in system.conf is no longer supported, as
          it didn't work correctly, is hard to support properly, is legacy (as
          the concept only exists on cgroup v1) and apparently wasn't used.

        * Journal messages that are generated whenever a unit enters the failed
          state are now tagged with a unique MESSAGE_ID. Similarly, messages
          generated whenever a service process exits are now made recognizable,
          too. A tagged message is also emitted whenever a unit enters the
          "dead" state on success.

        * systemd-run gained a new switch --working-directory= for configuring
          the working directory of the service to start. A shortcut -d is
          equivalent, setting the working directory of the service to the
          current working directory of the invoking program. The new --shell
          (or just -S) option has been added for invoking the $SHELL of the
          caller as a service, and implies --pty --same-dir --wait --collect
          --service-type=exec. Or in other words, "systemd-run -S" is now the
          quickest way to quickly get an interactive in a fully clean and
          well-defined system service context.

        * machinectl gained a new verb "import-fs" for importing an OS tree
          from a directory. Moreover, when a directory or tarball is imported
          and single top-level directory found with the OS itself below the OS
          tree is automatically mangled and moved one level up.

        * systemd-importd will no longer set up an implicit btrfs loop-back
          file system on /var/lib/machines. If one is already set up, it will
          continue to be used.

        * A new generator "systemd-run-generator" has been added. It will
          synthesize a unit from one or more program command lines included in
          the kernel command line. This is very useful in container managers
          for example:

          # systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'

          This will run "systemd-nspawn" on an image, invoke the specified
          command line and immediately shut down the container again, returning
          the command line's exit code.

        * The block device locking logic is now documented:

          https://systemd.io/BLOCK_DEVICE_LOCKING

        * loginctl and machinectl now optionally output the various tables in
          JSON using the --output= switch. It is our intention to add similar
          support to systemctl and all other commands.

        * udevadm's query and trigger verb now optionally take a .device unit
          name as argument.

        * systemd-udevd's network naming logic now understands a new
          net.naming_scheme= kernel command line switch, which may be used to
          pick a specific version of the naming scheme. This helps stabilizing
          interface names even as systemd/udev are updated and the naming logic
          is improved.

        * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
          SD_ID128_ALLF to test if a 128-bit ID is set to all 0xFF bytes, and to
          initialize one to all 0xFF.

        * After loading the SELinux policy systemd will now recursively relabel
          all files and directories listed in
          /run/systemd/relabel-extra.d/*.relabel (which should be simple
          newline separated lists of paths) in addition to the ones it already
          implicitly relabels in /run, /dev and /sys. After the relabelling is
          completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
          removed. This is useful to permit initrds (i.e. code running before
          the SELinux policy is in effect) to generate files in the host
          filesystem safely and ensure that the correct label is applied during
          the transition to the host OS.

        * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
          mknod() handling in user namespaces. Previously mknod() would always
          fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
          but device nodes generated that way cannot be opened, and attempts to
          open them result in EPERM. This breaks the "graceful fallback" logic
          in systemd's PrivateDevices= sand-boxing option. This option is
          implemented defensively, so that when systemd detects it runs in a
          restricted environment (such as a user namespace, or an environment
          where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
          where device nodes cannot be created the effect of PrivateDevices= is
          bypassed (following the logic that 2nd-level sand-boxing is not
          essential if the system systemd runs in is itself already sand-boxed
          as a whole). This logic breaks with 4.18 in container managers where
          user namespacing is used: suddenly PrivateDevices= succeeds setting
          up a private /dev/ file system containing devices nodes — but when
          these are opened they don't work.

          At this point it is recommended that container managers utilizing
          user namespaces that intend to run systemd in the payload explicitly
          block mknod() with seccomp or similar, so that the graceful fallback
          logic works again.

          We are very sorry for the breakage and the requirement to change
          container configurations for newer kernels. It's purely caused by an
          incompatible kernel change. The relevant kernel developers have been
          notified about this userspace breakage quickly, but they chose to
          ignore it.

        * PermissionsStartOnly= setting is deprecated (but is still supported
          for backwards compatibility). The same functionality is provided by
          the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
          commands.

        * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
          pam_systemd anymore.

        * The naming scheme for network devices was changed to always rename
          devices, even if they were already renamed by userspace. The "kernel"
          policy was changed to only apply as a fallback, if no other naming
          policy took effect.

        * The requirements to build systemd is bumped to meson-0.46 and
          python-3.5.

        Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
        Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
        Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
        asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
        Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
        Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
        Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
        Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
        David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
        Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
        Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
        Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
        Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
        Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
        Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
        Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
        Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
        javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
        Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
        Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
        Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
        Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
        Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
        Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
        Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
        Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
        Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
        Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
        Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
        Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
        Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
        Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
        Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
        Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
        Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
        Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
        (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
        Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
        Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
        Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
        Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
        Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
        Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
        Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein

        — Warsaw, 2018-12-21

CHANGES WITH 239:

        * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
          builtin will name network interfaces differently than in previous
          versions for virtual network interfaces created with SR-IOV and NPAR
          and for devices where the PCI network controller device does not have
          a slot number associated.

          SR-IOV virtual devices are now named based on the name of the parent
          interface, with a suffix of "v<N>", where <N> is the virtual device
          number. Previously those virtual devices were named as if completely
          independent.

          The ninth and later NPAR virtual devices will be named following the
          scheme used for the first eight NPAR partitions. Previously those
          devices were not renamed and the kernel default (eth<n>) was used.

          "net_id" will also generate names for PCI devices where the PCI
          network controller device does not have an associated slot number
          itself, but one of its parents does. Previously those devices were
          not renamed and the kernel default (eth<n>) was used.

        * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
          systemd-logind.service. Since v235, IPAddressDeny=any has been set to
          the unit. So, it is expected that the default behavior of
          systemd-logind is not changed. However, if distribution packagers or
          administrators disabled or modified IPAddressDeny= setting by a
          drop-in config file, then it may be necessary to update the file to
          re-enable AF_INET and AF_INET6 to support network user name services,
          e.g. NIS.

        * When the RestrictNamespaces= unit property is specified multiple
          times, then the specified types are merged now. Previously, only the
          last assignment was used. So, if distribution packagers or
          administrators modified the setting by a drop-in config file, then it
          may be necessary to update the file.

        * When OnFailure= is used in combination with Restart= on a service
          unit, then the specified units will no longer be triggered on
          failures that result in restarting. Previously, the specified units
          would be activated each time the unit failed, even when the unit was
          going to be restarted automatically. This behaviour contradicted the
          documentation. With this release the code is adjusted to match the
          documentation.

        * systemd-tmpfiles will now print a notice whenever it encounters
          tmpfiles.d/ lines referencing the /var/run/ directory. It will
          recommend reworking them to use the /run/ directory instead (for
          which /var/run/ is simply a symlinked compatibility alias). This way
          systemd-tmpfiles can properly detect line conflicts and merge lines
          referencing the same file by two paths, without having to access
          them.

        * systemctl disable/unmask/preset/preset-all cannot be used with
          --runtime. Previously this was allowed, but resulted in unintuitive
          behaviour that wasn't useful. systemctl disable/unmask will now undo
          both runtime and persistent enablement/masking, i.e. it will remove
          any relevant symlinks both in /run and /etc.

        * Note that all long-running system services shipped with systemd will
          now default to a system call allow list (rather than a deny list, as
          before). In particular, systemd-udevd will now enforce one too. For
          most cases this should be safe, however downstream distributions
          which disabled sandboxing of systemd-udevd (specifically the
          MountFlags= setting), might want to disable this security feature
          too, as the default allow-listing will prohibit all mount, swap,
          reboot and clock changing operations from udev rules.

        * sd-boot acquired new loader configuration settings to optionally turn
          off Windows and MacOS boot partition discovery as well as
          reboot-into-firmware menu items. It is also able to pick a better
          screen resolution for HiDPI systems, and now provides loader
          configuration settings to change the resolution explicitly.

        * systemd-resolved now supports DNS-over-TLS. It's still
          turned off by default, use DNSOverTLS=opportunistic to turn it on in
          resolved.conf. We intend to make this the default as soon as couple
          of additional techniques for optimizing the initial latency caused by
          establishing a TLS/TCP connection are implemented.

        * systemd-resolved.service and systemd-networkd.service now set
          DynamicUser=yes. The users systemd-resolve and systemd-network are
          not created by systemd-sysusers anymore.

          NOTE: This has a chance of breaking nss-ldap and similar NSS modules
          that embed a network facing module into any process using getpwuid()
          or related call: the dynamic allocation of the user ID for
          systemd-resolved.service means the service manager has to check NSS
          if the user name is already taken when forking off the service. Since
          the user in the common case won't be defined in /etc/passwd the
          lookup is likely to trigger nss-ldap which in turn might use NSS to
          ask systemd-resolved for hostname lookups. This will hence result in
          a deadlock: a user name lookup in order to start
          systemd-resolved.service will result in a hostname lookup for which
          systemd-resolved.service needs to be started already. There are
          multiple ways to work around this problem: pre-allocate the
          "systemd-resolve" user on such systems, so that nss-ldap won't be
          triggered; or use a different NSS package that doesn't do networking
          in-process but provides a local asynchronous name cache; or configure
          the NSS package to avoid lookups for UIDs in the range `pkg-config
          systemd --variable=dynamicuidmin` … `pkg-config systemd
          --variable=dynamicuidmax`, so that it does not consider itself
          authoritative for the same UID range systemd allocates dynamic users
          from.

        * The systemd-resolve tool has been renamed to resolvectl (it also
          remains available under the old name, for compatibility), and its
          interface is now verb-based, similar in style to the other <xyz>ctl
          tools, such as systemctl or loginctl.

        * The resolvectl/systemd-resolve tool also provides 'resolvconf'
          compatibility. It may be symlinked under the 'resolvconf' name, in
          which case it will take arguments and input compatible with the
          Debian and FreeBSD resolvconf tool.

        * Support for suspend-then-hibernate has been added, i.e. a sleep mode
          where the system initially suspends, and after a timeout resumes and
          hibernates again.

        * networkd's ClientIdentifier= now accepts a new option "duid-only". If
          set the client will only send a DUID as client identifier. (EDIT: the
          option was broken, and was dropped in v255.)

        * The nss-systemd glibc NSS module will now enumerate dynamic users and
          groups in effect. Previously, it could resolve UIDs/GIDs to user
          names/groups and vice versa, but did not support enumeration.

        * journald's Compress= configuration setting now optionally accepts a
          byte threshold value. All journal objects larger than this threshold
          will be compressed, smaller ones will not. Previously this threshold
          was not configurable and set to 512.

        * A new system.conf setting NoNewPrivileges= is now available which may
          be used to turn off acquisition of new privileges system-wide
          (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
          for all its children). Note that turning this option on means setuid
          binaries and file system capabilities lose their special powers.
          While turning on this option is a big step towards a more secure
          system, doing so is likely to break numerous pre-existing UNIX tools,
          in particular su and sudo.

        * A new service systemd-time-sync-wait.service has been added. If
          enabled it will delay the time-sync.target unit at boot until time
          synchronization has been received from the network. This
          functionality is useful on systems lacking a local RTC or where it is
          acceptable that the boot process shall be delayed by external network
          services.

        * When hibernating, systemd will now inform the kernel of the image
          write offset, on kernels new enough to support this. This means swap
          files should work for hibernation now.

        * When loading unit files, systemd will now look for drop-in unit files
          extensions in additional places. Previously, for a unit file name
          "foo-bar-baz.service" it would look for dropin files in
          "foo-bar-baz.service.d/*.conf". Now, it will also look in
          "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
          service name truncated after all inner dashes. This scheme allows
          writing drop-ins easily that apply to a whole set of unit files at
          once. It's particularly useful for mount and slice units (as their
          naming is prefix based), but is also useful for service and other
          units, for packages that install multiple unit files at once,
          following a strict naming regime of beginning the unit file name with
          the package's name. Two new specifiers are now supported in unit
          files to match this: %j and %J are replaced by the part of the unit
          name following the last dash.

        * Unit files and other configuration files that support specifier
          expansion now understand another three new specifiers: %T and %V will
          resolve to /tmp and /var/tmp respectively, or whatever temporary
          directory has been set for the calling user. %E will expand to either
          /etc (for system units) or $XDG_CONFIG_HOME (for user units).

        * The ExecStart= lines of unit files are no longer required to
          reference absolute paths. If non-absolute paths are specified the
          specified binary name is searched within the service manager's
          built-in $PATH, which may be queried with 'systemd-path
          search-binaries-default'. It's generally recommended to continue to
          use absolute paths for all binaries specified in unit files.

        * Units gained a new load state "bad-setting", which is used when a
          unit file was loaded, but contained fatal errors which prevent it
          from being started (for example, a service unit has been defined
          lacking both ExecStart= and ExecStop= lines).

        * coredumpctl's "gdb" verb has been renamed to "debug", in order to
          support alternative debuggers, for example lldb. The old name
          continues to be available however, for compatibility reasons. Use the
          new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
          to pick an alternative debugger instead of the default gdb.

        * systemctl and the other tools will now output escape sequences that
          generate proper clickable hyperlinks in various terminal emulators
          where useful (for example, in the "systemctl status" output you can
          now click on the unit file name to quickly open it in the
          editor/viewer of your choice). Note that not all terminal emulators
          support this functionality yet, but many do. Unfortunately, the
          "less" pager doesn't support this yet, hence this functionality is
          currently automatically turned off when a pager is started (which
          happens quite often due to auto-paging). We hope to remove this
          limitation as soon as "less" learns these escape sequences. This new
          behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
          environment variable. For details on these escape sequences see:
          https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda

        * networkd's .network files now support a new IPv6MTUBytes= option for
          setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
          option in the [Route] section to configure the MTU to use for
          specific routes. It also gained support for configuration of the DHCP
          "UserClass" option through the new UserClass= setting. It gained
          three new options in the new [CAN] section for configuring CAN
          networks. The MULTICAST and ALLMULTI interface flags may now be
          controlled explicitly with the new Multicast= and AllMulticast=
          settings.

        * networkd will now automatically make use of the kernel's route
          expiration feature, if it is available.

        * udevd's .link files now support setting the number of receive and
          transmit channels, using the RxChannels=, TxChannels=,
          OtherChannels=, CombinedChannels= settings.

        * Support for UDPSegmentationOffload= has been removed, given its
          limited support in hardware, and waning software support.

        * networkd's .netdev files now support creating "netdevsim" interfaces.

        * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
          to query the unit belonging to a specific kernel control group.

        * systemd-analyze gained a new verb "cat-config", which may be used to
          dump the contents of any configuration file, with all its matching
          drop-in files added in, and honouring the usual search and masking
          logic applied to systemd configuration files. For example use
          "systemd-analyze cat-config systemd/system.conf" to get the complete
          system configuration file of systemd how it would be loaded by PID 1
          itself. Similar to this, various tools such as systemd-tmpfiles or
          systemd-sysusers, gained a new option "--cat-config", which does the
          corresponding operation for their own configuration settings. For
          example, "systemd-tmpfiles --cat-config" will now output the full
          list of tmpfiles.d/ lines in place.

        * timedatectl gained three new verbs: "show" shows bus properties of
          systemd-timedated, "timesync-status" shows the current NTP
          synchronization state of systemd-timesyncd, and "show-timesync"
          shows bus properties of systemd-timesyncd.

        * systemd-timesyncd gained a bus interface on which it exposes details
          about its state.

        * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
          understood by systemd-timedated. It takes a colon-separated list of
          unit names of NTP client services. The list is used by
          "timedatectl set-ntp".

        * systemd-nspawn gained a new --rlimit= switch for setting initial
          resource limits for the container payload. There's a new switch
          --hostname= to explicitly override the container's hostname. A new
          --no-new-privileges= switch may be used to control the
          PR_SET_NO_NEW_PRIVS flag for the container payload. A new
          --oom-score-adjust= switch controls the OOM scoring adjustment value
          for the payload. The new --cpu-affinity= switch controls the CPU
          affinity of the container payload. The new --resolv-conf= switch
          allows more detailed control of /etc/resolv.conf handling of the
          container. Similarly, the new --timezone= switch allows more detailed
          control of /etc/localtime handling of the container.

        * systemd-detect-virt gained a new --list switch, which will print a
          list of all currently known VM and container environments.

        * Support for "Portable Services" has been added, see
          doc/PORTABLE_SERVICES.md for details. Currently, the support is still
          experimental, but this is expected to change soon. Reflecting this
          experimental state, the "portablectl" binary is not installed into
          /usr/bin yet. The binary has to be called with the full path
          /usr/lib/systemd/portablectl instead.

        * journalctl's and systemctl's -o switch now knows a new log output
          mode "with-unit". The output it generates is very similar to the
          regular "short" mode, but displays the unit name instead of the
          syslog tag for each log line. Also, the date is shown with timezone
          information. This mode is probably more useful than the classic
          "short" output mode for most purposes, except where pixel-perfect
          compatibility with classic /var/log/messages formatting is required.

        * A new --dump-bus-properties switch has been added to the systemd
          binary, which may be used to dump all supported D-Bus properties.
          (Options which are still supported, but are deprecated, are *not*
          shown.)

        * sd-bus gained a set of new calls:
          sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
          enable/disable the "floating" state of a bus slot object,
          i.e. whether the slot object pins the bus it is allocated for into
          memory or if the bus slot object gets disconnected when the bus goes
          away. sd_bus_open_with_description(),
          sd_bus_open_user_with_description(),
          sd_bus_open_system_with_description() may be used to allocate bus
          objects and set their description string already during allocation.

        * sd-event gained support for watching inotify events from the event
          loop, in an efficient way, sharing inotify handles between multiple
          users. For this a new function sd_event_add_inotify() has been added.

        * sd-event and sd-bus gained support for calling special user-supplied
          destructor functions for userdata pointers associated with
          sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
          functions sd_bus_slot_set_destroy_callback,
          sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
          sd_bus_track_get_destroy_callback,
          sd_event_source_set_destroy_callback,
          sd_event_source_get_destroy_callback have been added.

        * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.

        * PID 1 will now automatically reschedule .timer units whenever the
          local timezone changes. (They previously got rescheduled
          automatically when the system clock changed.)

        * New documentation has been added to document cgroups delegation,
          portable services and the various code quality tools we have set up:

          https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
          https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
          https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md

        * The Boot Loader Specification has been added to the source tree.

          https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md

          While moving it into our source tree we have updated it and further
          changes are now accepted through the usual github PR workflow.

        * pam_systemd will now look for PAM userdata fields systemd.memory_max,
          systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
          earlier PAM modules. The data in these fields is used to initialize
          the session scope's resource properties. Thus external PAM modules
          may now configure per-session limits, for example sourced from
          external user databases.

        * socket units with Accept=yes will now maintain a "refused" counter in
          addition to the existing "accepted" counter, counting connections
          refused due to the enforced limits.

        * The "systemd-path search-binaries-default" command may now be use to
          query the default, built-in $PATH PID 1 will pass to the services it
          manages.

        * A new unit file setting PrivateMounts= has been added. It's a boolean
          option. If enabled the unit's processes are invoked in their own file
          system namespace. Note that this behaviour is also implied if any
          other file system namespacing options (such as PrivateTmp=,
          PrivateDevices=, ProtectSystem=, …) are used. This option is hence
          primarily useful for services that do not use any of the other file
          system namespacing options. One such service is systemd-udevd.service
          where this is now used by default.

        * ConditionSecurity= gained a new value "uefi-secureboot" that is true
          when the system is booted in UEFI "secure mode".

        * A new unit "system-update-pre.target" is added, which defines an
          optional synchronization point for offline system updates, as
          implemented by the pre-existing "system-update.target" unit. It
          allows ordering services before the service that executes the actual
          update process in a generic way.

        * Systemd now emits warnings whenever .include syntax is used.

        Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
        Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
        J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
        Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
        Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
        Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
        Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
        Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
        guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
        Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
        Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
        Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
        Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
        Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
        Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
        Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
        Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
        Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
        Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
        Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
        Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
        Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
        Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
        Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
        Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
        Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
        Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
        Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
        Yu Watanabe, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2018-06-22

CHANGES WITH 238:

        * The MemoryAccounting= unit property now defaults to on. After
          discussions with the upstream control group maintainers we learnt
          that the negative impact of cgroup memory accounting on current
          kernels is finally relatively minimal, so that it should be safe to
          enable this by default without affecting system performance. Besides
          memory accounting only task accounting is turned on by default, all
          other forms of resource accounting (CPU, IO, IP) remain off for now,
          because it's not clear yet that their impact is small enough to move
          from opt-in to opt-out. We recommend downstreams to leave memory
          accounting on by default if kernel 4.14 or higher is primarily
          used. On very resource constrained systems or when support for old
          kernels is a necessity, -Dmemory-accounting-default=false can be used
          to revert this change.

        * rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
          %udev_rules_update) and the journal catalog (%journal_catalog_update)
          from the upgrade scriptlets of individual packages now do nothing.
          Transfiletriggers have been added which will perform those updates
          once at the end of the transaction.

          Similar transfiletriggers have been added to execute any sysctl.d
          and binfmt.d rules. Thus, it should be unnecessary to provide any
          scriptlets to execute this configuration from package installation
          scripts.

        * systemd-sysusers gained a mode where the configuration to execute is
          specified on the command line, but this configuration is not executed
          directly, but instead it is merged with the configuration on disk,
          and the result is executed. This is useful for package installation
          scripts which want to create the user before installing any files on
          disk (in case some of those files are owned by that user), while
          still allowing local admin overrides.

          This functionality is exposed to rpm scriptlets through a new
          %sysusers_create_package macro. Old %sysusers_create and
          %sysusers_create_inline macros are deprecated.

          A transfiletrigger for sysusers.d configuration is now installed,
          which means that it should be unnecessary to call systemd-sysusers from
          package installation scripts, unless the package installs any files
          owned by those newly-created users, in which case
          %sysusers_create_package should be used.

        * Analogous change has been done for systemd-tmpfiles: it gained a mode
          where the command-line configuration is merged with the configuration
          on disk. This is exposed as the new %tmpfiles_create_package macro,
          and %tmpfiles_create is deprecated. A transfiletrigger is installed
          for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
          from package installation scripts.

        * sysusers.d configuration for a user may now also specify the group
          number, in addition to the user number ("u username 123:456"), or
          without the user number ("u username -:456").

        * Configution items for systemd-sysusers can now be specified as
          positional arguments when the new --inline switch is used.

        * The login shell of users created through sysusers.d may now be
          specified (previously, it was always /bin/sh for root and
          /sbin/nologin for other users).

        * systemd-analyze gained a new --global switch to look at global user
          configuration. It also gained a unit-paths verb to list the unit load
          paths that are compiled into systemd (which can be used with
          --systemd, --user, or --global).

        * udevadm trigger gained a new --settle/-w option to wait for any
          triggered events to finish (but just those, and not any other events
          which are triggered meanwhile).

        * The action that systemd-logind takes when the lid is closed and the
          machine is connected to external power can now be configured using
          HandleLidSwitchExternalPower= in logind.conf. Previously, this action
          was determined by HandleLidSwitch=, and, for backwards compatibility,
          is still is, if HandleLidSwitchExternalPower= is not explicitly set.

        * journalctl will periodically call sd_journal_process() to make it
          resilient against inotify queue overruns when journal files are
          rotated very quickly.

        * Two new functions in libsystemd — sd_bus_get_n_queued_read and
          sd_bus_get_n_queued_write — may be used to check the number of
          pending bus messages.

        * systemd gained a new
          org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
          which can be used to migrate foreign processes to scope and service
          units. The primary user for this new API is systemd itself: the
          systemd --user instance uses this call of the systemd --system
          instance to migrate processes if it itself gets the request to
          migrate processes and the kernel refuses this due to access
          restrictions. Thanks to this "systemd-run --scope --user …" works
          again in pure cgroup v2 environments when invoked from the user
          session scope.

        * A new TemporaryFileSystem= setting can be used to mask out part of
          the real file system tree with tmpfs mounts. This may be combined
          with BindPaths= and BindReadOnlyPaths= to hide files or directories
          not relevant to the unit, while still allowing some paths lower in
          the tree to be accessed.

          ProtectHome=tmpfs may now be used to hide user home and runtime
          directories from units, in a way that is mostly equivalent to
          "TemporaryFileSystem=/home /run/user /root".

        * Non-service units are now started with KeyringMode=shared by default.
          This means that mount and swapon and other mount tools have access
          to keys in the main keyring.

        * /sys/fs/bpf is now mounted automatically.

        * QNX virtualization is now detected by systemd-detect-virt and may
          be used in ConditionVirtualization=.

        * IPAccounting= may now be enabled also for slice units.

        * A new -Dsplit-bin= build configuration switch may be used to specify
          whether bin and sbin directories are merged, or if they should be
          included separately in $PATH and various listings of executable
          directories. The build configuration scripts will try to autodetect
          the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
          system, but distributions are encouraged to configure this
          explicitly.

        * A new -Dok-color= build configuration switch may be used to change
          the colour of "OK" status messages.

        * UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
          PrivateNetwork=yes was buggy in previous versions of systemd. This
          means that after the upgrade and daemon-reexec, any such units must
          be restarted.

        * INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
          will not exclude read-only files owned by root from cleanup.

        Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
        Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
        Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
        de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
        Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
        Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
        Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
        Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
        Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
        Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
        MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
        Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
        Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
        Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
        Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)

        — Warsaw, 2018-03-05

CHANGES WITH 237:

        * Some keyboards come with a zoom see-saw or rocker which until now got
          mapped to the Linux "zoomin/out" keys in hwdb. However, these
          keycodes are not recognized by any major desktop. They now produce
          Up/Down key events so that they can be used for scrolling.

        * INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
          slightly: previously, if an argument was specified for lines of this
          type (i.e. the right-most column was set) this string was appended to
          existing files each time systemd-tmpfiles was run. This behaviour was
          different from what the documentation said, and not particularly
          useful, as repeated systemd-tmpfiles invocations would not be
          idempotent and grow such files without bounds. With this release
          behaviour has been altered to match what the documentation says:
          lines of this type only have an effect if the indicated files don't
          exist yet, and only then the argument string is written to the file.

        * FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
          systemd-tmpfiles behaviour: previously, read-only files owned by root
          were always excluded from the file "aging" algorithm (i.e. the
          automatic clean-up of directories like /tmp based on
          atime/mtime/ctime). We intend to drop this restriction, and age files
          by default even when owned by root and read-only. This behaviour was
          inherited from older tools, but there have been requests to remove
          it, and it's not obvious why this restriction was made in the first
          place. Please speak up now, if you are aware of software that requires
          this behaviour, otherwise we'll remove the restriction in v238.

        * A new environment variable $SYSTEMD_OFFLINE is now understood by
          systemctl. It takes a boolean argument. If on, systemctl assumes it
          operates on an "offline" OS tree, and will not attempt to talk to the
          service manager. Previously, this mode was implicitly enabled if a
          chroot() environment was detected, and this new environment variable
          now provides explicit control.

        * .path and .socket units may now be created transiently, too.
          Previously only service, mount, automount and timer units were
          supported as transient units. The systemd-run tool has been updated
          to expose this new functionality, you may hence use it now to bind
          arbitrary commands to path or socket activation on-the-fly from the
          command line. Moreover, almost all properties are now exposed for the
          unit types that already supported transient operation.

        * The systemd-mount command gained support for a new --owner= parameter
          which takes a user name, which is then resolved and included in uid=
          and gid= mount options string of the file system to mount.

        * A new unit condition ConditionControlGroupController= has been added
          that checks whether a specific cgroup controller is available.

        * Unit files, udev's .link files, and systemd-networkd's .netdev and
          .network files all gained support for a new condition
          ConditionKernelVersion= for checking against specific kernel
          versions.

        * In systemd-networkd, the [IPVLAN] section in .netdev files gained
          support for configuring device flags in the Flags= setting. In the
          same files, the [Tunnel] section gained support for configuring
          AllowLocalRemote=. The [Route] section in .network files gained
          support for configuring InitialCongestionWindow=,
          InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
          understands RapidCommit=.

        * systemd-networkd's DHCPv6 support gained support for Prefix
          Delegation.

        * sd-bus gained support for a new "watch-bind" feature. When this
          feature is enabled, an sd_bus connection may be set up to connect to
          an AF_UNIX socket in the file system as soon as it is created. This
          functionality is useful for writing early-boot services that
          automatically connect to the system bus as soon as it is started,
          without ugly time-based polling. systemd-networkd and
          systemd-resolved have been updated to make use of this
          functionality. busctl exposes this functionality in a new
          --watch-bind= command line switch.

        * sd-bus will now optionally synthesize a local "Connected" signal as
          soon as a D-Bus connection is set up fully. This message mirrors the
          already existing "Disconnected" signal which is synthesized when the
          connection is terminated. This signal is generally useful but
          particularly handy in combination with the "watch-bind" feature
          described above. Synthesizing of this message has to be requested
          explicitly through the new API call sd_bus_set_connected_signal(). In
          addition a new call sd_bus_is_ready() has been added that checks
          whether a connection is fully set up (i.e. between the "Connected" and
          "Disconnected" signals).

        * sd-bus gained two new calls sd_bus_request_name_async() and
          sd_bus_release_name_async() for asynchronously registering bus
          names. Similar, there is now sd_bus_add_match_async() for installing
          a signal match asynchronously. All of systemd's own services have
          been updated to make use of these calls. Doing these operations
          asynchronously has two benefits: it reduces the risk of deadlocks in
          case of cyclic dependencies between bus services, and it speeds up
          service initialization since synchronization points for bus
          round-trips are removed.

        * sd-bus gained two new calls sd_bus_match_signal() and
          sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
          and sd_bus_add_match_async() but instead of taking a D-Bus match
          string take match fields as normal function parameters.

        * sd-bus gained two new calls sd_bus_set_sender() and
          sd_bus_message_set_sender() for setting the sender name of outgoing
          messages (either for all outgoing messages or for just one specific
          one). These calls are only useful in direct connections as on
          brokered connections the broker fills in the sender anyway,
          overwriting whatever the client filled in.

        * sd-event gained a new pseudo-handle that may be specified on all API
          calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
          used this refers to the default event loop object of the calling
          thread. Note however that this does not implicitly allocate one —
          which has to be done prior by using sd_event_default(). Similarly
          sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
          SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
          to the default bus of the specified type of the calling thread. Here
          too this does not implicitly allocate bus connection objects, this
          has to be done prior with sd_bus_default() and friends.

        * sd-event gained a new call pair
          sd_event_source_{get|set}_io_fd_own(). This may be used to request
          automatic closure of the file descriptor an IO event source watches
          when the event source is destroyed.

        * systemd-networkd gained support for natively configuring WireGuard
          connections.

        * In previous versions systemd synthesized user records both for the
          "nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
          internally. In order to simplify distribution-wide renames of the
          "nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
          new transitional flag file has been added: if
          /etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
          user and group record within the systemd codebase is disabled.

        * systemd-notify gained a new --uid= option for selecting the source
          user/UID to use for notification messages sent to the service
          manager.

        * journalctl gained a new --grep= option to list only entries in which
          the message matches a certain pattern. By default matching is case
          insensitive if the pattern is lowercase, and case sensitive
          otherwise. Option --case-sensitive=yes|no can be used to override
          this an specify case sensitivity or case insensitivity.

        * There's now a "systemd-analyze service-watchdogs" command for printing
          the current state of the service runtime watchdog, and optionally
          enabling or disabling the per-service watchdogs system-wide if given a
          boolean argument (i.e. the concept you configure in WatchdogSec=), for
          debugging purposes. There's also a kernel command line option
          systemd.service_watchdogs= for controlling the same.

        * Two new "log-level" and "log-target" options for systemd-analyze were
          added that merge the now deprecated get-log-level, set-log-level and
          get-log-target, set-log-target pairs. The deprecated options are still
          understood for backwards compatibility. The two new options print the
          current value when no arguments are given, and set them when a
          level/target is given as an argument.

        * sysusers.d's "u" lines now optionally accept both a UID and a GID
          specification, separated by a ":" character, in order to create users
          where UID and GID do not match.

        Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
        Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
        Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
        Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
        Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
        Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
        Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
        Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
        Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
        Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
        Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
        Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
        Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
        Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
        Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
        Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
        Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
        Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
        Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
        Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
        Палаузов

        — Brno, 2018-01-28

CHANGES WITH 236:

        * The modprobe.d/ drop-in for the bonding.ko kernel module introduced
          in v235 has been extended to also set the dummy.ko module option
          numdummies=0, preventing the kernel from automatically creating
          dummy0. All dummy interfaces must now be explicitly created.

        * Unknown '%' specifiers in configuration files are now rejected. This
          applies to units and tmpfiles.d configuration. Any percent characters
          that are followed by a letter or digit that are not supposed to be
          interpreted as the beginning of a specifier should be escaped by
          doubling ("%%").  (So "size=5%" is still accepted, as well as
          "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
          valid specifiers today.)

        * systemd-resolved now maintains a new dynamic
          /run/systemd/resolve/stub-resolv.conf compatibility file. It is
          recommended to make /etc/resolv.conf a symlink to it. This file
          points at the systemd-resolved stub DNS 127.0.0.53 resolver and
          includes dynamically acquired search domains, achieving more correct
          DNS resolution by software that bypasses local DNS APIs such as NSS.

        * The "uaccess" udev tag has been dropped from /dev/kvm and
          /dev/dri/renderD*.  These devices now have the 0666 permissions by
          default (but this may be changed at build-time). /dev/dri/renderD*
          will now be owned by the "render" group along with /dev/kfd.

        * "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
          systemd-journal-gatewayd.service and
          systemd-journal-upload.service. This means "nss-systemd" must be
          enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
          services are resolved properly.

        * In /etc/fstab two new mount options are now understood:
          x-systemd.makefs and x-systemd.growfs. The former has the effect that
          the configured file system is formatted before it is mounted, the
          latter that the file system is resized to the full block device size
          after it is mounted (i.e. if the file system is smaller than the
          partition it resides on, it's grown). This is similar to the fsck
          logic in /etc/fstab, and pulls in systemd-makefs@.service and
          systemd-growfs@.service as necessary, similar to
          systemd-fsck@.service. Resizing is currently only supported on ext4
          and btrfs.

        * In systemd-networkd, the IPv6 RA logic now optionally may announce
          DNS server and domain information.

        * Support for the LUKS2 on-disk format for encrypted partitions has
          been added. This requires libcryptsetup2 during compilation and
          runtime.

        * The systemd --user instance will now signal "readiness" when its
          basic.target unit has been reached, instead of when the run queue ran
          empty for the first time.

        * Tmpfiles.d with user configuration are now also supported.
          systemd-tmpfiles gained a new --user switch, and snippets placed in
          ~/.config/user-tmpfiles.d/ and corresponding directories will be
          executed by systemd-tmpfiles --user running in the new
          systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
          running in the user session.

        * Unit files and tmpfiles.d snippets learnt three new % specifiers:
          %S resolves to the top-level state directory (/var/lib for the system
          instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
          top-level cache directory (/var/cache for the system instance,
          $XDG_CACHE_HOME for the user instance), %L resolves to the top-level
          logs directory (/var/log for the system instance,
          $XDG_CONFIG_HOME/log/ for the user instance). This matches the
          existing %t specifier, that resolves to the top-level runtime
          directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
          user instance).

        * journalctl learnt a new parameter --output-fields= for limiting the
          set of journal fields to output in verbose and JSON output modes.

        * systemd-timesyncd's configuration file gained a new option
          RootDistanceMaxSec= for setting the maximum root distance of servers
          it'll use, as well as the new options PollIntervalMinSec= and
          PollIntervalMaxSec= to tweak the minimum and maximum poll interval.

        * bootctl gained a new command "list" for listing all available boot
          menu items on systems that follow the boot loader specification.

        * systemctl gained a new --dry-run switch that shows what would be done
          instead of doing it, and is currently supported by the shutdown and
          sleep verbs.

        * ConditionSecurity= can now detect the TOMOYO security module.

        * Unit file [Install] sections are now also respected in unit drop-in
          files. This is intended to be used by drop-ins under /usr/lib/.

        * systemd-firstboot may now also set the initial keyboard mapping.

        * Udev "changed" events for devices which are exposed as systemd
          .device units are now propagated to units specified in
          ReloadPropagatedFrom= as reload requests.

        * If a udev device has a SYSTEMD_WANTS= property containing a systemd
          unit template name (i.e. a name in the form of 'foobar@.service',
          without the instance component between the '@' and - the '.'), then
          the escaped sysfs path of the device is automatically used as the
          instance.

        * SystemCallFilter= in unit files has been extended so that an "errno"
          can be specified individually for each system call. Example:
          SystemCallFilter=~uname:EILSEQ.

        * The cgroup delegation logic has been substantially updated. Delegate=
          now optionally takes a list of controllers (instead of a boolean, as
          before), which lists the controllers to delegate at least.

        * The networkd DHCPv6 client now implements the FQDN option (RFC 4704).

        * A new LogLevelMax= setting configures the maximum log level any
          process of the service may log at (i.e. anything with a lesser
          priority than what is specified is automatically dropped). A new
          LogExtraFields= setting allows configuration of additional journal
          fields to attach to all log records generated by any of the unit's
          processes.

        * New StandardInputData= and StandardInputText= settings along with the
          new option StandardInput=data may be used to configure textual or
          binary data that shall be passed to the executed service process via
          standard input, encoded in-line in the unit file.

        * StandardInput=, StandardOutput= and StandardError= may now be used to
          connect stdin/stdout/stderr of executed processes directly with a
          file or AF_UNIX socket in the file system, using the new "file:" option.

        * A new unit file option CollectMode= has been added, that allows
          tweaking the garbage collection logic for units. It may be used to
          tell systemd to garbage collect units that have failed automatically
          (normally it only GCs units that exited successfully). systemd-run
          and systemd-mount expose this new functionality with a new -G option.

        * "machinectl bind" may now be used to bind mount non-directories
          (i.e. regularfiles, devices, fifos, sockets).

        * systemd-analyze gained a new verb "calendar" for validating and
          testing calendar time specifications to use for OnCalendar= in timer
          units. Besides validating the expression it will calculate the next
          time the specified expression would elapse.

        * In addition to the pre-existing FailureAction= unit file setting
          there's now SuccessAction=, for configuring a shutdown action to
          execute when a unit completes successfully. This is useful in
          particular inside containers that shall terminate after some workload
          has been completed. Also, both options are now supported for all unit
          types, not just services.

        * networkds's IP rule support gained two new options
          IncomingInterface= and OutgoingInterface= for configuring the incoming
          and outgoing interfaces of configured rules. systemd-networkd also
          gained support for "vxcan" network devices.

        * networkd gained a new setting RequiredForOnline=, taking a
          boolean. If set, systemd-wait-online will take it into consideration
          when determining that the system is up, otherwise it will ignore the
          interface for this purpose.

        * The sd_notify() protocol gained support for a new operation: with
          FDSTOREREMOVE=1 file descriptors may be removed from the per-service
          store again, ahead of POLLHUP or POLLERR when they are removed
          anyway.

        * A new document doc/UIDS-GIDS.md has been added to the source tree,
          that documents the UID/GID range and assignment assumptions and
          requirements of systemd.

        * The watchdog device PID 1 will ping may now be configured through the
          WatchdogDevice= configuration file setting, or by setting the
          systemd.watchdog_service= kernel command line option.

        * systemd-resolved's gained support for registering DNS-SD services on
          the local network using MulticastDNS. Services may either be
          registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
          the same dir below /run, /usr/lib), or through its D-Bus API.

        * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
          extend the effective start, runtime, and stop time. The service must
          continue to send EXTEND_TIMEOUT_USEC within the period specified to
          prevent the service manager from making the service as timedout.

        * systemd-resolved's DNSSEC support gained support for RFC 8080
          (Ed25519 keys and signatures).

        * The systemd-resolve command line tool gained a new set of options
          --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
          --set-nta= and --revert to configure per-interface DNS configuration
          dynamically during runtime. It's useful for pushing DNS information
          into systemd-resolved from DNS hook scripts that various interface
          managing software supports (such as pppd).

        * systemd-nspawn gained a new --network-namespace-path= command line
          option, which may be used to make a container join an existing
          network namespace, by specifying a path to a "netns" file.

        Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
        Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
        Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
        Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
        John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
        Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
        Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
        Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
        Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
        Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
        Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
        Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
        Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
        Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
        Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
        Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
        Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
        Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
        Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
        Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
        Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
        Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek, Zeal Jagannatha

        — Berlin, 2017-12-14

CHANGES WITH 235:

        * INCOMPATIBILITY: systemd-logind.service and other long-running
          services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
          communication with the outside. This generally improves security of
          the system, and is in almost all cases a safe and good choice, as
          these services do not and should not provide any network-facing
          functionality. However, systemd-logind uses the glibc NSS API to
          query the user database. This creates problems on systems where NSS
          is set up to directly consult network services for user database
          lookups. In particular, this creates incompatibilities with the
          "nss-nis" module, which attempts to directly contact the NIS/YP
          network servers it is configured for, and will now consistently
          fail. In such cases, it is possible to turn off IP sandboxing for
          systemd-logind.service (set IPAddressDeny= in its [Service] section
          to the empty string, via a .d/ unit file drop-in). Downstream
          distributions might want to update their nss-nis packaging to include
          such a drop-in snippet, accordingly, to hide this incompatibility
          from the user. Another option is to make use of glibc's nscd service
          to proxy such network requests through a privilege-separated, minimal
          local caching daemon, or to switch to more modern technologies such
          sssd, whose NSS hook-ups generally do not involve direct network
          access. In general, we think it's definitely time to question the
          implementation choices of nss-nis, i.e. whether it's a good idea
          today to embed a network-facing loadable module into all local
          processes that need to query the user database, including the most
          trivial and benign ones, such as "ls". For more details about
          IPAddressDeny= see below.

        * A new modprobe.d drop-in is now shipped by default that sets the
          bonding module option max_bonds=0. This overrides the kernel default,
          to avoid conflicts and ambiguity as to whether or not bond0 should be
          managed by systemd-networkd or not. This resolves multiple issues
          with bond0 properties not being applied, when bond0 is configured
          with systemd-networkd. Distributors may choose to not package this,
          however in that case users will be prevented from correctly managing
          bond0 interface using systemd-networkd.

        * systemd-analyze gained new verbs "get-log-level" and "get-log-target"
          which print the logging level and target of the system manager. They
          complement the existing "set-log-level" and "set-log-target" verbs
          used to change those values.

        * journald.conf gained a new boolean setting ReadKMsg= which defaults
          to on. If turned off kernel log messages will not be read by
          systemd-journald or included in the logs. It also gained a new
          setting LineMax= for configuring the maximum line length in
          STDOUT/STDERR log streams. The new default for this value is 48K, up
          from the previous hardcoded 2048.

        * A new unit setting RuntimeDirectoryPreserve= has been added, which
          allows more detailed control of what to do with a runtime directory
          configured with RuntimeDirectory= (i.e. a directory below /run or
          $XDG_RUNTIME_DIR) after a unit is stopped.

        * The RuntimeDirectory= setting for units gained support for creating
          deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
          one top-level directory.

        * Units gained new options StateDirectory=, CacheDirectory=,
          LogsDirectory= and ConfigurationDirectory= which are closely related
          to RuntimeDirectory= but manage per-service directories below
          /var/lib, /var/cache, /var/log and /etc. By making use of them it is
          possible to write unit files which when activated automatically gain
          properly owned service specific directories in these locations, thus
          making unit files self-contained and increasing compatibility with
          stateless systems and factory reset where /etc or /var are
          unpopulated at boot. Matching these new settings there's also
          StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
          ConfigurationDirectoryMode= for configuring the access mode of these
          directories. These settings are particularly useful in combination
          with DynamicUser=yes as they provide secure, properly-owned,
          writable, and stateful locations for storage, excluded from the
          sandbox that such services live in otherwise.

        * Automake support has been removed from this release. systemd is now
          Meson-only.

        * systemd-journald will now aggressively cache client metadata during
          runtime, speeding up log write performance under pressure. This comes
          at a small price though: as much of the metadata is read
          asynchronously from /proc/ (and isn't implicitly attached to log
          datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
          metadata stored alongside a log entry might be slightly
          out-of-date. Previously it could only be slightly newer than the log
          message. The time window is small however, and given that the kernel
          is unlikely to be improved anytime soon in this regard, this appears
          acceptable to us.

        * nss-myhostname/systemd-resolved will now by default synthesize an
          A/AAAA resource record for the "_gateway" hostname, pointing to the
          current default IP gateway. Previously it did that for the "gateway"
          name, hampering adoption, as some distributions wanted to leave that
          hostname open for local use. The old behaviour may still be
          requested at build time.

        * systemd-networkd's [Address] section in .network files gained a new
          Scope= setting for configuring the IP address scope. The [Network]
          section gained a new boolean setting ConfigureWithoutCarrier= that
          tells systemd-networkd to ignore link sensing when configuring the
          device. The [DHCP] section gained a new Anonymize= boolean option for
          turning on a number of options suggested in RFC 7844. A new
          [RoutingPolicyRule] section has been added for configuring the IP
          routing policy. The [Route] section has gained support for a new
          Type= setting which permits configuring
          blackhole/unreachable/prohibit routes.

        * The [VRF] section in .netdev files gained a new Table= setting for
          configuring the routing table to use. The [Tunnel] section gained a
          new Independent= boolean field for configuring tunnels independent of
          an underlying network interface. The [Bridge] section gained a new
          GroupForwardMask= option for configuration of propagation of link
          local frames between bridge ports.

        * The WakeOnLan= setting in .link files gained support for a number of
          new modes. A new TCP6SegmentationOffload= setting has been added for
          configuring TCP/IPv6 hardware segmentation offload.

        * The IPv6 RA sender implementation may now optionally send out RDNSS
          and RDNSSL records to supply DNS configuration to peers.

        * systemd-nspawn gained support for a new --system-call-filter= command
          line option for adding and removing entries in the default system
          call filter it applies. Moreover systemd-nspawn has been changed to
          implement a system call allow list instead of a deny list.

        * systemd-run gained support for a new --pipe command line option. If
          used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
          are directly passed on to the activated transient service
          executable. This allows invoking arbitrary processes as systemd
          services (for example to take benefit of dependency management,
          accounting management, resource management or log management that is
          done automatically for services) — while still allowing them to be
          integrated in a classic UNIX shell pipeline.

        * When a service sends RELOAD=1 via sd_notify() and reload propagation
          using ReloadPropagationTo= is configured, a reload is now propagated
          to configured units. (Previously this was only done on explicitly
          requested reloads, using "systemctl reload" or an equivalent
          command.)

        * For each service unit a restart counter is now kept: it is increased
          each time the service is restarted due to Restart=, and may be
          queried using "systemctl show -p NRestarts …".

        * New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
          @signal and @timer have been added, for usage with SystemCallFilter=
          in unit files and the new --system-call-filter= command line option
          of systemd-nspawn (see above).

        * ExecStart= lines in unit files gained two new modifiers: when a
          command line is prefixed with "!" the command will be executed as
          configured, except for the credentials applied by
          setuid()/setgid()/setgroups(). It is very similar to the pre-existing
          "+", but does still apply namespacing options unlike "+". There's
          also "!!" now, which is mostly identical, but becomes a NOP on
          systems that support ambient capabilities. This is useful to write
          unit files that work with ambient capabilities where possible but
          automatically fall back to traditional privilege dropping mechanisms
          on systems where this is not supported.

        * ListenNetlink= settings in socket units now support RDMA netlink
          sockets.

        * A new unit file setting LockPersonality= has been added which permits
          locking down the chosen execution domain ("personality") of a service
          during runtime.

        * A new special target "getty-pre.target" has been added, which is
          ordered before all text logins, and may be used to order services
          before textual logins acquire access to the console.

        * systemd will now attempt to load the virtio-rng.ko kernel module very
          early on if a VM environment supporting this is detected. This should
          improve entropy during early boot in virtualized environments.

        * A _netdev option is now supported in /etc/crypttab that operates in a
          similar way as the same option in /etc/fstab: it permits configuring
          encrypted devices that need to be ordered after the network is up.
          Following this logic, two new special targets
          remote-cryptsetup-pre.target and remote-cryptsetup.target have been
          added that are to cryptsetup.target what remote-fs.target and
          remote-fs-pre.target are to local-fs.target.

        * Service units gained a new UnsetEnvironment= setting which permits
          unsetting specific environment variables for services that are
          normally passed to it (for example in order to mask out locale
          settings for specific services that can't deal with it).

        * Units acquired a new boolean option IPAccounting=. When turned on, IP
          traffic accounting (packet count as well as byte count) is done for
          the service, and shown as part of "systemctl status" or "systemd-run
          --wait".

        * Service units acquired two new options IPAddressAllow= and
          IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
          for configuring a simple IP access control list for all sockets of
          the unit. These options are available also on .slice and .socket
          units, permitting flexible access list configuration for individual
          services as well as groups of services (as defined by a slice unit),
          including system-wide. Note that IP ACLs configured this way are
          enforced on every single IPv4 and IPv6 socket created by any process
          of the service unit, and apply to ingress as well as egress traffic.

        * If CPUAccounting= or IPAccounting= is turned on for a unit a new
          structured log message is generated each time the unit is stopped,
          containing information about the consumed resources of this
          invocation.

        * A new setting KeyringMode= has been added to unit files, which may be
          used to control how the kernel keyring is set up for executed
          processes.

        * "systemctl poweroff", "systemctl reboot", "systemctl halt",
          "systemctl kexec" and "systemctl exit" are now always asynchronous in
          behaviour (that is: these commands return immediately after the
          operation was enqueued instead of waiting for the operation to
          complete). Previously, "systemctl poweroff" and "systemctl reboot"
          were asynchronous on systems using systemd-logind (i.e. almost
          always, and like they were on sysvinit), and the other three commands
          were unconditionally synchronous. With this release this is cleaned
          up, and callers will see the same asynchronous behaviour on all
          systems for all five operations.

        * systemd-logind gained new Halt() and CanHalt() bus calls for halting
          the system.

        * .timer units now accept calendar specifications in other timezones
          than UTC or the local timezone.

        * The tmpfiles snippet var.conf has been changed to create
          /var/log/btmp with access mode 0660 instead of 0600. It was owned by
          the "utmp" group already, and it appears to be generally understood
          that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
          databases. Previously this was implemented correctly for all these
          databases excepts btmp, which has been opened up like this now
          too. Note that while the other databases are world-readable
          (i.e. 0644), btmp is not and remains more restrictive.

        * The systemd-resolve tool gained a new --reset-server-features
          switch. When invoked like this systemd-resolved will forget
          everything it learnt about the features supported by the configured
          upstream DNS servers, and restarts the feature probing logic on the
          next resolver look-up for them at the highest feature level
          again.

        * The status dump systemd-resolved sends to the logs upon receiving
          SIGUSR1 now also includes information about all DNS servers it is
          configured to use, and the features levels it probed for them.

        Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
        Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
        Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
        Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
        Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
        Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
        ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
        Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
        Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
        John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
        Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
        Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
        Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
        Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
        Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
        Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
        Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
        Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
        Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
        Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2017-10-06

CHANGES WITH 234:

        * Meson is now supported as build system in addition to Automake. It is
          our plan to remove Automake in one of our next releases, so that
          Meson becomes our exclusive build system. Hence, please start using
          the Meson build system in your downstream packaging. There's plenty
          of documentation around how to use Meson, the extremely brief
          summary:

              ./autogen.sh && ./configure && make && sudo make install

          becomes:

              meson build && ninja -C build && sudo ninja -C build install

        * Unit files gained support for a new JobRunningTimeoutUSec= setting,
          which permits configuring a timeout on the time a job is
          running. This is particularly useful for setting timeouts on jobs for
          .device units.

        * Unit files gained two new options ConditionUser= and ConditionGroup=
          for conditionalizing units based on the identity of the user/group
          running a systemd user instance.

        * systemd-networkd now understands a new FlowLabel= setting in the
          [VXLAN] section of .network files, as well as a Priority= in
          [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
          and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
          gained support for configuration of GENEVE links, and IPv6 address
          labels. The [Network] section gained the new IPv6ProxyNDP= setting.

        * .link files now understand a new Port= setting.

        * systemd-networkd's DHCP support gained support for DHCP option 119
          (domain search list).

        * systemd-networkd gained support for serving IPv6 address ranges using
          the Router Advertisement protocol. The new .network configuration
          section [IPv6Prefix] may be used to configure the ranges to
          serve. This is implemented based on a new, minimal, native server
          implementation of RA.

        * journalctl's --output= switch gained support for a new parameter
          "short-iso-precise" for a mode where timestamps are shown as precise
          ISO date values.

        * systemd-udevd's "net_id" builtin may now generate stable network
          interface names from IBM PowerVM VIO devices as well as ACPI platform
          devices.

        * MulticastDNS support in systemd-resolved may now be explicitly
          enabled/disabled using the new MulticastDNS= configuration file
          option.

        * systemd-resolved may now optionally use libidn2 instead of the libidn
          for processing internationalized domain names. Support for libidn2
          should be considered experimental and should not be enabled by
          default yet.

        * "machinectl pull-tar" and related call may now do verification of
          downloaded images using SUSE-style .sha256 checksum files in addition
          to the already existing support for validating using Ubuntu-style
          SHA256SUMS files.

        * sd-bus gained support for a new sd_bus_message_appendv() call which
          is va_list equivalent of sd_bus_message_append().

        * sd-boot gained support for validating images using SHIM/MOK.

        * The SMACK code learnt support for "onlycap".

        * systemd-mount --umount is now much smarter in figuring out how to
          properly unmount a device given its mount or device path.

        * The code to call libnss_dns as a fallback from libnss_resolve when
          the communication with systemd-resolved fails was removed. This
          fallback was redundant and interfered with the [!UNAVAIL=return]
          suffix. See nss-resolve(8) for the recommended configuration.

        * systemd-logind may now be restarted without losing state. It stores
          the file descriptors for devices it manages in the system manager
          using the FDSTORE= mechanism. Please note that further changes in
          other components may be required to make use of this (for example
          Xorg has code to listen for stops of systemd-logind and terminate
          itself when logind is stopped or restarted, in order to avoid using
          stale file descriptors for graphical devices, which is now
          counterproductive and must be reverted in order for restarts of
          systemd-logind to be safe. See
          https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)

        * All kernel-install plugins are called with the environment variable
          KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
          /etc/machine-id. If the machine ID could not be determined,
          $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
          anything in the entry directory (passed as the second argument) if
          $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a
          temporary directory is passed as the entry directory and removed
          after all the plugins exit.

        * If KERNEL_INSTALL_MACHINE_ID is set in /etc/machine-info, kernel-install
          will now use its value as the machine ID instead of the machine ID
          from /etc/machine-id. If KERNEL_INSTALL_MACHINE_ID isn't set in
          /etc/machine-info and no machine ID is set in /etc/machine-id,
          kernel-install will try to store the current machine ID there as
          KERNEL_INSTALL_MACHINE_ID. If there is no machine ID, kernel-install
          will generate a new UUID, store it in /etc/machine-info as
          KERNEL_INSTALL_MACHINE_ID and use it as the machine ID.

        Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
        Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
        Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
        Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
        Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
        Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
        Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
        Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
        Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
        Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
        hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
        Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
        Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
        Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
        Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
        Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
        Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
        Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
        Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
        Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
        Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
        Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
        Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
        Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
        Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
        H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
        Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
        userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
        Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
        Георгиевски

        — Berlin, 2017-07-12

CHANGES WITH 233:

        * The "hybrid" control group mode has been modified to improve
          compatibility with "legacy" cgroups-v1 setups. Specifically, the
          "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
          "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
          cgroups-v1 hierarchy), the only externally visible change being that
          the cgroups-v2 hierarchy is also mounted, to
          /sys/fs/cgroup/unified. This should provide a large degree of
          compatibility with "legacy" cgroups-v1, while taking benefit of the
          better management capabilities of cgroups-v2.

        * The default control group setup mode may be selected both a boot-time
          via a set of kernel command line parameters (specifically:
          systemd.unified_cgroup_hierarchy= and
          systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
          default selected on the configure command line
          (--with-default-hierarchy=). The upstream default is "hybrid"
          (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
          this will change in a future systemd version to be "unified" (pure
          cgroups-v2 mode). The third option for the compile time option is
          "legacy", to enter pure cgroups-v1 mode. We recommend downstream
          distributions to default to "hybrid" mode for release distributions,
          starting with v233. We recommend "unified" for development
          distributions (specifically: distributions such as Fedora's rawhide)
          as that's where things are headed in the long run. Use "legacy" for
          greatest stability and compatibility only.

        * Note one current limitation of "unified" and "hybrid" control group
          setup modes: the kernel currently does not permit the systemd --user
          instance (i.e. unprivileged code) to migrate processes between two
          disconnected cgroup subtrees, even if both are managed and owned by
          the user. This effectively means "systemd-run --user --scope" doesn't
          work when invoked from outside of any "systemd --user" service or
          scope. Specifically, it is not supported from session scopes. We are
          working on fixing this in a future systemd version. (See #3388 for
          further details about this.)

        * DBus policy files are now installed into /usr rather than /etc. Make
          sure your system has dbus >= 1.9.18 running before upgrading to this
          version, or override the install path with --with-dbuspolicydir= .

        * All python scripts shipped with systemd (specifically: the various
          tests written in Python) now require Python 3.

        * systemd unit tests can now run standalone (without the source or
          build directories), and can be installed into /usr/lib/systemd/tests/
          with 'make install-tests'.

        * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
          CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
          kernel.

        * Support for the %c, %r, %R specifiers in unit files has been
          removed. Specifiers are not supposed to be dependent on configuration
          in the unit file itself (so that they resolve the same regardless
          where used in the unit files), but these specifiers were influenced
          by the Slice= option.

        * The shell invoked by debug-shell.service now defaults to /bin/sh in
          all cases. If distributions want to use a different shell for this
          purpose (for example Fedora's /sbin/sushell) they need to specify
          this explicitly at configure time using --with-debug-shell=.

        * The confirmation spawn prompt has been reworked to offer the
          following choices:

           (c)ontinue, proceed without asking anymore
           (D)ump, show the state of the unit
           (f)ail, don't execute the command and pretend it failed
           (h)elp
           (i)nfo, show a short summary of the unit
           (j)obs, show jobs that are in progress
           (s)kip, don't execute the command and pretend it succeeded
           (y)es, execute the command

          The 'n' choice for the confirmation spawn prompt has been removed,
          because its meaning was confusing.

          The prompt may now also be redirected to an alternative console by
          specifying the console as parameter to systemd.confirm_spawn=.

        * Services of Type=notify require a READY=1 notification to be sent
          during startup. If no such message is sent, the service now fails,
          even if the main process exited with a successful exit code.

        * Services that fail to start up correctly now always have their
          ExecStopPost= commands executed. Previously, they'd enter "failed"
          state directly, without executing these commands.

        * The option MulticastDNS= of network configuration files has acquired
          an actual implementation. With MulticastDNS=yes a host can resolve
          names of remote hosts and reply to mDNS A and AAAA requests.

        * When units are about to be started an additional check is now done to
          ensure that all dependencies of type BindsTo= (when used in
          combination with After=) have been started.

        * systemd-analyze gained a new verb "syscall-filter" which shows which
          system call groups are defined for the SystemCallFilter= unit file
          setting, and which system calls they contain.

        * A new system call filter group "@filesystem" has been added,
          consisting of various file system related system calls. Group
          "@reboot" has been added, covering reboot, kexec and shutdown related
          calls. Finally, group "@swap" has been added covering swap
          configuration related calls.

        * A new unit file option RestrictNamespaces= has been added that may be
          used to restrict access to the various process namespace types the
          Linux kernel provides. Specifically, it may be used to take away the
          right for a service unit to create additional file system, network,
          user, and other namespaces. This sandboxing option is particularly
          relevant due to the high amount of recently discovered namespacing
          related vulnerabilities in the kernel.

        * systemd-udev's .link files gained support for a new AutoNegotiation=
          setting for configuring Ethernet auto-negotiation.

        * systemd-networkd's .network files gained support for a new
          ListenPort= setting in the [DHCP] section to explicitly configure the
          UDP client port the DHCP client shall listen on.

        * .network files gained a new Unmanaged= boolean setting for explicitly
          excluding one or more interfaces from management by systemd-networkd.

        * The systemd-networkd ProxyARP= option has been renamed to
          IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
          renamed to ReduceARPProxy=. The old names continue to be available
          for compatibility.

        * systemd-networkd gained support for configuring IPv6 Proxy NDP
          addresses via the new IPv6ProxyNDPAddress= .network file setting.

        * systemd-networkd's bonding device support gained support for two new
          configuration options ActiveSlave= and PrimarySlave=.

        * The various options in the [Match] section of .network files gained
          support for negative matching.

        * New systemd-specific mount options are now understood in /etc/fstab:

          x-systemd.mount-timeout= may be used to configure the maximum
          permitted runtime of the mount command.

          x-systemd.device-bound may be set to bind a mount point to its
          backing device unit, in order to automatically remove a mount point
          if its backing device is unplugged. This option may also be
          configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
          on the block device, which is now automatically set for all CDROM
          drives, so that mounted CDs are automatically unmounted when they are
          removed from the drive.

          x-systemd.after= and x-systemd.before= may be used to explicitly
          order a mount after or before another unit or mount point.

        * Enqueued start jobs for device units are now automatically garbage
          collected if there are no jobs waiting for them anymore.

        * systemctl list-jobs gained two new switches: with --after, for every
          queued job the jobs it's waiting for are shown; with --before the
          jobs which it's blocking are shown.

        * systemd-nspawn gained support for ephemeral boots from disk images
          (or in other words: --ephemeral and --image= may now be
          combined). Moreover, ephemeral boots are now supported for normal
          directories, even if the backing file system is not btrfs. Of course,
          if the file system does not support file system snapshots or
          reflinks, the initial copy operation will be relatively expensive, but
          this should still be suitable for many use cases.

        * Calendar time specifications in .timer units now support
          specifications relative to the end of a month by using "~" instead of
          "-" as separator between month and day. For example, "*-02~03" means
          "the third last day in February". In addition a new syntax for
          repeated events has been added using the "/" character. For example,
          "9..17/2:00" means "every two hours from 9am to 5pm".

        * systemd-socket-proxyd gained a new parameter --connections-max= for
          configuring the maximum number of concurrent connections.

        * sd-id128 gained a new API for generating unique IDs for the host in a
          way that does not leak the machine ID. Specifically,
          sd_id128_get_machine_app_specific() derives an ID based on the
          machine ID in a well-defined, non-reversible, stable way. This is
          useful whenever an identifier for the host is needed but where the
          identifier shall not be useful to identify the system beyond the
          scope of the application itself. (Internally this uses HMAC-SHA256 as
          keyed hash function using the machine ID as input.)

        * NotifyAccess= gained a new supported value "exec". When set
          notifications are accepted from all processes systemd itself invoked,
          including all control processes.

        * .nspawn files gained support for defining overlay mounts using the
          Overlay= and OverlayReadOnly= options. Previously this functionality
          was only available on the systemd-nspawn command line.

        * systemd-nspawn's --bind= and --overlay= options gained support for
          bind/overlay mounts whose source lies within the container tree by
          prefixing the source path with "+".

        * systemd-nspawn's --bind= and --overlay= options gained support for
          automatically allocating a temporary source directory in /var/tmp
          that is removed when the container dies. Specifically, if the source
          directory is specified as empty string this mechanism is selected. An
          example usage is --overlay=+/var::/var, which creates an overlay
          mount based on the original /var contained in the image, overlaid
          with a temporary directory in the host's /var/tmp. This way changes
          to /var are automatically flushed when the container shuts down.

        * systemd-nspawn --image= option does now permit raw file system block
          devices (in addition to images containing partition tables, as
          before).

        * The disk image dissection logic in systemd-nspawn gained support for
          automatically setting up LUKS encrypted as well as Verity protected
          partitions. When a container is booted from an encrypted image the
          passphrase is queried at start-up time. When a container with Verity
          data is started, the root hash is search in a ".roothash" file
          accompanying the disk image (alternatively, pass the root hash via
          the new --root-hash= command line option).

        * A new tool /usr/lib/systemd/systemd-dissect has been added that may
          be used to dissect disk images the same way as systemd-nspawn does
          it, following the Bootable Partition Specification. It may even be
          used to mount disk images with complex partition setups (including
          LUKS and Verity partitions) to a local host directory, in order to
          inspect them. This tool is not considered public API (yet), and is
          thus not installed into /usr/bin. Please do not rely on its
          existence, since it might go away or be changed in later systemd
          versions.

        * A new generator "systemd-verity-generator" has been added, similar in
          style to "systemd-cryptsetup-generator", permitting automatic setup of
          Verity root partitions when systemd boots up. In order to make use of
          this your partition setup should follow the Discoverable Partitions
          Specification, and the GPT partition ID of the root file system
          partition should be identical to the upper 128-bit of the Verity root
          hash. The GPT partition ID of the Verity partition protecting it
          should be the lower 128-bit of the Verity root hash. If the partition
          image follows this model it is sufficient to specify a single
          "roothash=" kernel command line argument to both configure which root
          image and verity partition to use as well as the root hash for
          it. Note that systemd-nspawn's Verity support follows the same
          semantics, meaning that disk images with proper Verity data in place
          may be booted in containers with systemd-nspawn as well as on
          physical systems via the verity generator. Also note that the "mkosi"
          tool available at https://github.com/systemd/mkosi has been updated
          to generate Verity protected disk images following this scheme. In
          fact, it has been updated to generate disk images that optionally
          implement a complete UEFI SecureBoot trust chain, involving a signed
          kernel and initrd image that incorporates such a root hash as well as
          a Verity-enabled root partition.

        * The hardware database (hwdb) udev supports has been updated to carry
          accelerometer quirks.

        * All system services are now run with a fresh kernel keyring set up
          for them. The invocation ID is stored by default in it, thus
          providing a safe, non-overridable way to determine the invocation
          ID of each service.

        * Service unit files gained new BindPaths= and BindReadOnlyPaths=
          options for bind mounting arbitrary paths in a service-specific
          way. When these options are used, arbitrary host or service files and
          directories may be mounted to arbitrary locations in the service's
          view.

        * Documentation has been added that lists all of systemd's low-level
          environment variables:

          https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md

        * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
          whether a specific socket file descriptor matches a specified socket
          address.

        * systemd-firstboot has been updated to check for the
          systemd.firstboot= kernel command line option. It accepts a boolean
          and when set to false the first boot questions are skipped.

        * systemd-fstab-generator has been updated to check for the
          systemd.volatile= kernel command line option, which either takes an
          optional boolean parameter or the special value "state". If used the
          system may be booted in a "volatile" boot mode. Specifically,
          "systemd.volatile" is used, the root directory will be mounted as
          tmpfs, and only /usr is mounted from the actual root file system. If
          "systemd.volatile=state" is used, the root directory will be mounted
          as usual, but /var is mounted as tmpfs. This concept provides similar
          functionality as systemd-nspawn's --volatile= option, but provides it
          on physical boots. Use this option for implementing stateless
          systems, or testing systems with all state and/or configuration reset
          to the defaults. (Note though that many distributions are not
          prepared to boot up without a populated /etc or /var, though.)

        * systemd-gpt-auto-generator gained support for LUKS encrypted root
          partitions. Previously it only supported LUKS encrypted partitions
          for all other uses, except for the root partition itself.

        * Socket units gained support for listening on AF_VSOCK sockets for
          communication in virtualized QEMU environments.

        * The "configure" script gained a new option --with-fallback-hostname=
          for specifying the fallback hostname to use if none is configured in
          /etc/hostname. For example, by specifying
          --with-fallback-hostname=fedora it is possible to default to a
          hostname of "fedora" on pristine installations.

        * systemd-cgls gained support for a new --unit= switch for listing only
          the control groups of a specific unit. Similar --user-unit= has been
          added for listing only the control groups of a specific user unit.

        * systemd-mount gained a new --umount switch for unmounting a mount or
          automount point (and all mount/automount points below it).

        * systemd will now refuse full configuration reloads (via systemctl
          daemon-reload and related calls) unless at least 16MiB of free space
          are available in /run. This is a safety precaution in order to ensure
          that generators can safely operate after the reload completed.

        * A new unit file option RootImage= has been added, which has a similar
          effect as RootDirectory= but mounts the service's root directory from
          a disk image instead of plain directory. This logic reuses the same
          image dissection and mount logic that systemd-nspawn already uses,
          and hence supports any disk images systemd-nspawn supports, including
          those following the Discoverable Partition Specification, as well as
          Verity enabled images. This option enables systemd to run system
          services directly off disk images acting as resource bundles,
          possibly even including full integrity data.

        * A new MountAPIVFS= unit file option has been added, taking a boolean
          argument. If enabled /proc, /sys and /dev (collectively called the
          "API VFS") will be mounted for the service. This is only relevant if
          RootDirectory= or RootImage= is used for the service, as these mounts
          are of course in place in the host mount namespace anyway.

        * systemd-nspawn gained support for a new --pivot-root= switch. If
          specified the root directory within the container image is pivoted to
          the specified mount point, while the original root disk is moved to a
          different place. This option enables booting of ostree images
          directly with systemd-nspawn.

        * The systemd build scripts will no longer complain if the NTP server
          addresses are not changed from the defaults. Google now supports
          these NTP servers officially. We still recommend downstreams to
          properly register an NTP pool with the NTP pool project though.

        * coredumpctl gained a new "--reverse" option for printing the list
          of coredumps in reverse order.

        * coredumpctl will now show additional information about truncated and
          inaccessible coredumps, as well as coredumps that are still being
          processed. It also gained a new --quiet switch for suppressing
          additional informational message in its output.

        * coredumpctl gained support for only showing coredumps newer and/or
          older than specific timestamps, using the new --since= and --until=
          options, reminiscent of journalctl's options by the same name.

        * The systemd-coredump logic has been improved so that it may be reused
          to collect backtraces in non-compiled languages, for example in
          scripting languages such as Python.

        * machinectl will now show the UID shift of local containers, if user
          namespacing is enabled for them.

        * systemd will now optionally run "environment generator" binaries at
          configuration load time. They may be used to add environment
          variables to the environment block passed to services invoked. One
          user environment generator is shipped by default that sets up
          environment variables based on files dropped into /etc/environment.d
          and ~/.config/environment.d/.

        * systemd-resolved now includes the new, recently published 2017 DNSSEC
          root key (KSK).

        * hostnamed has been updated to report a new chassis type of
          "convertible" to cover "foldable" laptops that can both act as a
          tablet and as a laptop, such as various Lenovo Yoga devices.

        Contributions from: Adrián López, Alexander Galanin, Alexander
        Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
        Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
        Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
        Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
        David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
        Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
        Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
        Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
        Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
        Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
        Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
        Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
        Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
        Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
        Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
        Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
        Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
        Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
        Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
        Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
        Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
        Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
        Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
        Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
        Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
        Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
        YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
        Тихонов

        — Berlin, 2017-03-01

CHANGES WITH 232:

        * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
          RestrictAddressFamilies= enabled. These sandboxing options should
          generally be compatible with the various external udev call-out
          binaries we are aware of, however there may be exceptions, in
          particular when exotic languages for these call-outs are used. In
          this case, consider turning off these settings locally.

        * The new RemoveIPC= option can be used to remove IPC objects owned by
          the user or group of a service when that service exits.

        * The new ProtectKernelModules= option can be used to disable explicit
          load and unload operations of kernel modules by a service. In
          addition access to /usr/lib/modules is removed if this option is set.

        * ProtectSystem= option gained a new value "strict", which causes the
          whole file system tree with the exception of /dev, /proc, and /sys,
          to be remounted read-only for a service.

        * The new ProtectKernelTunables= option can be used to disable
          modification of configuration files in /sys and /proc by a service.
          Various directories and files are remounted read-only, so access is
          restricted even if the file permissions would allow it.

        * The new ProtectControlGroups= option can be used to disable write
          access by a service to /sys/fs/cgroup.

        * Various systemd services have been hardened with
          ProtectKernelTunables=yes, ProtectControlGroups=yes,
          RestrictAddressFamilies=.

        * Support for dynamically creating users for the lifetime of a service
          has been added. If DynamicUser=yes is specified, user and group IDs
          will be allocated from the range 61184…65519 for the lifetime of the
          service. They can be resolved using the new nss-systemd.so NSS
          module. The module must be enabled in /etc/nsswitch.conf. Services
          started in this way have PrivateTmp= and RemoveIPC= enabled, so that
          any resources allocated by the service will be cleaned up when the
          service exits. They also have ProtectHome=read-only and
          ProtectSystem=strict enabled, so they are not able to make any
          permanent modifications to the system.

        * The nss-systemd module also always resolves root and nobody, making
          it possible to have no /etc/passwd or /etc/group files in minimal
          container or chroot environments.

        * Services may be started with their own user namespace using the new
          boolean PrivateUsers= option. Only root, nobody, and the uid/gid
          under which the service is running are mapped. All other users are
          mapped to nobody.

        * Support for the cgroup namespace has been added to systemd-nspawn. If
          supported by kernel, the container system started by systemd-nspawn
          will have its own view of the cgroup hierarchy. This new behaviour
          can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.

        * The new MemorySwapMax= option can be used to limit the maximum swap
          usage under the unified cgroup hierarchy.

        * Support for the CPU controller in the unified cgroup hierarchy has
          been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
          options. This controller requires out-of-tree patches for the kernel
          and the support is provisional.

        * Mount and automount units may now be created transiently
          (i.e. dynamically at runtime via the bus API, instead of requiring
          unit files in the file system).

        * systemd-mount is a new tool which may mount file systems – much like
          mount(8), optionally pulling in additional dependencies through
          transient .mount and .automount units. For example, this tool
          automatically runs fsck on a backing block device before mounting,
          and allows the automount logic to be used dynamically from the
          command line for establishing mount points. This tool is particularly
          useful when dealing with removable media, as it will ensure fsck is
          run – if necessary – before the first access and that the file system
          is quickly unmounted after each access by utilizing the automount
          logic. This maximizes the chance that the file system on the
          removable media stays in a clean state, and if it isn't in a clean
          state is fixed automatically.

        * LazyUnmount=yes option for mount units has been added to expose the
          umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
          option.

        * /efi will be used as the mount point of the EFI boot partition, if
          the directory is present, and the mount point was not configured
          through other means (e.g. fstab). If /efi directory does not exist,
          /boot will be used as before. This makes it easier to automatically
          mount the EFI partition on systems where /boot is used for something
          else.

        * When operating on GPT disk images for containers, systemd-nspawn will
          now mount the ESP to /boot or /efi according to the same rules as PID
          1 running on a host. This allows tools like "bootctl" to operate
          correctly within such containers, in order to make container images
          bootable on physical systems.

        * disk/by-id and disk/by-path symlinks are now created for NVMe drives.

        * Two new user session targets have been added to support running
          graphical sessions under the systemd --user instance:
          graphical-session.target and graphical-session-pre.target. See
          systemd.special(7) for a description of how those targets should be
          used.

        * The vconsole initialization code has been significantly reworked to
          use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
          support unicode keymaps. Font and keymap configuration will now be
          copied to all allocated virtual consoles.

        * FreeBSD's bhyve virtualization is now detected.

        * Information recorded in the journal for core dumps now includes the
          contents of /proc/mountinfo and the command line of the process at
          the top of the process hierarchy (which is usually the init process
          of the container).

        * systemd-journal-gatewayd learned the --directory= option to serve
          files from the specified location.

        * journalctl --root=… can be used to peruse the journal in the
          /var/log/ directories inside of a container tree. This is similar to
          the existing --machine= option, but does not require the container to
          be active.

        * The hardware database has been extended to support
          ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
          trackball devices.

          MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
          specify the click rate for mice which include a horizontal wheel with
          a click rate that is different than the one for the vertical wheel.

        * systemd-run gained a new --wait option that makes service execution
          synchronous. (Specifically, the command will not return until the
          specified service binary exited.)

        * systemctl gained a new --wait option that causes the start command to
          wait until the units being started have terminated again.

        * A new journal output mode "short-full" has been added which displays
          timestamps with abbreviated English day names and adds a timezone
          suffix. Those timestamps include more information than the default
          "short" output mode, and can be passed directly to journalctl's
          --since= and --until= options.

        * /etc/resolv.conf will be bind-mounted into containers started by
          systemd-nspawn, if possible, so any changes to resolv.conf contents
          are automatically propagated to the container.

        * The number of instances for socket-activated services originating
          from a single IP address can be limited with
          MaxConnectionsPerSource=, extending the existing setting of
          MaxConnections=.

        * systemd-networkd gained support for vcan ("Virtual CAN") interface
          configuration.

        * .netdev and .network configuration can now be extended through
          drop-ins.

        * UDP Segmentation Offload, TCP Segmentation Offload, Generic
          Segmentation Offload, Generic Receive Offload, Large Receive Offload
          can be enabled and disabled using the new UDPSegmentationOffload=,
          TCPSegmentationOffload=, GenericSegmentationOffload=,
          GenericReceiveOffload=, LargeReceiveOffload= options in the
          [Link] section of .link files.

        * The Spanning Tree Protocol, Priority, Aging Time, and the Default
          Port VLAN ID can be configured for bridge devices using the new STP=,
          Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
          section of .netdev files.

        * The route table to which routes received over DHCP or RA should be
          added can be configured with the new RouteTable= option in the [DHCP]
          and [IPv6AcceptRA] sections of .network files.

        * The Address Resolution Protocol can be disabled on links managed by
          systemd-networkd using the ARP=no setting in the [Link] section of
          .network files.

        * New environment variables $SERVICE_RESULT, $EXIT_CODE and
          $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
          encode information about the result and exit codes of the current
          service runtime cycle.

        * systemd-sysctl will now configure kernel parameters in the order
          they occur in the configuration files. This matches what sysctl
          has been traditionally doing.

        * kernel-install "plugins" that are executed to perform various
          tasks after a new kernel is added and before an old one is removed
          can now return a special value to terminate the procedure and
          prevent any later plugins from running.

        * Journald's SplitMode=login setting has been deprecated. It has been
          removed from documentation, and its use is discouraged. In a future
          release it will be completely removed, and made equivalent to current
          default of SplitMode=uid.

        * Storage=both option setting in /etc/systemd/coredump.conf has been
          removed. With fast LZ4 compression storing the core dump twice is not
          useful.

        * The --share-system systemd-nspawn option has been replaced with an
          (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
          this functionality is discouraged. In addition the variables
          $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
          $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
          individual namespaces.

        * "machinectl list" now shows the IP address of running containers in
          the output, as well as OS release information.

        * "loginctl list" now shows the TTY of each session in the output.

        * sd-bus gained new API calls sd_bus_track_set_recursive(),
          sd_bus_track_get_recursive(), sd_bus_track_count_name(),
          sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
          tracking objects in a "recursive" mode, where a single client can be
          counted multiple times, if it takes multiple references.

        * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
          sd_bus_get_exit_on_disconnect(). They may be used to make a
          process using sd-bus automatically exit if the bus connection is
          severed.

        * Bus clients of the service manager may now "pin" loaded units into
          memory, by taking an explicit reference on them. This is useful to
          ensure the client can retrieve runtime data about the service even
          after the service completed execution. Taking such a reference is
          available only for privileged clients and should be helpful to watch
          running services in a race-free manner, and in particular collect
          information about exit statuses and results.

        * The nss-resolve module has been changed to strictly return UNAVAIL
          when communication via D-Bus with resolved failed, and NOTFOUND when
          a lookup completed but was negative. This means it is now possible to
          neatly configure fallbacks using nsswitch.conf result checking
          expressions. Taking benefit of this, the new recommended
          configuration line for the "hosts" entry in /etc/nsswitch.conf is:

              hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

        * A new setting CtrlAltDelBurstAction= has been added to
          /etc/systemd/system.conf which may be used to configure the precise
          behaviour if the user on the console presses Ctrl-Alt-Del more often
          than 7 times in 2s. Previously this would unconditionally result in
          an expedited, immediate reboot. With this new setting the precise
          operation may be configured in more detail, and also turned off
          entirely.

        * In .netdev files two new settings RemoteChecksumTx= and
          RemoteChecksumRx= are now understood that permit configuring the
          remote checksumming logic for VXLAN networks.

        * The service manager learnt a new "invocation ID" concept for invoked
          services. Each runtime cycle of a service will get a new invocation
          ID (a 128-bit random UUID) assigned that identifies the current
          run of the service uniquely and globally. A new invocation ID
          is generated each time a service starts up. The journal will store
          the invocation ID of a service along with any logged messages, thus
          making the invocation ID useful for matching the online runtime of a
          service with the offline log data it generated in a safe way without
          relying on synchronized timestamps. In many ways this new service
          invocation ID concept is similar to the kernel's boot ID concept that
          uniquely and globally identifies the runtime of each boot. The
          invocation ID of a service is passed to the service itself via an
          environment variable ($INVOCATION_ID). A new bus call
          GetUnitByInvocationID() has been added that is similar to GetUnit()
          but instead of retrieving the bus path for a unit by its name
          retrieves it by its invocation ID. The returned path is valid only as
          long as the passed invocation ID is current.

        * systemd-resolved gained a new "DNSStubListener" setting in
          resolved.conf. It either takes a boolean value or the special values
          "udp" and "tcp", and configures whether to enable the stub DNS
          listener on 127.0.0.53:53.

        * IP addresses configured via networkd may now carry additional
          configuration settings supported by the kernel. New options include:
          HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
          PrefixRoute=, AutoJoin=.

        * The PAM configuration fragment file for "user@.service" shipped with
          systemd (i.e. the --user instance of systemd) has been stripped to
          the minimum necessary to make the system boot. Previously, it
          contained Fedora-specific stanzas that did not apply to other
          distributions. It is expected that downstream distributions add
          additional configuration lines, matching their needs to this file,
          using it only as rough template of what systemd itself needs. Note
          that this reduced fragment does not even include an invocation of
          pam_limits which most distributions probably want to add, even though
          systemd itself does not need it. (There's also the new build time
          option --with-pamconfdir=no to disable installation of the PAM
          fragment entirely.)

        * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
          capability is now also dropped from its set (in addition to
          CAP_SYS_MKNOD as before).

        * In service unit files it is now possible to connect a specific named
          file descriptor with stdin/stdout/stdout of an executed service. The
          name may be specified in matching .socket units using the
          FileDescriptorName= setting.

        * A number of journal settings may now be configured on the kernel
          command line. Specifically, the following options are now understood:
          systemd.journald.max_level_console=,
          systemd.journald.max_level_store=,
          systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
          systemd.journald.max_level_wall=.

        * "systemctl is-enabled --full" will now show by which symlinks a unit
          file is enabled in the unit dependency tree.

        * Support for VeraCrypt encrypted partitions has been added to the
          "cryptsetup" logic and /etc/crypttab.

        * systemd-detect-virt gained support for a new --private-users switch
          that checks whether the invoking processes are running inside a user
          namespace. Similar, a new special value "private-users" for the
          existing ConditionVirtualization= setting has been added, permitting
          skipping of specific units in user namespace environments.

        Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
        Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
        Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
        Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
        Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
        Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
        Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
        Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
        Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
        Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
        Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
        Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
        Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
        Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
        Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
        Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
        Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
        Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
        Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
        Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
        Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
        Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
        Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
        Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
        E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek, Zeal Jagannatha

        — Santa Fe, 2016-11-03

CHANGES WITH 231:

        * In service units the various ExecXYZ= settings have been extended
          with an additional special character as first argument of the
          assigned value: if the character '+' is used the specified command
          line it will be run with full privileges, regardless of User=,
          Group=, CapabilityBoundingSet= and similar options. The effect is
          similar to the existing PermissionsStartOnly= option, but allows
          configuration of this concept for each executed command line
          independently.

        * Services may now alter the service watchdog timeout at runtime by
          sending a WATCHDOG_USEC= message via sd_notify().

        * MemoryLimit= and related unit settings now optionally take percentage
          specifications. The percentage is taken relative to the amount of
          physical memory in the system (or in case of containers, the assigned
          amount of memory). This allows scaling service resources neatly with
          the amount of RAM available on the system. Similarly, systemd-logind's
          RuntimeDirectorySize= option now also optionally takes percentage
          values.

        * In similar fashion TasksMax= takes percentage values now, too. The
          value is taken relative to the configured maximum number of processes
          on the system. The per-service task maximum has been changed to 15%
          using this functionality. (Effectively this is an increase of 512 →
          4915 for service units, given the kernel's default pid_max setting.)

        * Calendar time specifications in .timer units now understand a ".."
          syntax for time ranges. Example: "4..7:10" may now be used for
          defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
          7:10am every day.

        * The InaccessableDirectories=, ReadOnlyDirectories= and
          ReadWriteDirectories= unit file settings have been renamed to
          InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
          applied to all kinds of file nodes, and not just directories, with
          the exception of symlinks. Specifically these settings may now be
          used on block and character device nodes, UNIX sockets and FIFOS as
          well as regular files. The old names of these settings remain
          available for compatibility.

        * systemd will now log about all service processes it kills forcibly
          (using SIGKILL) because they remained after the clean shutdown phase
          of the service completed. This should help identifying services that
          shut down uncleanly. Moreover if KillUserProcesses= is enabled in
          systemd-logind's configuration a similar log message is generated for
          processes killed at the end of each session due to this setting.

        * systemd will now set the $JOURNAL_STREAM environment variable for all
          services whose stdout/stderr are connected to the Journal (which
          effectively means by default: all services). The variable contains
          the device and inode number of the file descriptor used for
          stdout/stderr. This may be used by invoked programs to detect whether
          their stdout/stderr is connected to the Journal, in which case they
          can switch over to direct Journal communication, thus being able to
          pass extended, structured metadata along with their log messages. As
          one example, this is now used by glib's logging primitives.

        * When using systemd's default tmp.mount unit for /tmp, the mount point
          will now be established with the "nosuid" and "nodev" options. This
          avoids privilege escalation attacks that put traps and exploits into
          /tmp. However, this might cause problems if you e.g. put container
          images or overlays into /tmp; if you need this, override tmp.mount's
          "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
          desired options.

        * systemd now supports the "memory" cgroup controller also on
          cgroup v2.

        * The systemd-cgtop tool now optionally takes a control group path as
          command line argument. If specified, the control group list shown is
          limited to subgroups of that group.

        * The SystemCallFilter= unit file setting gained support for
          pre-defined, named system call filter sets. For example
          SystemCallFilter=@clock is now an effective way to make all clock
          changing-related system calls unavailable to a service. A number of
          similar pre-defined groups are defined. Writing system call filters
          for system services is simplified substantially with this new
          concept. Accordingly, all of systemd's own, long-running services now
          enable system call filtering based on this, by default.

        * A new service setting MemoryDenyWriteExecute= has been added, taking
          a boolean value. If turned on, a service may no longer create memory
          mappings that are writable and executable at the same time. This
          enhances security for services where this is enabled as it becomes
          harder to dynamically write and then execute memory in exploited
          service processes. This option has been enabled for all of systemd's
          own long-running services.

        * A new RestrictRealtime= service setting has been added, taking a
          boolean argument. If set the service's processes may no longer
          acquire realtime scheduling. This improves security as realtime
          scheduling may otherwise be used to easily freeze the system.

        * systemd-nspawn gained a new switch --notify-ready= taking a boolean
          value. This may be used for requesting that the system manager inside
          of the container reports start-up completion to nspawn which then
          propagates this notification further to the service manager
          supervising nspawn itself. A related option NotifyReady= in .nspawn
          files has been added too. This functionality allows ordering of the
          start-up of multiple containers using the usual systemd ordering
          primitives.

        * machinectl gained a new command "stop" that is an alias for
          "terminate".

        * systemd-resolved gained support for contacting DNS servers on
          link-local IPv6 addresses.

        * If systemd-resolved receives the SIGUSR2 signal it will now flush all
          its caches. A method call for requesting the same operation has been
          added to the bus API too, and is made available via "systemd-resolve
          --flush-caches".

        * systemd-resolve gained a new --status switch. If passed a brief
          summary of the used DNS configuration with per-interface information
          is shown.

        * resolved.conf gained a new Cache= boolean option, defaulting to
          on. If turned off local DNS caching is disabled. This comes with a
          performance penalty in particular when DNSSEC is enabled. Note that
          resolved disables its internal caching implicitly anyway, when the
          configured DNS server is on a host-local IP address such as ::1 or
          127.0.0.1, thus automatically avoiding double local caching.

        * systemd-resolved now listens on the local IP address 127.0.0.53:53
          for DNS requests. This improves compatibility with local programs
          that do not use the libc NSS or systemd-resolved's bus APIs for name
          resolution. This minimal DNS service is only available to local
          programs and does not implement the full DNS protocol, but enough to
          cover local DNS clients. A new, static resolv.conf file, listing just
          this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
          now recommended to make /etc/resolv.conf a symlink to this file in
          order to route all DNS lookups to systemd-resolved, regardless if
          done via NSS, the bus API or raw DNS packets. Note that this local
          DNS service is not as fully featured as the libc NSS or
          systemd-resolved's bus APIs. For example, as unicast DNS cannot be
          used to deliver link-local address information (as this implies
          sending a local interface index along), LLMNR/mDNS support via this
          interface is severely restricted. It is thus strongly recommended for
          all applications to use the libc NSS API or native systemd-resolved
          bus API instead.

        * systemd-networkd's bridge support learned a new setting
          VLANFiltering= for controlling VLAN filtering. Moreover a new section
          in .network files has been added for configuring VLAN bridging in
          more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].

        * systemd-networkd's IPv6 Router Advertisement code now makes use of
          the DNSSL and RDNSS options. This means IPv6 DNS configuration may
          now be acquired without relying on DHCPv6. Two new options
          UseDomains= and UseDNS= have been added to configure this behaviour.

        * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
          renamed IPv6AcceptRA=, without altering its behaviour. The old
          setting name remains available for compatibility reasons.

        * The systemd-networkd VTI/VTI6 tunneling support gained new options
          Key=, InputKey= and OutputKey=.

        * systemd-networkd gained support for VRF ("Virtual Routing Function")
          interface configuration.

        * "systemctl edit" may now be used to create new unit files by
          specifying the --force switch.

        * sd-event gained a new function sd_event_get_iteration() for
          requesting the current iteration counter of the event loop. It starts
          at zero and is increased by one with each event loop iteration.

        * A new rpm macro %systemd_ordering is provided by the macros.systemd
          file. It can be used in lieu of %systemd_requires in packages which
          don't use any systemd functionality and are intended to be installed
          in minimal containers without systemd present. This macro provides
          ordering dependencies to ensure that if the package is installed in
          the same rpm transaction as systemd, systemd will be installed before
          the scriptlets for the package are executed, allowing unit presets
          to be handled.

          New macros %_systemdgeneratordir and %_systemdusergeneratordir have
          been added to simplify packaging of generators.

        * The os-release file gained VERSION_CODENAME field for the
          distribution nickname (e.g. VERSION_CODENAME=woody).

        * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
          can be set to disable parsing of metadata and the creation
          of persistent symlinks for that device.

        * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
          to make them available to logged-in users has been reverted.

        * Much of the common code of the various systemd components is now
          built into an internal shared library libsystemd-shared-231.so
          (incorporating the systemd version number in the name, to be updated
          with future releases) that the components link to. This should
          decrease systemd footprint both in memory during runtime and on
          disk. Note that the shared library is not for public use, and is
          neither API nor ABI stable, but is likely to change with every new
          released update. Packagers need to make sure that binaries
          linking to libsystemd-shared.so are updated in step with the
          library.

        * Configuration for "mkosi" is now part of the systemd
          repository. mkosi is a tool to easily build legacy-free OS images,
          and is available on github: https://github.com/systemd/mkosi. If
          "mkosi" is invoked in the build tree a new raw OS image is generated
          incorporating the systemd sources currently being worked on and a
          clean, fresh distribution installation. The generated OS image may be
          booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
          UEFI PC. This functionality is particularly useful to easily test
          local changes made to systemd in a pristine, defined environment. See
          doc/HACKING for details.

        * configure learned the --with-support-url= option to specify the
          distribution's bugtracker.

        Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
        Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
        Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
        Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
        Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
        Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
        Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
        Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
        Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
        Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
        Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
        Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
        Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
        Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
        Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
        Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
        Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
        Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
        WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2016-07-25

CHANGES WITH 230:

        * DNSSEC is now turned on by default in systemd-resolved (in
          "allow-downgrade" mode), but may be turned off during compile time by
          passing "--with-default-dnssec=no" to "configure" (and of course,
          during runtime with DNSSEC= in resolved.conf). We recommend
          downstreams to leave this on at least during development cycles and
          report any issues with the DNSSEC logic upstream. We are very
          interested in collecting feedback about the DNSSEC validator and its
          limitations in the wild. Note however, that DNSSEC support is
          probably nothing downstreams should turn on in stable distros just
          yet, as it might create incompatibilities with a few DNS servers and
          networks. We tried hard to make sure we downgrade to non-DNSSEC mode
          automatically whenever we detect such incompatible setups, but there
          might be systems we do not cover yet. Hence: please help us testing
          the DNSSEC code, leave this on where you can, report back, but then
          again don't consider turning this on in your stable, LTS or
          production release just yet. (Note that you have to enable
          nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
          and its DNSSEC mode for hostname resolution from local
          applications.)

        * systemd-resolve conveniently resolves DANE records with the --tlsa
          option and OPENPGPKEY records with the --openpgp option. It also
          supports dumping raw DNS record data via the new --raw= switch.

        * systemd-logind will now by default terminate user processes that are
          part of the user session scope unit (session-XX.scope) when the user
          logs out. This behavior is controlled by the KillUserProcesses=
          setting in logind.conf, and the previous default of "no" is now
          changed to "yes". This means that user sessions will be properly
          cleaned up after, but additional steps are necessary to allow
          intentionally long-running processes to survive logout.

          While the user is logged in at least once, user@.service is running,
          and any service that should survive the end of any individual login
          session can be started at a user service or scope using systemd-run.
          systemd-run(1) man page has been extended with an example which shows
          how to run screen in a scope unit underneath user@.service. The same
          command works for tmux.

          After the user logs out of all sessions, user@.service will be
          terminated too, by default, unless the user has "lingering" enabled.
          To effectively allow users to run long-term tasks even if they are
          logged out, lingering must be enabled for them. See loginctl(1) for
          details. The default polkit policy was modified to allow users to
          set lingering for themselves without authentication.

          Previous defaults can be restored at compile time by the
          --without-kill-user-processes option to "configure".

        * systemd-logind gained new configuration settings SessionsMax= and
          InhibitorsMax=, both with a default of 8192. It will not register new
          user sessions or inhibitors above this limit.

        * systemd-logind will now reload configuration on SIGHUP.

        * The unified cgroup hierarchy added in Linux 4.5 is now supported.
          Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
          enable. Also, support for the "io" cgroup controller in the unified
          hierarchy has been added, so that the "memory", "pids" and "io" are
          now the controllers that are supported on the unified hierarchy.

          WARNING: it is not possible to use previous systemd versions with
          systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
          is necessary to also update systemd in the initramfs if using the
          unified hierarchy. An updated SELinux policy is also required.

        * LLDP support has been extended, and both passive (receive-only) and
          active (sender) modes are supported. Passive mode ("routers-only") is
          enabled by default in systemd-networkd. Active LLDP mode is enabled
          by default for containers on the internal network. The "networkctl
          lldp" command may be used to list information gathered. "networkctl
          status" will also show basic LLDP information on connected peers now.

        * The IAID and DUID unique identifier sent in DHCP requests may now be
          configured for the system and each .network file managed by
          systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.

        * systemd-networkd gained support for configuring proxy ARP support for
          each interface, via the ProxyArp= setting in .network files. It also
          gained support for configuring the multicast querier feature of
          bridge devices, via the new MulticastQuerier= setting in .netdev
          files. Similarly, snooping on the IGMP traffic can be controlled
          via the new setting MulticastSnooping=.

          A new setting PreferredLifetime= has been added for addresses
          configured in .network file to configure the lifetime intended for an
          address.

          The systemd-networkd DHCP server gained the option EmitRouter=, which
          defaults to yes, to configure whether the DHCP Option 3 (Router)
          should be emitted.

        * The testing tool /usr/lib/systemd/systemd-activate is renamed to
          systemd-socket-activate and installed into /usr/bin. It is now fully
          supported.

        * systemd-journald now uses separate threads to flush changes to disk
          when closing journal files, thus reducing impact of slow disk I/O on
          logging performance.

        * The sd-journal API gained two new calls
          sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
          can be used to open journal files using file descriptors instead of
          file or directory paths. sd_journal_open_container() has been
          deprecated, sd_journal_open_directory_fd() should be used instead
          with the flag SD_JOURNAL_OS_ROOT.

        * journalctl learned a new output mode "-o short-unix" that outputs log
          lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
          UTC). It also gained support for a new --no-hostname setting to
          suppress the hostname column in the family of "short" output modes.

        * systemd-ask-password now optionally skips printing of the password to
          stdout with --no-output which can be useful in scripts.

        * Framebuffer devices (/dev/fb*) and 3D printers and scanners
          (devices tagged with ID_MAKER_TOOL) are now tagged with
          "uaccess" and are available to logged in users.

        * The DeviceAllow= unit setting now supports specifiers (with "%").

        * "systemctl show" gained a new --value switch, which allows print a
          only the contents of a specific unit property, without also printing
          the property's name. Similar support was added to "show*" verbs
          of loginctl and machinectl that output "key=value" lists.

        * A new unit type "generated" was added for files dynamically generated
          by generator tools. Similarly, a new unit type "transient" is used
          for unit files created using the runtime API. "systemctl enable" will
          refuse to operate on such files.

        * A new command "systemctl revert" has been added that may be used to
          revert to the vendor version of a unit file, in case local changes
          have been made by adding drop-ins or overriding the unit file.

        * "machinectl clean" gained a new verb to automatically remove all or
          just hidden container images.

        * systemd-tmpfiles gained support for a new line type "e" for emptying
          directories, if they exist, without creating them if they don't.

        * systemd-nspawn gained support for automatically patching the UID/GIDs
          of the owners and the ACLs of all files and directories in a
          container tree to match the UID/GID user namespacing range selected
          for the container invocation. This mode is enabled via the new
          --private-users-chown switch. It also gained support for
          automatically choosing a free, previously unused UID/GID range when
          starting a container, via the new --private-users=pick setting (which
          implies --private-users-chown). Together, these options for the first
          time make user namespacing for nspawn containers fully automatic and
          thus deployable. The systemd-nspawn@.service template unit file has
          been changed to use this functionality by default.

        * systemd-nspawn gained a new --network-zone= switch, that allows
          creating ad-hoc virtual Ethernet links between multiple containers,
          that only exist as long as at least one container referencing them is
          running. This allows easy connecting of multiple containers with a
          common link that implements an Ethernet broadcast domain. Each of
          these network "zones" may be named relatively freely by the user, and
          may be referenced by any number of containers, but each container may
          only reference one of these "zones". On the lower level, this is
          implemented by an automatically managed bridge network interface for
          each zone, that is created when the first container referencing its
          zone is created and removed when the last one referencing its zone
          terminates.

        * The default start timeout may now be configured on the kernel command
          line via systemd.default_timeout_start_sec=. It was already
          configurable via the DefaultTimeoutStartSec= option in
          /etc/systemd/system.conf.

        * Socket units gained a new TriggerLimitIntervalSec= and
          TriggerLimitBurst= setting to configure a limit on the activation
          rate of the socket unit.

        * The LimitNICE= setting now optionally takes normal UNIX nice values
          in addition to the raw integer limit value. If the specified
          parameter is prefixed with "+" or "-" and is in the range -20…19 the
          value is understood as UNIX nice value. If not prefixed like this it
          is understood as raw RLIMIT_NICE limit.

        * Note that the effect of the PrivateDevices= unit file setting changed
          slightly with this release: the per-device /dev file system will be
          mounted read-only from this version on, and will have "noexec"
          set. This (minor) change of behavior might cause some (exceptional)
          legacy software to break, when PrivateDevices=yes is set for its
          service. Please leave PrivateDevices= off if you run into problems
          with this.

        * systemd-bootchart has been split out to a separate repository:
          https://github.com/systemd/systemd-bootchart

        * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
          merged into the kernel in its current form.

        * The compatibility libraries libsystemd-daemon.so,
          libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
          which have been deprecated since systemd-209 have been removed along
          with the corresponding pkg-config files. All symbols provided by
          those libraries are provided by libsystemd.so.

        * The Capabilities= unit file setting has been removed (it is ignored
          for backwards compatibility). AmbientCapabilities= and
          CapabilityBoundingSet= should be used instead.

        * A new special target has been added, initrd-root-device.target,
          which creates a synchronization point for dependencies of the root
          device in early userspace. Initramfs builders must ensure that this
          target is now included in early userspace.

        Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
        Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
        Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
        Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
        Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
        R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
        Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
        Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
        Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
        Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
        John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
        Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
        Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
        Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
        Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
        mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
        Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
        Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
        Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
        Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
        Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
        Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
        Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
        Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
        Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek

        — Fairfax, 2016-05-21

CHANGES WITH 229:

        * The systemd-resolved DNS resolver service has gained a substantial
          set of new features, most prominently it may now act as a DNSSEC
          validating stub resolver. DNSSEC mode is currently turned off by
          default, but is expected to be turned on by default in one of the
          next releases. For now, we invite everybody to test the DNSSEC logic
          by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
          service also gained a full set of D-Bus interfaces, including calls
          to configure DNS and DNSSEC settings per link (for use by external
          network management software). systemd-resolved and systemd-networkd
          now distinguish between "search" and "routing" domains. The former
          are used to qualify single-label names, the latter are used purely
          for routing lookups within certain domains to specific links.
          resolved now also synthesizes RRs for all entries from /etc/hosts.

        * The systemd-resolve tool (which is a client utility for
          systemd-resolved) has been improved considerably and is now fully
          supported and documented. Hence it has moved from /usr/lib/systemd to
          /usr/bin.

        * /dev/disk/by-path/ symlink support has been (re-)added for virtio
          devices.

        * The coredump collection logic has been reworked: when a coredump is
          collected it is now written to disk, compressed and processed
          (including stacktrace extraction) from a new instantiated service
          systemd-coredump@.service, instead of directly from the
          /proc/sys/kernel/core_pattern hook we provide. This is beneficial as
          processing large coredumps can take up a substantial amount of
          resources and time, and this previously happened entirely outside of
          systemd's service supervision. With the new logic the core_pattern
          hook only does minimal metadata collection before passing off control
          to the new instantiated service, which is configured with a time
          limit, a nice level and other settings to minimize negative impact on
          the rest of the system. Also note that the new logic will honour the
          RLIMIT_CORE setting of the crashed process, which now allows users
          and processes to turn off coredumping for their processes by setting
          this limit.

        * The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
          and all forked processes by default. Previously, PID 1 would leave
          the setting at "0" for all processes, as set by the kernel. Note that
          the resource limit traditionally has no effect on the generated
          coredumps on the system if the /proc/sys/kernel/core_pattern hook
          logic is used. Since the limit is now honoured (see above) its
          default has been changed so that the coredumping logic is enabled by
          default for all processes, while allowing specific opt-out.

        * When the stacktrace is extracted from processes of system users, this
          is now done as "systemd-coredump" user, in order to sandbox this
          potentially security sensitive parsing operation. (Note that when
          processing coredumps of normal users this is done under the user ID
          of process that crashed, as before.) Packagers should take notice
          that it is now necessary to create the "systemd-coredump" system user
          and group at package installation time.

        * The systemd-activate socket activation testing tool gained support
          for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
          and --seqpacket switches. It also has been extended to support both
          new-style and inetd-style file descriptor passing. Use the new
          --inetd switch to request inetd-style file descriptor passing.

        * Most systemd tools now honor a new $SYSTEMD_COLORS environment
          variable, which takes a boolean value. If set to false, ANSI color
          output is disabled in the tools even when run on a terminal that
          supports it.

        * The VXLAN support in networkd now supports two new settings
          DestinationPort= and PortRange=.

        * A new systemd.machine_id= kernel command line switch has been added,
          that may be used to set the machine ID in /etc/machine-id if it is
          not initialized yet. This command line option has no effect if the
          file is already initialized.

        * systemd-nspawn gained a new --as-pid2 switch that invokes any
          specified command line as PID 2 rather than PID 1 in the
          container. In this mode PID 1 is a minimal stub init process that
          implements the special POSIX and Linux semantics of PID 1 regarding
          signal and child process management. Note that this stub init process
          is implemented in nspawn itself and requires no support from the
          container image. This new logic is useful to support running
          arbitrary commands in the container, as normal processes are
          generally not prepared to run as PID 1.

        * systemd-nspawn gained a new --chdir= switch for setting the current
          working directory for the process started in the container.

        * "journalctl /dev/sda" will now output all kernel log messages for
          specified device from the current boot, in addition to all devices
          that are parents of it. This should make log output about devices
          pretty useful, as long as kernel drivers attach enough metadata to
          the log messages. (The usual SATA drivers do.)

        * The sd-journal API gained two new calls
          sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
          that report whether log data from /run or /var has been found.

        * journalctl gained a new switch "--fields" that prints all journal
          record field names currently in use in the journal. This is backed
          by two new sd-journal API calls sd_journal_enumerate_fields() and
          sd_journal_restart_fields().

        * Most configurable timeouts in systemd now expect an argument of
          "infinity" to turn them off, instead of "0" as before. The semantics
          from now on is that a timeout of "0" means "now", and "infinity"
          means "never". To maintain backwards compatibility, "0" continues to
          turn off previously existing timeout settings.

        * "systemctl reload-or-try-restart" has been renamed to "systemctl
          try-reload-or-restart" to clarify what it actually does: the "try"
          logic applies to both reloading and restarting, not just restarting.
          The old name continues to be accepted for compatibility.

        * On boot-up, when PID 1 detects that the system clock is behind the
          release date of the systemd version in use, the clock is now set
          to the latter. Previously, this was already done in timesyncd, in order
          to avoid running with clocks set to the various clock epochs such as
          1902, 1938 or 1970. With this change the logic is now done in PID 1
          in addition to timesyncd during early boot-up, so that it is enforced
          before the first process is spawned by systemd. Note that the logic
          in timesyncd remains, as it is more comprehensive and ensures
          clock monotonicity by maintaining a persistent timestamp file in
          /var. Since /var is generally not available in earliest boot or the
          initrd, this part of the logic remains in timesyncd, and is not done
          by PID 1.

        * Support for tweaking details in net_cls.class_id through the
          NetClass= configuration directive has been removed, as the kernel
          people have decided to deprecate that controller in cgroup v2.
          Userspace tools such as nftables are moving over to setting rules
          that are specific to the full cgroup path of a task, which obsoletes
          these controllers anyway. The NetClass= directive is kept around for
          legacy compatibility reasons. For a more in-depth description of the
          kernel change, please refer to the respective upstream commit:

            https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671

        * A new service setting RuntimeMaxSec= has been added that may be used
          to specify a maximum runtime for a service. If the timeout is hit, the
          service is terminated and put into a failure state.

        * A new service setting AmbientCapabilities= has been added. It allows
          configuration of additional Linux process capabilities that are
          passed to the activated processes. This is only available on very
          recent kernels.

        * The process resource limit settings in service units may now be used
          to configure hard and soft limits individually.

        * The various libsystemd APIs such as sd-bus or sd-event now publicly
          expose support for gcc's __attribute__((cleanup())) C extension.
          Specifically, for many object destructor functions alternative
          versions have been added that have names suffixed with "p" and take a
          pointer to a pointer to the object to destroy, instead of just a
          pointer to the object itself. This is useful because these destructor
          functions may be used directly as parameters to the cleanup
          construct. Internally, systemd has been a heavy user of this GCC
          extension for a long time, and with this change similar support is
          now available to consumers of the library outside of systemd. Note
          that by using this extension in your sources compatibility with old
          and strictly ANSI compatible C compilers is lost. However, all gcc or
          LLVM versions of recent years support this extension.

        * Timer units gained support for a new setting RandomizedDelaySec= that
          allows configuring some additional randomized delay to the configured
          time. This is useful to spread out timer events to avoid load peaks in
          clusters or larger setups.

        * Calendar time specifications now support sub-second accuracy.

        * Socket units now support listening on SCTP and UDP-lite protocol
          sockets.

        * The sd-event API now comes with a full set of man pages.

        * Older versions of systemd contained experimental support for
          compressing journal files and coredumps with the LZ4 compressor that
          was not compatible with the lz4 binary (due to API limitations of the
          lz4 library). This support has been removed; only support for files
          compatible with the lz4 binary remains. This LZ4 logic is now
          officially supported and no longer considered experimental.

        * The dkr image import logic has been removed again from importd. dkr's
          micro-services focus doesn't fit into the machine image focus of
          importd, and quickly got out of date with the upstream dkr API.

        * Creation of the /run/lock/lockdev/ directory was dropped from
          tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
          been available for many years. If you still need this, you need to
          create your own tmpfiles.d config file with:

                  d /run/lock/lockdev 0775 root lock -

        * The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
          and RebootArgument= have been moved from the [Service] section of
          unit files to [Unit], and they are now supported on all unit types,
          not just service units. Of course, systemd will continue to
          understand these settings also at the old location, in order to
          maintain compatibility.

        Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
        Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
        Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
        Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
        Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
        David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
        Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
        Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
        Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
        Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
        Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
        lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
        Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
        Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
        Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
        Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
        Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
        Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
        Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2016-02-11

CHANGES WITH 228:

        * A number of properties previously only settable in unit
          files are now also available as properties to set when
          creating transient units programmatically via the bus, as it
          is exposed with systemd-run's --property=
          setting. Specifically, these are: SyslogIdentifier=,
          SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
          EnvironmentFile=, ReadWriteDirectories=,
          ReadOnlyDirectories=, InaccessibleDirectories=,
          ProtectSystem=, ProtectHome=, RuntimeDirectory=.

        * When creating transient services via the bus API it is now
          possible to pass in a set of file descriptors to use as
          STDIN/STDOUT/STDERR for the invoked process.

        * Slice units may now be created transiently via the bus APIs,
          similar to the way service and scope units may already be
          created transiently.

        * Wherever systemd expects a calendar timestamp specification
          (like in journalctl's --since= and --until= switches) UTC
          timestamps are now supported. Timestamps suffixed with "UTC"
          are now considered to be in Universal Time Coordinated
          instead of the local timezone. Also, timestamps may now
          optionally be specified with sub-second accuracy. Both of
          these additions also apply to recurring calendar event
          specification, such as OnCalendar= in timer units.

        * journalctl gained a new "--sync" switch that asks the
          journal daemon to write all so far unwritten log messages to
          disk and sync the files, before returning.

        * systemd-tmpfiles learned two new line types "q" and "Q" that
          operate like "v", but also set up a basic btrfs quota
          hierarchy when used on a btrfs file system with quota
          enabled.

        * tmpfiles' "v", "q" and "Q" will now create a plain directory
          instead of a subvolume (even on a btrfs file system) if the
          root directory is a plain directory, and not a
          subvolume. This should simplify things with certain chroot()
          environments which are not aware of the concept of btrfs
          subvolumes.

        * systemd-detect-virt gained a new --chroot switch to detect
          whether execution takes place in a chroot() environment.

        * CPUAffinity= now takes CPU index ranges in addition to
          individual indexes.

        * The various memory-related resource limit settings (such as
          LimitAS=) now understand the usual K, M, G, … suffixes to
          the base of 1024 (IEC). Similar, the time-related resource
          limit settings understand the usual min, h, day, … suffixes
          now.

        * There's a new system.conf setting DefaultTasksMax= to
          control the default TasksMax= setting for services and
          scopes running on the system. (TasksMax= is the primary
          setting that exposes the "pids" cgroup controller on systemd
          and was introduced in the previous systemd release.) The
          setting now defaults to 512, which means services that are
          not explicitly configured otherwise will only be able to
          create 512 processes or threads at maximum, from this
          version on. Note that this means that thread- or
          process-heavy services might need to be reconfigured to set
          TasksMax= to a higher value. It is sufficient to set
          TasksMax= in these specific unit files to a higher value, or
          even "infinity". Similar, there's now a logind.conf setting
          UserTasksMax= that defaults to 4096 and limits the total
          number of processes or tasks each user may own
          concurrently. nspawn containers also have the TasksMax=
          value set by default now, to 8192. Note that all of this
          only has an effect if the "pids" cgroup controller is
          enabled in the kernel. The general benefit of these changes
          should be a more robust and safer system, that provides a
          certain amount of per-service fork() bomb protection.

        * systemd-nspawn gained the new --network-veth-extra= switch
          to define additional and arbitrarily-named virtual Ethernet
          links between the host and the container.

        * A new service execution setting PassEnvironment= has been
          added that allows importing select environment variables
          from PID1's environment block into the environment block of
          the service.

        * Timer units gained support for a new RemainAfterElapse=
          setting which takes a boolean argument. It defaults to on,
          exposing behaviour unchanged to previous releases. If set to
          off, timer units are unloaded after they elapsed if they
          cannot elapse again. This is particularly useful for
          transient timer units, which shall not stay around longer
          than until they first elapse.

        * systemd will now bump the net.unix.max_dgram_qlen to 512 by
          default now (the kernel default is 16). This is beneficial
          for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
          allows substantially larger numbers of queued
          datagrams. This should increase the capability of systemd to
          parallelize boot-up, as logging and sd_notify() are unlikely
          to stall execution anymore. If you need to change the value
          from the new defaults, use the usual sysctl.d/ snippets.

        * The compression framing format used by the journal or
          coredump processing has changed to be in line with what the
          official LZ4 tools generate. LZ4 compression support in
          systemd was considered unsupported previously, as the format
          was not compatible with the normal tools. With this release
          this has changed now, and it is hence safe for downstream
          distributions to turn it on. While not compressing as well
          as the XZ, LZ4 is substantially faster, which makes
          it a good default choice for the compression logic in the
          journal and in coredump handling.

        * Any reference to /etc/mtab has been dropped from
          systemd. The file has been obsolete since a while, but
          systemd refused to work on systems where it was incorrectly
          set up (it should be a symlink or non-existent). Please make
          sure to update to util-linux 2.27.1 or newer in conjunction
          with this systemd release, which also drops any reference to
          /etc/mtab. If you maintain a distribution make sure that no
          software you package still references it, as this is a
          likely source of bugs. There's also a glibc bug pending,
          asking for removal of any reference to this obsolete file:

          https://sourceware.org/bugzilla/show_bug.cgi?id=19108

          Note that only util-linux versions built with
          --enable-libmount-force-mountinfo are supported.

        * Support for the ".snapshot" unit type has been removed. This
          feature turned out to be little useful and little used, and
          has now been removed from the core and from systemctl.

        * The dependency types RequiresOverridable= and
          RequisiteOverridable= have been removed from systemd. They
          have been used only very sparingly to our knowledge and
          other options that provide a similar effect (such as
          systemctl --mode=ignore-dependencies) are much more useful
          and commonly used. Moreover, they were only half-way
          implemented as the option to control behaviour regarding
          these dependencies was never added to systemctl. By removing
          these dependency types the execution engine becomes a bit
          simpler. Unit files that use these dependencies should be
          changed to use the non-Overridable dependency types
          instead. In fact, when parsing unit files with these
          options, that's what systemd will automatically convert them
          too, but it will also warn, asking users to fix the unit
          files accordingly. Removal of these dependency types should
          only affect a negligible number of unit files in the wild.

        * Behaviour of networkd's IPForward= option changed
          (again). It will no longer maintain a per-interface setting,
          but propagate one way from interfaces where this is enabled
          to the global kernel setting. The global setting will be
          enabled when requested by a network that is set up, but
          never be disabled again. This change was made to make sure
          IPv4 and IPv6 behaviour regarding packet forwarding is
          similar (as the Linux IPv6 stack does not support
          per-interface control of this setting) and to minimize
          surprises.

        * In unit files the behaviour of %u, %U, %h, %s has
          changed. These specifiers will now unconditionally resolve
          to the various user database fields of the user that the
          systemd instance is running as, instead of the user
          configured in the specific unit via User=. Note that this
          effectively doesn't change much, as resolving of these
          specifiers was already turned off in the --system instance
          of systemd, as we cannot do NSS lookups from PID 1. In the
          --user instance of systemd these specifiers where correctly
          resolved, but hardly made any sense, since the user instance
          lacks privileges to do user switches anyway, and User= is
          hence useless. Moreover, even in the --user instance of
          systemd behaviour was awkward as it would only take settings
          from User= assignment placed before the specifier into
          account. In order to unify and simplify the logic around
          this the specifiers will now always resolve to the
          credentials of the user invoking the manager (which in case
          of PID 1 is the root user).

        Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
        Yang, Daniel Machon, Daniel Mack, David Herrmann, David
        Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
        Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
        Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
        Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
        Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
        Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
        Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
        Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
        Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
        Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
        Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
        Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
        Jędrzejewski-Szmek

        — Berlin, 2015-11-18

CHANGES WITH 227:

        * systemd now depends on util-linux v2.27. More specifically,
          the newly added mount monitor feature in libmount now
          replaces systemd's former own implementation.

        * libmount mandates /etc/mtab not to be regular file, and
          systemd now enforces this condition at early boot.
          /etc/mtab has been deprecated and warned about for a very
          long time, so systems running systemd should already have
          stopped having this file around as anything else than a
          symlink to /proc/self/mounts.

        * Support for the "pids" cgroup controller has been added. It
          allows accounting the number of tasks in a cgroup and
          enforcing limits on it. This adds two new setting
          TasksAccounting= and TasksMax= to each unit, as well as a
          global option DefaultTasksAccounting=.

        * Support for the "net_cls" cgroup controller has been added.
          It allows assigning a net class ID to each task in the
          cgroup, which can then be used in firewall rules and traffic
          shaping configurations. Note that the kernel netfilter net
          class code does not currently work reliably for ingress
          packets on unestablished sockets.

          This adds a new config directive called NetClass= to CGroup
          enabled units. Allowed values are positive numbers for fixed
          assignments and "auto" for picking a free value
          automatically.

        * 'systemctl is-system-running' now returns 'offline' if the
          system is not booted with systemd. This command can now be
          used as a substitute for 'systemd-notify --booted'.

        * Watchdog timeouts have been increased to 3 minutes for all
          in-tree service files. Apparently, disk IO issues are more
          frequent than we hoped, and user reported >1 minute waiting
          for disk IO.

        * 'machine-id-commit' functionality has been merged into
          'machine-id-setup --commit'. The separate binary has been
          removed.

        * The WorkingDirectory= directive in unit files may now be set
          to the special value '~'. In this case, the working
          directory is set to the home directory of the user
          configured in User=.

        * "machinectl shell" will now open the shell in the home
          directory of the selected user by default.

        * The CrashChVT= configuration file setting is renamed to
          CrashChangeVT=, following our usual logic of not
          abbreviating unnecessarily. The old directive is still
          supported for compat reasons. Also, this directive now takes
          an integer value between 1 and 63, or a boolean value. The
          formerly supported '-1' value for disabling stays around for
          compat reasons.

        * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
          NoNewPrivileges=, TTYPath=, WorkingDirectory= and
          RootDirectory= properties can now be set for transient
          units.

        * The systemd-analyze tool gained a new "set-log-target" verb
          to change the logging target the system manager logs to
          dynamically during runtime. This is similar to how
          "systemd-analyze set-log-level" already changes the log
          level.

        * In nspawn /sys is now mounted as tmpfs, with only a selected
          set of subdirectories mounted in from the real sysfs. This
          enhances security slightly, and is useful for ensuring user
          namespaces work correctly.

        * Support for USB FunctionFS activation has been added. This
          allows implementation of USB gadget services that are
          activated as soon as they are requested, so that they don't
          have to run continuously, similar to classic socket
          activation.

        * The "systemctl exit" command now optionally takes an
          additional parameter that sets the exit code to return from
          the systemd manager when exiting. This is only relevant when
          running the systemd user instance, or when running the
          system instance in a container.

        * sd-bus gained the new API calls sd_bus_path_encode_many()
          and sd_bus_path_decode_many() that allow easy encoding and
          decoding of multiple identifier strings inside a D-Bus
          object path. Another new call sd_bus_default_flush_close()
          has been added to flush and close per-thread default
          connections.

        * systemd-cgtop gained support for a -M/--machine= switch to
          show the control groups within a certain container only.

        * "systemctl kill" gained support for an optional --fail
          switch. If specified the requested operation will fail of no
          processes have been killed, because the unit had no
          processes attached, or similar.

        * A new systemd.crash_reboot=1 kernel command line option has
          been added that triggers a reboot after crashing. This can
          also be set through CrashReboot= in systemd.conf.

        * The RuntimeDirectory= setting now understands unit
          specifiers like %i or %f.

        * A new (still internal) library API sd-ipv4acd has been added,
          that implements address conflict detection for IPv4. It's
          based on code from sd-ipv4ll, and will be useful for
          detecting DHCP address conflicts.

        * File descriptors passed during socket activation may now be
          named. A new API sd_listen_fds_with_names() is added to
          access the names. The default names may be overridden,
          either in the .socket file using the FileDescriptorName=
          parameter, or by passing FDNAME= when storing the file
          descriptors using sd_notify().

        * systemd-networkd gained support for:

            - Setting the IPv6 Router Advertisement settings via
              IPv6AcceptRouterAdvertisements= in .network files.

            - Configuring the HelloTimeSec=, MaxAgeSec= and
              ForwardDelaySec= bridge parameters in .netdev files.

            - Configuring PreferredSource= for static routes in
              .network files.

        * The "ask-password" framework used to query for LUKS harddisk
          passwords or SSL passwords during boot gained support for
          caching passwords in the kernel keyring, if it is
          available. This makes sure that the user only has to type in
          a passphrase once if there are multiple objects to unlock
          with the same one. Previously, such password caching was
          available only when Plymouth was used; this moves the
          caching logic into the systemd codebase itself. The
          "systemd-ask-password" utility gained a new --keyname=
          switch to control which kernel keyring key to use for
          caching a password in. This functionality is also useful for
          enabling display managers such as gdm to automatically
          unlock the user's GNOME keyring if its passphrase, the
          user's password and the harddisk password are the same, if
          gdm-autologin is used.

        * When downloading tar or raw images using "machinectl
          pull-tar" or "machinectl pull-raw", a matching ".nspawn"
          file is now also downloaded, if it is available and stored
          next to the image file.

        * Units of type ".socket" gained a new boolean setting
          Writable= which is only useful in conjunction with
          ListenSpecial=. If true, enables opening the specified
          special file in O_RDWR mode rather than O_RDONLY mode.

        * systemd-rfkill has been reworked to become a singleton
          service that is activated through /dev/rfkill on each rfkill
          state change and saves the settings to disk. This way,
          systemd-rfkill is now compatible with devices that exist
          only intermittendly, and even restores state if the previous
          system shutdown was abrupt rather than clean.

        * The journal daemon gained support for vacuuming old journal
          files controlled by the number of files that shall remain,
          in addition to the already existing control by size and by
          date. This is useful as journal interleaving performance
          degrades with too many separate journal files, and allows
          putting an effective limit on them. The new setting defaults
          to 100, but this may be changed by setting SystemMaxFiles=
          and RuntimeMaxFiles= in journald.conf. Also, the
          "journalctl" tool gained the new --vacuum-files= switch to
          manually vacuum journal files to leave only the specified
          number of files in place.

        * udev will now create /dev/disk/by-path links for ATA devices
          on kernels where that is supported.

        * Galician, Serbian, Turkish and Korean translations were added.

        Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
        Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
        (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
        Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
        Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
        de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
        Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
        Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
        Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
        Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
        Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
        Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
        Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
        Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
        Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
        Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
        Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
        Zbigniew Jędrzejewski-Szmek, Марко М. Костић

        — Berlin, 2015-10-07

CHANGES WITH 226:

        * The DHCP implementation of systemd-networkd gained a set of
          new features:

          - The DHCP server now supports emitting DNS and NTP
            information. It may be enabled and configured via
            EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
            and NTP information is enabled, but no servers are
            configured, the corresponding uplink information (if there
            is any) is propagated.

          - Server and client now support transmission and reception
            of timezone information. It can be configured via the
            newly introduced network options UseTimezone=,
            EmitTimezone=, and Timezone=. Transmission of timezone
            information is enabled between host and containers by
            default now: the container will change its local timezone
            to what the host has set.

          - Lease timeouts can now be configured via
            MaxLeaseTimeSec= and DefaultLeaseTimeSec=.

          - The DHCP server improved on the stability of
            leases. Clients are more likely to get the same lease
            information back, even if the server loses state.

          - The DHCP server supports two new configuration options to
            control the lease address pool metrics, PoolOffset= and
            PoolSize=.

        * The encapsulation limit of tunnels in systemd-networkd may
          now be configured via 'EncapsulationLimit='. It allows
          modifying the maximum additional levels of encapsulation
          that are permitted to be prepended to a packet.

        * systemd now supports the concept of user buses replacing
          session buses, if used with dbus-1.10 (and enabled via dbus
          --enable-user-session). It previously only supported this on
          kdbus-enabled systems, and this release expands this to
          'dbus-daemon' systems.

        * systemd-networkd now supports predictable interface names
          for virtio devices.

        * systemd now optionally supports the new Linux kernel
          "unified" control group hierarchy. If enabled via the kernel
          command-line option 'systemd.unified_cgroup_hierarchy=1',
          systemd will try to mount the unified cgroup hierarchy
          directly on /sys/fs/cgroup. If not enabled, or not
          available, systemd will fall back to the legacy cgroup
          hierarchy setup, as before. Host system and containers can
          mix and match legacy and unified hierarchies as they
          wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
          environment variable to individually select the hierarchy to
          use for executed containers. By default, nspawn will use the
          unified hierarchy for the containers if the host uses the
          unified hierarchy, and the legacy hierarchy otherwise.
          Please note that at this point the unified hierarchy is an
          experimental kernel feature and is likely to change in one
          of the next kernel releases. Therefore, it should not be
          enabled by default in downstream distributions yet. The
          minimum required kernel version for the unified hierarchy to
          work is 4.2. Note that when the unified hierarchy is used
          for the first time delegated access to controllers is
          safe. Because of this systemd-nspawn containers will get
          access to controllers now, as will systemd user
          sessions. This means containers and user sessions may now
          manage their own resources, partitioning up what the system
          grants them.

        * A new special scope unit "init.scope" has been introduced
          that encapsulates PID 1 of the system. It may be used to
          determine resource usage and enforce resource limits on PID
          1 itself. PID 1 hence moved out of the root of the control
          group tree.

        * The cgtop tool gained support for filtering out kernel
          threads when counting tasks in a control group. Also, the
          count of processes is now recursively summed up by
          default. Two options -k and --recursive= have been added to
          revert to old behaviour. The tool has also been updated to
          work correctly in containers now.

        * systemd-nspawn's --bind= and --bind-ro= options have been
          extended to allow creation of non-recursive bind mounts.

        * libsystemd gained two new calls sd_pid_get_cgroup() and
          sd_peer_get_cgroup() which return the control group path of
          a process or peer of a connected AF_UNIX socket. This
          function call is particularly useful when implementing
          delegated subtrees support in the control group hierarchy.

        * The "sd-event" event loop API of libsystemd now supports
          correct dequeuing of real-time signals, without losing
          signal events.

        * When systemd requests a polkit decision when managing units it
          will now add additional fields to the request, including unit
          name and desired operation. This enables more powerful polkit
          policies, that make decisions depending on these parameters.

        * nspawn learnt support for .nspawn settings files, that may
          accompany the image files or directories of containers, and
          may contain additional settings for the container. This is
          an alternative to configuring container parameters via the
          nspawn command line.

        Contributions from: Cristian Rodríguez, Daniel Mack, David
        Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
        Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
        Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
        Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
        Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
        Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
        Andersen, Tom Gundersen, Torstein Husebø

        — Berlin, 2015-09-08

CHANGES WITH 225:

        * machinectl gained a new verb 'shell' which opens a fresh
          shell on the target container or the host. It is similar to
          the existing 'login' command of machinectl, but spawns the
          shell directly without prompting for username or
          password. The pseudo machine '.host' now refers to the local
          host and is used by default. Hence, 'machinectl shell' can
          be used as replacement for 'su -' which spawns a session as
          a fresh systemd unit in a way that is fully isolated from
          the originating session.

        * systemd-networkd learned to cope with private-zone DHCP
          options and allows other programs to query the values.

        * SELinux access control when enabling/disabling units is no
          longer enforced with this release. The previous implementation
          was incorrect, and a new corrected implementation is not yet
          available. As unit file operations are still protected via
          polkit and D-Bus policy this is not a security problem. Yet,
          distributions which care about optimal SELinux support should
          probably not stabilize on this release.

        * sd-bus gained support for matches of type "arg0has=", that
          test for membership of strings in string arrays sent in bus
          messages.

        * systemd-resolved now dumps the contents of its DNS and LLMNR
          caches to the logs on reception of the SIGUSR1 signal. This
          is useful to debug DNS behaviour.

        * The coredumpctl tool gained a new --directory= option to
          operate on journal files in a specific directory.

        * "systemctl reboot" and related commands gained a new
          "--message=" option which may be used to set a free-text
          wall message when shutting down or rebooting the
          system. This message is also logged, which is useful for
          figuring out the reason for a reboot or shutdown a
          posteriori.

        * The "systemd-resolve-host" tool's -i switch now takes
          network interface numbers as alternative to interface names.

        * A new unit file setting for services has been introduced:
          UtmpMode= allows configuration of how precisely systemd
          handles utmp and wtmp entries for the service if this is
          enabled. This allows writing services that appear similar to
          user sessions in the output of the "w", "who", "last" and
          "lastlog" tools.

        * systemd-resolved will now locally synthesize DNS resource
          records for the "localhost" and "gateway" domains as well as
          the local hostname. This should ensure that clients querying
          RRs via resolved will get similar results as those going via
          NSS, if nss-myhostname is enabled.

        Contributions from: Alastair Hughes, Alex Crawford, Daniel
        Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
        Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
        Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
        Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
        Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
        Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
        Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
        reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
        Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
        Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
        WaLyong Cho, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-08-27

CHANGES WITH 224:

        * The systemd-efi-boot-generator functionality was merged into
          systemd-gpt-auto-generator.

        * systemd-networkd now supports Group Policy for vxlan
          devices. It can be enabled via the new boolean configuration
          option called 'GroupPolicyExtension='.

        Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
        Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
        Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen

        — Berlin, 2015-07-31

CHANGES WITH 223:

        * The python-systemd code has been removed from the systemd repository.
          A new repository has been created which accommodates the code from
          now on, and we kindly ask distributions to create a separate package
          for this: https://github.com/systemd/python-systemd

        * The systemd daemon will now reload its main configuration
          (/etc/systemd/system.conf) on daemon-reload.

        * sd-dhcp now exposes vendor specific extensions via
          sd_dhcp_lease_get_vendor_specific().

        * systemd-networkd gained a number of new configuration options.

          - A new boolean configuration option for TAP devices called
            'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
            device, thus allowing to send and receive GSO packets.

          - A new tunnel configuration option called 'CopyDSCP='.
            If enabled, the DSCP field of ip6 tunnels is copied into the
            decapsulated packet.

          - A set of boolean bridge configuration options were added.
            'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
            and 'UnicastFlood=' are now parsed by networkd and applied to the
            respective bridge link device via the respective IFLA_BRPORT_*
            netlink attribute.

          - A new string configuration option to override the hostname sent
            to a DHCP server, called 'Hostname='. If set and 'SendHostname='
            is true, networkd will use the configured hostname instead of the
            system hostname when sending DHCP requests.

          - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
            networkd will configure the IPv6 flow-label of the tunnel device
            according to RFC2460.

          - The 'macvtap' virtual network devices are now supported, similar to
            the already supported 'macvlan' devices.

        * systemd-resolved now implements RFC5452 to improve resilience against
          cache poisoning. Additionally, source port randomization is enabled
          by default to further protect against DNS spoofing attacks.

        * nss-mymachines now supports translating UIDs and GIDs of running
          containers with user-namespaces enabled. If a container 'foo'
          translates a host uid 'UID' to the container uid 'TUID', then
          nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
          (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
          mapped as 'vg-foo-TGID'.

        Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
        Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
        HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
        Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
        Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
        Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
        Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
        Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
        Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
        Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-07-29

CHANGES WITH 222:

        * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
          There are no known issues with current sysfs, and udev does not need
          or should be used to work around such bugs.

        * udev does no longer enable USB HID power management. Several reports
          indicate, that some devices cannot handle that setting.

        * The udev accelerometer helper was removed. The functionality
          is now fully included in iio-sensor-proxy. But this means,
          older iio-sensor-proxy versions will no longer provide
          accelerometer/orientation data with this systemd version.
          Please upgrade iio-sensor-proxy to version 1.0.

        * networkd gained a new configuration option IPv6PrivacyExtensions=
          which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
          for Stateless Address") on selected networks.

        * For the sake of fewer build-time dependencies and less code in the
          main repository, the python bindings are about to be removed in the
          next release. A new repository has been created which accommodates
          the code from now on, and we kindly ask distributions to create a
          separate package for this. The removal will take place in v223.

            https://github.com/systemd/python-systemd

        Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
        Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
        daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
        Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
        Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
        (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
        Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
        Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
        Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
        Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-07-07

CHANGES WITH 221:

        * The sd-bus.h and sd-event.h APIs have now been declared
          stable and have been added to the official interface of
          libsystemd.so. sd-bus implements an alternative D-Bus client
          library, that is relatively easy to use, very efficient and
          supports both classic D-Bus as well as kdbus as transport
          backend. sd-event is a generic event loop abstraction that
          is built around Linux epoll, but adds features such as event
          prioritization or efficient timer handling. Both APIs are good
          choices for C programs looking for a bus and/or event loop
          implementation that is minimal and does not have to be
          portable to other kernels.

        * kdbus support is no longer compile-time optional. It is now
          always built-in. However, it can still be disabled at
          runtime using the kdbus=0 kernel command line setting, and
          that setting may be changed to default to off, by specifying
          --disable-kdbus at build-time. Note though that the kernel
          command line setting has no effect if the kdbus.ko kernel
          module is not installed, in which case kdbus is (obviously)
          also disabled. We encourage all downstream distributions to
          begin testing kdbus by adding it to the kernel images in the
          development distributions, and leaving kdbus support in
          systemd enabled.

        * The minimal required util-linux version has been bumped to
          2.26.

        * Support for chkconfig (--enable-chkconfig) was removed in
          favor of calling an abstraction tool
          /lib/systemd/systemd-sysv-install. This needs to be
          implemented for your distribution. See "SYSV INIT.D SCRIPTS"
          in README for details.

        * If there's a systemd unit and a SysV init script for the
          same service name, and the user executes "systemctl enable"
          for it (or a related call), then this will now enable both
          (or execute the related operation on both), not just the
          unit.

        * The libudev API documentation has been converted from gtkdoc
          into man pages.

        * gudev has been removed from the systemd tree, it is now an
          external project.

        * The systemd-cgtop tool learnt a new --raw switch to generate
          "raw" (machine parsable) output.

        * networkd's IPForwarding= .network file setting learnt the
          new setting "kernel", which ensures that networkd does not
          change the IP forwarding sysctl from the default kernel
          state.

        * The systemd-logind bus API now exposes a new boolean
          property "Docked" that reports whether logind considers the
          system "docked", i.e. connected to a docking station or not.

        Contributions from: Alex Crawford, Andreas Pokorny, Andrei
        Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
        Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
        David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
        Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
        Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
        Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
        Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
        Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
        Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
        Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
        Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
        Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
        Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
        Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
        Fink, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-06-19

CHANGES WITH 220:

        * The gudev library has been extracted into a separate repository
          available at: https://git.gnome.org/browse/libgudev/
          It is now managed as part of the Gnome project. Distributions
          are recommended to pass --disable-gudev to systemd and use
          gudev from the Gnome project instead. gudev is still included
          in systemd, for now. It will be removed soon, though. Please
          also see the announcement-thread on systemd-devel:
          https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html

        * systemd now exposes a CPUUsageNSec= property for each
          service unit on the bus, that contains the overall consumed
          CPU time of a service (the sum of what each process of the
          service consumed). This value is only available if
          CPUAccounting= is turned on for a service, and is then shown
          in the "systemctl status" output.

        * Support for configuring alternative mappings of the old SysV
          runlevels to systemd targets has been removed. They are now
          hardcoded in a way that runlevels 2, 3, 4 all map to
          multi-user.target and 5 to graphical.target (which
          previously was already the default behaviour).

        * The auto-mounter logic gained support for mount point
          expiry, using a new TimeoutIdleSec= setting in .automount
          units. (Also available as x-systemd.idle-timeout= in /etc/fstab).

        * The EFI System Partition (ESP) as mounted to /boot by
          systemd-efi-boot-generator will now be unmounted
          automatically after 2 minutes of not being used. This should
          minimize the risk of ESP corruptions.

        * New /etc/fstab options x-systemd.requires= and
          x-systemd.requires-mounts-for= are now supported to express
          additional dependencies for mounts. This is useful for
          journaling file systems that support external journal
          devices or overlay file systems that require underlying file
          systems to be mounted.

        * systemd does not support direct live-upgrades (via systemctl
          daemon-reexec) from versions older than v44 anymore. As no
          distribution we are aware of shipped such old versions in a
          stable release this should not be problematic.

        * When systemd forks off a new per-connection service instance
          it will now set the $REMOTE_ADDR environment variable to the
          remote IP address, and $REMOTE_PORT environment variable to
          the remote IP port. This behaviour is similar to the
          corresponding environment variables defined by CGI.

        * systemd-networkd gained support for uplink failure
          detection. The BindCarrier= option allows binding interface
          configuration dynamically to the link sense of other
          interfaces. This is useful to achieve behaviour like in
          network switches.

        * systemd-networkd gained support for configuring the DHCP
          client identifier to use when requesting leases.

        * systemd-networkd now has a per-network UseNTP= option to
          configure whether NTP server information acquired via DHCP
          is passed on to services like systemd-timesyncd.

        * systemd-networkd gained support for vti6 tunnels.

        * Note that systemd-networkd manages the sysctl variable
          /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
          it is configured for since v219. The variable controls IP
          forwarding, and is a per-interface alternative to the global
          /proc/sys/net/ipv[46]/ip_forward. This setting is
          configurable in the IPForward= option, which defaults to
          "no". This means if networkd is used for an interface it is
          no longer sufficient to set the global sysctl option to turn
          on IP forwarding! Instead, the .network file option
          IPForward= needs to be turned on! Note that the
          implementation of this behaviour was broken in v219 and has
          been fixed in v220.

        * Many bonding and vxlan options are now configurable in
          systemd-networkd.

        * systemd-nspawn gained a new --property= setting to set unit
          properties for the container scope. This is useful for
          setting resource parameters (e.g. "CPUShares=500") on
          containers started from the command line.

        * systemd-nspawn gained a new --private-users= switch to make
          use of user namespacing available on recent Linux kernels.

        * systemd-nspawn may now be called as part of a shell pipeline
          in which case the pipes used for stdin and stdout are passed
          directly to the process invoked in the container, without
          indirection via a pseudo tty.

        * systemd-nspawn gained a new switch to control the UNIX
          signal to use when killing the init process of the container
          when shutting down.

        * systemd-nspawn gained a new --overlay= switch for mounting
          overlay file systems into the container using the new kernel
          overlayfs support.

        * When a container image is imported via systemd-importd and
          the host file system is not btrfs, a loopback block device
          file is created in /var/lib/machines.raw with a btrfs file
          system inside. It is then mounted to /var/lib/machines to
          enable btrfs features for container management. The loopback
          file and btrfs file system is grown as needed when container
          images are imported via systemd-importd.

        * systemd-machined/systemd-importd gained support for btrfs
          quota, to enforce container disk space limits on disk. This
          is exposed in "machinectl set-limit".

        * systemd-importd now can import containers from local .tar,
          .raw and .qcow2 images, and export them to .tar and .raw. It
          can also import dkr v2 images now from the network (on top
          of v1 as before).

        * systemd-importd gained support for verifying downloaded
          images with gpg2 (previously only gpg1 was supported).

        * systemd-machined, systemd-logind, systemd: most bus calls are
          now accessible to unprivileged processes via polkit. Also,
          systemd-logind will now allow users to kill their own sessions
          without further privileges or authorization.

        * systemd-shutdownd has been removed. This service was
          previously responsible for implementing scheduled shutdowns
          as exposed in /usr/bin/shutdown's time parameter. This
          functionality has now been moved into systemd-logind and is
          accessible via a bus interface.

        * "systemctl reboot" gained a new switch --firmware-setup that
          can be used to reboot into the EFI firmware setup, if that
          is available. systemd-logind now exposes an API on the bus
          to trigger such reboots, in case graphical desktop UIs want
          to cover this functionality.

        * "systemctl enable", "systemctl disable" and "systemctl mask"
          now support a new "--now" switch. If specified the units
          that are enabled will also be started, and the ones
          disabled/masked also stopped.

        * The Gummiboot EFI boot loader tool has been merged into
          systemd, and renamed to "systemd-boot". The bootctl tool has been
          updated to support systemd-boot.

        * An EFI kernel stub has been added that may be used to create
          kernel EFI binaries that contain not only the actual kernel,
          but also an initrd, boot splash, command line and OS release
          information. This combined binary can then be signed as a
          single image, so that the firmware can verify it all in one
          step. systemd-boot has special support for EFI binaries created
          like this and can extract OS release information from them
          and show them in the boot menu. This functionality is useful
          to implement cryptographically verified boot schemes.

        * Optional support has been added to systemd-fsck to pass
          fsck's progress report to an AF_UNIX socket in the file
          system.

        * udev will no longer create device symlinks for all block devices by
          default. A deny list for excluding special block devices from this
          logic has been turned into an allow list that requires picking block
          devices explicitly that require device symlinks.

        * A new (currently still internal) API sd-device.h has been
          added to libsystemd. This modernized API is supposed to
          replace libudev eventually. In fact, already much of libudev
          is now just a wrapper around sd-device.h.

        * A new hwdb database for storing metadata about pointing
          stick devices has been added.

        * systemd-tmpfiles gained support for setting file attributes
          similar to the "chattr" tool with new 'h' and 'H' lines.

        * systemd-journald will no longer unconditionally set the
          btrfs NOCOW flag on new journal files. This is instead done
          with tmpfiles snippet using the new 'h' line type. This
          allows easy disabling of this logic, by masking the
          journal-nocow.conf tmpfiles file.

        * systemd-journald will now translate audit message types to
          human readable identifiers when writing them to the
          journal. This should improve readability of audit messages.

        * The LUKS logic gained support for the offset= and skip=
          options in /etc/crypttab, as previously implemented by
          Debian.

        * /usr/lib/os-release gained a new optional field VARIANT= for
          distributions that support multiple variants (such as a
          desktop edition, a server edition, …)

        Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
        Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
        Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
        Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
        Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
        Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
        Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
        Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
        Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
        Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
        Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
        Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
        Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
        Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
        De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
        Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
        Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
        Michael Biebl, Michael Marineau, Michael Olbrich, Michal
        Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
        Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
        Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
        Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
        Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
        Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
        Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
        Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
        Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-05-22

CHANGES WITH 219:

        * Introduce a new API "sd-hwdb.h" for querying the hardware
          metadata database. With this minimal interface one can query
          and enumerate the udev hwdb, decoupled from the old libudev
          library. libudev's interface for this is now only a wrapper
          around sd-hwdb. A new tool systemd-hwdb has been added to
          interface with and update the database.

        * When any of systemd's tools copies files (for example due to
          tmpfiles' C lines) a btrfs reflink will attempted first,
          before bytewise copying is done.

        * systemd-nspawn gained a new --ephemeral switch. When
          specified a btrfs snapshot is taken of the container's root
          directory, and immediately removed when the container
          terminates again. Thus, a container can be started whose
          changes never alter the container's root directory, and are
          lost on container termination. This switch can also be used
          for starting a container off the root file system of the
          host without affecting the host OS. This switch is only
          available on btrfs file systems.

        * systemd-nspawn gained a new --template= switch. It takes the
          path to a container tree to use as template for the tree
          specified via --directory=, should that directory be
          missing. This allows instantiating containers dynamically,
          on first run. This switch is only available on btrfs file
          systems.

        * When a .mount unit refers to a mount point on which multiple
          mounts are stacked, and the .mount unit is stopped all of
          the stacked mount points will now be unmounted until no
          mount point remains.

        * systemd now has an explicit notion of supported and
          unsupported unit types. Jobs enqueued for unsupported unit
          types will now fail with an "unsupported" error code. More
          specifically .swap, .automount and .device units are not
          supported in containers, .busname units are not supported on
          non-kdbus systems. .swap and .automount are also not
          supported if their respective kernel compile time options
          are disabled.

        * machinectl gained support for two new "copy-from" and
          "copy-to" commands for copying files from a running
          container to the host or vice versa.

        * machinectl gained support for a new "bind" command to bind
          mount host directories into local containers. This is
          currently only supported for nspawn containers.

        * networkd gained support for configuring bridge forwarding
          database entries (fdb) from .network files.

        * A new tiny daemon "systemd-importd" has been added that can
          download container images in tar, raw, qcow2 or dkr formats,
          and make them available locally in /var/lib/machines, so
          that they can run as nspawn containers. The daemon can GPG
          verify the downloads (not supported for dkr, since it has no
          provisions for verifying downloads). It will transparently
          decompress bz2, xz, gzip compressed downloads if necessary,
          and restore sparse files on disk. The daemon uses privilege
          separation to ensure the actual download logic runs with
          fewer privileges than the daemon itself. machinectl has
          gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
          make the functionality of importd available to the
          user. With this in place the Fedora and Ubuntu "Cloud"
          images can be downloaded and booted as containers unmodified
          (the Fedora images lack the appropriate GPG signature files
          currently, so they cannot be verified, but this will change
          soon, hopefully). Note that downloading images is currently
          only fully supported on btrfs.

        * machinectl is now able to list container images found in
          /var/lib/machines, along with some metadata about sizes of
          disk and similar. If the directory is located on btrfs and
          quota is enabled, this includes quota display. A new command
          "image-status" has been added that shows additional
          information about images.

        * machinectl is now able to clone container images
          efficiently, if the underlying file system (btrfs) supports
          it, with the new "machinectl clone" command. It also
          gained commands for renaming and removing images, as well as
          marking them read-only or read-write (supported also on
          legacy file systems).

        * networkd gained support for collecting LLDP network
          announcements, from hardware that supports this. This is
          shown in networkctl output.

        * systemd-run gained support for a new -t (--pty) switch for
          invoking a binary on a pty whose input and output is
          connected to the invoking terminal. This allows executing
          processes as system services while interactively
          communicating with them via the terminal. Most interestingly
          this is supported across container boundaries. Invoking
          "systemd-run -t /bin/bash" is an alternative to running a
          full login session, the difference being that the former
          will not register a session, nor go through the PAM session
          setup.

        * tmpfiles gained support for a new "v" line type for creating
          btrfs subvolumes. If the underlying file system is a legacy
          file system, this automatically degrades to creating a
          normal directory. Among others /var/lib/machines is now
          created like this at boot, should it be missing.

        * The directory /var/lib/containers/ has been deprecated and
          been replaced by /var/lib/machines. The term "machines" has
          been used in the systemd context as generic term for both
          VMs and containers, and hence appears more appropriate for
          this, as the directory can also contain raw images bootable
          via qemu/kvm.

        * systemd-nspawn when invoked with -M but without --directory=
          or --image= is now capable of searching for the container
          root directory, subvolume or disk image automatically, in
          /var/lib/machines. systemd-nspawn@.service has been updated
          to make use of this, thus allowing it to be used for raw
          disk images, too.

        * A new machines.target unit has been introduced that is
          supposed to group all containers/VMs invoked as services on
          the system. systemd-nspawn@.service has been updated to
          integrate with that.

        * machinectl gained a new "start" command, for invoking a
          container as a service. "machinectl start foo" is mostly
          equivalent to "systemctl start systemd-nspawn@foo.service",
          but handles escaping in a nicer way.

        * systemd-nspawn will now mount most of the cgroupfs tree
          read-only into each container, with the exception of the
          container's own subtree in the name=systemd hierarchy.

        * journald now sets the special FS_NOCOW file flag for its
          journal files. This should improve performance on btrfs, by
          avoiding heavy fragmentation when journald's write-pattern
          is used on COW file systems. It degrades btrfs' data
          integrity guarantees for the files to the same levels as for
          ext3/ext4 however. This should be OK though as journald does
          its own data integrity checks and all its objects are
          checksummed on disk. Also, journald should handle btrfs disk
          full events a lot more gracefully now, by processing SIGBUS
          errors, and not relying on fallocate() anymore.

        * When journald detects that journal files it is writing to
          have been deleted it will immediately start new journal
          files.

        * systemd now provides a way to store file descriptors
          per-service in PID 1. This is useful for daemons to ensure
          that fds they require are not lost during a daemon
          restart. The fds are passed to the daemon on the next
          invocation in the same way socket activation fds are
          passed. This is now used by journald to ensure that the
          various sockets connected to all the system's stdout/stderr
          are not lost when journald is restarted. File descriptors
          may be stored in PID 1 via the sd_pid_notify_with_fds() API,
          an extension to sd_notify(). Note that a limit is enforced
          on the number of fds a service can store in PID 1, and it
          defaults to 0, so that no fds may be stored, unless this is
          explicitly turned on.

        * The default TERM variable to use for units connected to a
          terminal, when no other value is explicitly is set is now
          vt220 rather than vt102. This should be fairly safe still,
          but allows PgUp/PgDn work.

        * The /etc/crypttab option header= as known from Debian is now
          supported.

        * "loginctl user-status" and "loginctl session-status" will
          now show the last 10 lines of log messages of the
          user/session following the status output. Similar,
          "machinectl status" will show the last 10 log lines
          associated with a virtual machine or container
          service. (Note that this is usually not the log messages
          done in the VM/container itself, but simply what the
          container manager logs. For nspawn this includes all console
          output however.)

        * "loginctl session-status" without further argument will now
          show the status of the session of the caller. Similar,
          "lock-session", "unlock-session", "activate",
          "enable-linger", "disable-linger" may now be called without
          session/user parameter in which case they apply to the
          caller's session/user.

        * An X11 session scriptlet is now shipped that uploads
          $DISPLAY and $XAUTHORITY into the environment of the systemd
          --user daemon if a session begins. This should improve
          compatibility with X11 enabled applications run as systemd
          user services.

        * Generators are now subject to masking via /etc and /run, the
          same way as unit files.

        * networkd .network files gained support for configuring
          per-link IPv4/IPv6 packet forwarding as well as IPv4
          masquerading. This is by default turned on for veth links to
          containers, as registered by systemd-nspawn. This means that
          nspawn containers run with --network-veth will now get
          automatic routed access to the host's networks without any
          further configuration or setup, as long as networkd runs on
          the host.

        * systemd-nspawn gained the --port= (-p) switch to expose TCP
          or UDP posts of a container on the host. With this in place
          it is possible to run containers with private veth links
          (--network-veth), and have their functionality exposed on
          the host as if their services were running directly on the
          host.

        * systemd-nspawn's --network-veth switch now gained a short
          version "-n", since with the changes above it is now truly
          useful out-of-the-box. The systemd-nspawn@.service has been
          updated to make use of it too by default.

        * systemd-nspawn will now maintain a per-image R/W lock, to
          ensure that the same image is not started more than once
          writable. (It's OK to run an image multiple times
          simultaneously in read-only mode.)

        * systemd-nspawn's --image= option is now capable of
          dissecting and booting MBR and GPT disk images that contain
          only a single active Linux partition. Previously it
          supported only GPT disk images with proper GPT type
          IDs. This allows running cloud images from major
          distributions directly with systemd-nspawn, without
          modification.

        * In addition to collecting mouse dpi data in the udev
          hardware database, there's now support for collecting angle
          information for mouse scroll wheels. The database is
          supposed to guarantee similar scrolling behavior on mice
          that it knows about. There's also support for collecting
          information about Touchpad types.

        * udev's input_id built-in will now also collect touch screen
          dimension data and attach it to probed devices.

        * /etc/os-release gained support for a Distribution Privacy
          Policy link field.

        * networkd gained support for creating "ipvlan", "gretap",
          "ip6gre", "ip6gretap" and "ip6tnl" network devices.

        * systemd-tmpfiles gained support for "a" lines for setting
          ACLs on files.

        * systemd-nspawn will now mount /tmp in the container to
          tmpfs, automatically.

        * systemd now exposes the memory.usage_in_bytes cgroup
          attribute and shows it for each service in the "systemctl
          status" output, if available.

        * When the user presses Ctrl-Alt-Del more than 7x within 2s an
          immediate reboot is triggered. This useful if shutdown is
          hung and is unable to complete, to expedite the
          operation. Note that this kind of reboot will still unmount
          all file systems, and hence should not result in fsck being
          run on next reboot.

        * A .device unit for an optical block device will now be
          considered active only when a medium is in the drive. Also,
          mount units are now bound to their backing devices thus
          triggering automatic unmounting when devices become
          unavailable. With this in place systemd will now
          automatically unmount left-over mounts when a CD-ROM is
          ejected or a USB stick is yanked from the system.

        * networkd-wait-online now has support for waiting for
          specific interfaces only (with globbing), and for giving up
          after a configurable timeout.

        * networkd now exits when idle. It will be automatically
          restarted as soon as interfaces show up, are removed or
          change state. networkd will stay around as long as there is
          at least one DHCP state machine or similar around, that keep
          it non-idle.

        * networkd may now configure IPv6 link-local addressing in
          addition to IPv4 link-local addressing.

        * The IPv6 "token" for use in SLAAC may now be configured for
          each .network interface in networkd.

        * Routes configured with networkd may now be assigned a scope
          in .network files.

        * networkd's [Match] sections now support globbing and lists
          of multiple space-separated matches per item.

        Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
        Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
        Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
        Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
        Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
        Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
        Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
        Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
        Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
        Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
        Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
        Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
        Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
        Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
        Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
        Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
        Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
        Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
        Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
        Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
        Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
        Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
        Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
        Hoffmann, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2015-02-16

CHANGES WITH 218:

        * When querying unit file enablement status (for example via
          "systemctl is-enabled"), a new state "indirect" is now known
          which indicates that a unit might not be enabled itself, but
          another unit listed in its Also= setting might be.

        * Similar to the various existing ConditionXYZ= settings for
          units, there are now matching AssertXYZ= settings. While
          failing conditions cause a unit to be skipped, but its job
          to succeed, failing assertions declared like this will cause
          a unit start operation and its job to fail.

        * hostnamed now knows a new chassis type "embedded".

        * systemctl gained a new "edit" command. When used on a unit
          file, this allows extending unit files with .d/ drop-in
          configuration snippets or editing the full file (after
          copying it from /usr/lib to /etc). This will invoke the
          user's editor (as configured with $EDITOR), and reload the
          modified configuration after editing.

        * "systemctl status" now shows the suggested enablement state
          for a unit, as declared in the (usually vendor-supplied)
          system preset files.

        * nss-myhostname will now resolve the single-label hostname
          "gateway" to the locally configured default IP routing
          gateways, ordered by their metrics. This assigns a stable
          name to the used gateways, regardless which ones are
          currently configured. Note that the name will only be
          resolved after all other name sources (if nss-myhostname is
          configured properly) and should hence not negatively impact
          systems that use the single-label hostname "gateway" in
          other contexts.

        * systemd-inhibit now allows filtering by mode when listing
          inhibitors.

        * Scope and service units gained a new "Delegate" boolean
          property, which, when set, allows processes running inside the
          unit to further partition resources. This is primarily
          useful for systemd user instances as well as container
          managers.

        * journald will now pick up audit messages directly from
          the kernel, and log them like any other log message. The
          audit fields are split up and fully indexed. This means that
          journalctl in many ways is now a (nicer!) alternative to
          ausearch, the traditional audit client. Note that this
          implements only a minimal audit client. If you want the
          special audit modes like reboot-on-log-overflow, please use
          the traditional auditd instead, which can be used in
          parallel to journald.

        * The ConditionSecurity= unit file option now understands the
          special string "audit" to check whether auditing is
          available.

        * journalctl gained two new commands --vacuum-size= and
          --vacuum-time= to delete old journal files until the
          remaining ones take up no more than the specified size on disk,
          or are not older than the specified time.

        * A new, native PPPoE library has been added to sd-network,
          systemd's library of light-weight networking protocols. This
          library will be used in a future version of networkd to
          enable PPPoE communication without an external pppd daemon.

        * The busctl tool now understands a new "capture" verb that
          works similar to "monitor", but writes a packet capture
          trace to STDOUT that can be redirected to a file which is
          compatible with libcap's capture file format. This can then
          be loaded in Wireshark and similar tools to inspect bus
          communication.

        * The busctl tool now understands a new "tree" verb that shows
          the object trees of a specific service on the bus, or of all
          services.

        * The busctl tool now understands a new "introspect" verb that
          shows all interfaces and members of objects on the bus,
          including their signature and values. This is particularly
          useful to get more information about bus objects shown by
          the new "busctl tree" command.

        * The busctl tool now understands new verbs "call",
          "set-property" and "get-property" for invoking bus method
          calls, setting and getting bus object properties in a
          friendly way.

        * busctl gained a new --augment-creds= argument that controls
          whether the tool shall augment credential information it
          gets from the bus with data from /proc, in a possibly
          race-ful way.

        * nspawn's --link-journal= switch gained two new values
          "try-guest" and "try-host" that work like "guest" and
          "host", but do not fail if the host has no persistent
          journaling enabled. -j is now equivalent to
          --link-journal=try-guest.

        * macvlan network devices created by nspawn will now have
          stable MAC addresses.

        * A new SmackProcessLabel= unit setting has been added, which
          controls the SMACK security label processes forked off by
          the respective unit shall use.

        * If compiled with --enable-xkbcommon, systemd-localed will
          verify x11 keymap settings by compiling the given keymap. It
          will spew out warnings if the compilation fails. This
          requires libxkbcommon to be installed.

        * When a coredump is collected, a larger number of metadata
          fields is now collected and included in the journal records
          created for it. More specifically, control group membership,
          environment variables, memory maps, working directory,
          chroot directory, /proc/$PID/status, and a list of open file
          descriptors is now stored in the log entry.

        * The udev hwdb now contains DPI information for mice. For
          details see:

          http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html

        * All systemd programs that read standalone configuration
          files in /etc now also support a corresponding series of
          .conf.d configuration directories in /etc/, /run/,
          /usr/local/lib/, /usr/lib/, and (if configured with
          --enable-split-usr) /lib/. In particular, the following
          configuration files now have corresponding configuration
          directories: system.conf user.conf, logind.conf,
          journald.conf, sleep.conf, bootchart.conf, coredump.conf,
          resolved.conf, timesyncd.conf, journal-remote.conf, and
          journal-upload.conf. Note that distributions should use the
          configuration directories in /usr/lib/; the directories in
          /etc/ are reserved for the system administrator.

        * systemd-rfkill will no longer take the rfkill device name
          into account when storing rfkill state on disk, as the name
          might be dynamically assigned and not stable. Instead, the
          ID_PATH udev variable combined with the rfkill type (wlan,
          bluetooth, …) is used.

        * A new service systemd-machine-id-commit.service has been
          added. When used on systems where /etc is read-only during
          boot, and /etc/machine-id is not initialized (but an empty
          file), this service will copy the temporary machine ID
          created as replacement into /etc after the system is fully
          booted up. This is useful for systems that are freshly
          installed with a non-initialized machine ID, but should get
          a fixed machine ID for subsequent boots.

        * networkd's .netdev files now provide a large set of
          configuration parameters for VXLAN devices. Similarly, the
          bridge port cost parameter is now configurable in .network
          files. There's also new support for configuring IP source
          routing. networkd .link files gained support for a new
          OriginalName= match that is useful to match against the
          original interface name the kernel assigned. .network files
          may include MTU= and MACAddress= fields for altering the MTU
          and MAC address while being connected to a specific network
          interface.

        * The LUKS logic gained supported for configuring
          UUID-specific key files. There's also new support for naming
          LUKS device from the kernel command line, using the new
          luks.name= argument.

        * Timer units may now be transiently created via the bus API
          (this was previously already available for scope and service
          units). In addition it is now possible to create multiple
          transient units at the same time with a single bus call. The
          "systemd-run" tool has been updated to make use of this for
          running commands on a specified time, in at(1)-style.

        * tmpfiles gained support for "t" lines, for assigning
          extended attributes to files. Among other uses this may be
          used to assign SMACK labels to files.

        Contributions from: Alin Rauta, Alison Chaiken, Andrej
        Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
        Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
        Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
        Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
        Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
        Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
        Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
        Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
        Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
        Michael Biebl, Michael Chapman, Michael Marineau, Michal
        Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
        Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
        Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
        Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
        Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
        Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
        Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-12-10

CHANGES WITH 217:

        * journalctl gained the new options -t/--identifier= to match
          on the syslog identifier (aka "tag"), as well as --utc to
          show log timestamps in the UTC timezone. journalctl now also
          accepts -n/--lines=all to disable line capping in a pager.

        * journalctl gained a new switch, --flush, that synchronously
          flushes logs from /run/log/journal to /var/log/journal if
          persistent storage is enabled. systemd-journal-flush.service
          now waits until the operation is complete.

        * Services can notify the manager before they start a reload
          (by sending RELOADING=1) or shutdown (by sending
          STOPPING=1). This allows the manager to track and show the
          internal state of daemons and closes a race condition when
          the process is still running but has closed its D-Bus
          connection.

        * Services with Type=oneshot do not have to have any ExecStart
          commands anymore.

        * User units are now loaded also from
          $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
          /run/systemd/user directory that was already previously
          supported, but is under the control of the user.

        * Job timeouts (i.e. timeouts on the time a job that is
          queued stays in the run queue) can now optionally result in
          immediate reboot or power-off actions (JobTimeoutAction= and
          JobTimeoutRebootArgument=). This is useful on ".target"
          units, to limit the maximum time a target remains
          undispatched in the run queue, and to trigger an emergency
          operation in such a case. This is now used by default to
          turn off the system if boot-up (as defined by everything in
          basic.target) hangs and does not complete for at least
          15min. Also, if power-off or reboot hang for at least 30min
          an immediate power-off/reboot operation is triggered. This
          functionality is particularly useful to increase reliability
          on embedded devices, but also on laptops which might
          accidentally get powered on when carried in a backpack and
          whose boot stays stuck in a hard disk encryption passphrase
          question.

        * systemd-logind can be configured to also handle lid switch
          events even when the machine is docked or multiple displays
          are attached (HandleLidSwitchDocked= option).

        * A helper binary and a service have been added which can be
          used to resume from hibernation in the initramfs. A
          generator will parse the resume= option on the kernel
          command line to trigger resume.

        * A user console daemon systemd-consoled has been
          added. Currently, it is a preview, and will so far open a
          single terminal on each session of the user marked as
          Desktop=systemd-console.

        * Route metrics can be specified for DHCP routes added by
          systemd-networkd.

        * The SELinux context of socket-activated services can be set
          from the information provided by the networking stack
          (SELinuxContextFromNet= option).

        * Userspace firmware loading support has been removed and
          the minimum supported kernel version is thus bumped to 3.7.

        * Timeout for udev workers has been increased from 1 to 3
          minutes, but a warning will be printed after 1 minute to
          help diagnose kernel modules that take a long time to load.

        * Udev rules can now remove tags on devices with TAG-="foobar".

        * systemd's readahead implementation has been removed. In many
          circumstances it didn't give expected benefits even for
          rotational disk drives and was becoming less relevant in the
          age of SSDs. As none of the developers has been using
          rotating media anymore, and nobody stepped up to actively
          maintain this component of systemd it has now been removed.

        * Swap units can use Options= to specify discard options.
          Discard options specified for swaps in /etc/fstab are now
          respected.

        * Docker containers are now detected as a separate type of
          virtualization.

        * The Password Agent protocol gained support for queries where
          the user input is shown, useful e.g. for user names.
          systemd-ask-password gained a new --echo option to turn that
          on.

        * The default sysctl.d/ snippets will now set:

                net.core.default_qdisc = fq_codel

          This selects Fair Queuing Controlled Delay as the default
          queuing discipline for network interfaces. fq_codel helps
          fight the network bufferbloat problem. It is believed to be
          a good default with no tuning required for most workloads.
          Downstream distributions may override this choice. On 10Gbit
          servers that do not do forwarding, "fq" may perform better.
          Systems without a good clocksource should use "pfifo_fast".

        * If kdbus is enabled during build a new option BusPolicy= is
          available for service units, that allows locking all service
          processes into a stricter bus policy, in order to limit
          access to various bus services, or even hide most of them
          from the service's view entirely.

        * networkctl will now show the .network and .link file
          networkd has applied to a specific interface.

        * sd-login gained a new API call sd_session_get_desktop() to
          query which desktop environment has been selected for a
          session.

        * UNIX utmp support is now compile-time optional to support
          legacy-free systems.

        * systemctl gained two new commands "add-wants" and
          "add-requires" for pulling in units from specific targets
          easily.

        * If the word "rescue" is specified on the kernel command line
          the system will now boot into rescue mode (aka
          rescue.target), which was previously available only by
          specifying "1" or "systemd.unit=rescue.target" on the kernel
          command line. This new kernel command line option nicely
          mirrors the already existing "emergency" kernel command line
          option.

        * New kernel command line options mount.usr=, mount.usrflags=,
          mount.usrfstype= have been added that match root=, rootflags=,
          rootfstype= but allow mounting a specific file system to
          /usr.

        * The $NOTIFY_SOCKET is now also passed to control processes of
          services, not only the main process.

        * This version reenables support for fsck's -l switch. This
          means at least version v2.25 of util-linux is required for
          operation, otherwise dead-locks on device nodes may
          occur. Again: you need to update util-linux to at least
          v2.25 when updating systemd to v217.

        * The "multi-seat-x" tool has been removed from systemd, as
          its functionality has been integrated into X servers 1.16,
          and the tool is hence redundant. It is recommended to update
          display managers invoking this tool to simply invoke X
          directly from now on, again.

        * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
          message flag has been added for all of systemd's polkit
          authenticated method calls has been added. In particular this
          now allows optional interactive authorization via polkit for
          many of PID1's privileged operations such as unit file
          enabling and disabling.

        * "udevadm hwdb --update" learnt a new switch "--usr" for
          placing the rebuilt hardware database in /usr instead of
          /etc. When used only hardware database entries stored in
          /usr will be used, and any user database entries in /etc are
          ignored. This functionality is useful for vendors to ship a
          pre-built database on systems where local configuration is
          unnecessary or unlikely.

        * Calendar time specifications in .timer units now also
          understand the strings "semi-annually", "quarterly" and
          "minutely" as shortcuts (in addition to the preexisting
          "annually", "hourly", …).

        * systemd-tmpfiles will now correctly create files in /dev
          at boot which are marked for creation only at boot. It is
          recommended to always create static device nodes with 'c!'
          and 'b!', so that they are created only at boot and not
          overwritten at runtime.

        * When the watchdog logic is used for a service (WatchdogSec=)
          and the watchdog timeout is hit the service will now be
          terminated with SIGABRT (instead of just SIGTERM), in order
          to make sure a proper coredump and backtrace is
          generated. This ensures that hanging services will result in
          similar coredump/backtrace behaviour as services that hit a
          segmentation fault.

        Contributions from: Andreas Henriksson, Andrei Borzenkov,
        Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
        Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
        Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
        Herrmann, David Sommerseth, David Strauss, Emil Renner
        Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
        Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
        Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
        Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
        Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
        Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
        Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
        Michael Marineau, Michael Olbrich, Michael Scherer, Michal
        Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
        Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
        Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
        Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
        Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
        Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
        Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
        Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
        Jędrzejewski-Szmek

        — Berlin, 2014-10-28

CHANGES WITH 216:

        * timedated no longer reads NTP implementation unit names from
          /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
          implementations should add a

            Conflicts=systemd-timesyncd.service

          to their unit files to take over and replace systemd's NTP
          default functionality.

        * systemd-sysusers gained a new line type "r" for configuring
          which UID/GID ranges to allocate system users/groups
          from. Lines of type "u" may now add an additional column
          that specifies the home directory for the system user to be
          created. Also, systemd-sysusers may now optionally read user
          information from STDIN instead of a file. This is useful for
          invoking it from RPM preinst scriptlets that need to create
          users before the first RPM file is installed since these
          files might need to be owned by them. A new
          %sysusers_create_inline RPM macro has been introduced to do
          just that. systemd-sysusers now updates the shadow files as
          well as the user/group databases, which should enhance
          compatibility with certain tools like grpck.

        * A number of bus APIs of PID 1 now optionally consult polkit to
          permit access for otherwise unprivileged clients under certain
          conditions. Note that this currently doesn't support
          interactive authentication yet, but this is expected to be
          added eventually, too.

        * /etc/machine-info now has new fields for configuring the
          deployment environment of the machine, as well as the
          location of the machine. hostnamectl has been updated with
          new command to update these fields.

        * systemd-timesyncd has been updated to automatically acquire
          NTP server information from systemd-networkd, which might
          have been discovered via DHCP.

        * systemd-resolved now includes a caching DNS stub resolver
          and a complete LLMNR name resolution implementation. A new
          NSS module "nss-resolve" has been added which can be used
          instead of glibc's own "nss-dns" to resolve hostnames via
          systemd-resolved. Hostnames, addresses and arbitrary RRs may
          be resolved via systemd-resolved D-Bus APIs. In contrast to
          the glibc internal resolver systemd-resolved is aware of
          multi-homed system, and keeps DNS server and caches separate
          and per-interface. Queries are sent simultaneously on all
          interfaces that have DNS servers configured, in order to
          properly handle VPNs and local LANs which might resolve
          separate sets of domain names. systemd-resolved may acquire
          DNS server information from systemd-networkd automatically,
          which in turn might have discovered them via DHCP. A tool
          "systemd-resolve-host" has been added that may be used to
          query the DNS logic in resolved. systemd-resolved implements
          IDNA and automatically uses IDNA or UTF-8 encoding depending
          on whether classic DNS or LLMNR is used as transport. In the
          next releases we intend to add a DNSSEC and mDNS/DNS-SD
          implementation to systemd-resolved.

        * A new NSS module nss-mymachines has been added, that
          automatically resolves the names of all local registered
          containers to their respective IP addresses.

        * A new client tool "networkctl" for systemd-networkd has been
          added. It currently is entirely passive and will query
          networking configuration from udev, rtnetlink and networkd,
          and present it to the user in a very friendly
          way. Eventually, we hope to extend it to become a full
          control utility for networkd.

        * .socket units gained a new DeferAcceptSec= setting that
          controls the kernels' TCP_DEFER_ACCEPT sockopt for
          TCP. Similarly, support for controlling TCP keep-alive
          settings has been added (KeepAliveTimeSec=,
          KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
          turning off Nagle's algorithm on TCP has been added
          (NoDelay=).

        * logind learned a new session type "web", for use in projects
          like Cockpit which register web clients as PAM sessions.

        * timer units with at least one OnCalendar= setting will now
          be started only after time-sync.target has been
          reached. This way they will not elapse before the system
          clock has been corrected by a local NTP client or
          similar. This is particular useful on RTC-less embedded
          machines, that come up with an invalid system clock.

        * systemd-nspawn's --network-veth= switch should now result in
          stable MAC addresses for both the outer and the inner side
          of the link.

        * systemd-nspawn gained a new --volatile= switch for running
          container instances with /etc or /var unpopulated.

        * The kdbus client code has been updated to use the new Linux
          3.17 memfd subsystem instead of the old kdbus-specific one.

        * systemd-networkd's DHCP client and server now support
          FORCERENEW. There are also new configuration options to
          configure the vendor client identifier and broadcast mode
          for DHCP.

        * systemd will no longer inform the kernel about the current
          timezone, as this is necessarily incorrect and racy as the
          kernel has no understanding of DST and similar
          concepts. This hence means FAT timestamps will be always
          considered UTC, similar to what Android is already
          doing. Also, when the RTC is configured to the local time
          (rather than UTC) systemd will never synchronize back to it,
          as this might confuse Windows at a later boot.

        * systemd-analyze gained a new command "verify" for offline
          validation of unit files.

        * systemd-networkd gained support for a couple of additional
          settings for bonding networking setups. Also, the metric for
          statically configured routes may now be configured. For
          network interfaces where this is appropriate the peer IP
          address may now be configured.

        * systemd-networkd's DHCP client will no longer request
          broadcasting by default, as this tripped up some networks.
          For hardware where broadcast is required the feature should
          be switched back on using RequestBroadcast=yes.

        * systemd-networkd will now set up IPv4LL addresses (when
          enabled) even if DHCP is configured successfully.

        * udev will now default to respect network device names given
          by the kernel when the kernel indicates that these are
          predictable. This behavior can be tweaked by changing
          NamePolicy= in the relevant .link file.

        * A new library systemd-terminal has been added that
          implements full TTY stream parsing and rendering. This
          library is supposed to be used later on for implementing a
          full userspace VT subsystem, replacing the current kernel
          implementation.

        * A new tool systemd-journal-upload has been added to push
          journal data to a remote system running
          systemd-journal-remote.

        * journald will no longer forward all local data to another
          running syslog daemon. This change has been made because
          rsyslog (which appears to be the most commonly used syslog
          implementation these days) no longer makes use of this, and
          instead pulls the data out of the journal on its own. Since
          forwarding the messages to a non-existent syslog server is
          more expensive than we assumed we have now turned this
          off. If you run a syslog server that is not a recent rsyslog
          version, you have to turn this option on again
          (ForwardToSyslog= in journald.conf).

        * journald now optionally supports the LZ4 compressor for
          larger journal fields. This compressor should perform much
          better than XZ which was the previous default.

        * machinectl now shows the IP addresses of local containers,
          if it knows them, plus the interface name of the container.

        * A new tool "systemd-escape" has been added that makes it
          easy to escape strings to build unit names and similar.

        * sd_notify() messages may now include a new ERRNO= field
          which is parsed and collected by systemd and shown among the
          "systemctl status" output for a service.

        * A new component "systemd-firstboot" has been added that
          queries the most basic systemd information (timezone,
          hostname, root password) interactively on first
          boot. Alternatively it may also be used to provision these
          things offline on OS images installed into directories.

        * The default sysctl.d/ snippets will now set

                net.ipv4.conf.default.promote_secondaries=1

          This has the benefit of no flushing secondary IP addresses
          when primary addresses are removed.

        Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
        Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
        Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
        Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
        Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
        B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
        Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
        Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
        Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
        Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
        Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
        Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
        Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
        Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
        Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-08-19

CHANGES WITH 215:

        * A new tool systemd-sysusers has been added. This tool
          creates system users and groups in /etc/passwd and
          /etc/group, based on static declarative system user/group
          definitions in /usr/lib/sysusers.d/. This is useful to
          enable factory resets and volatile systems that boot up with
          an empty /etc directory, and thus need system users and
          groups created during early boot. systemd now also ships
          with two default sysusers.d/ files for the most basic
          users and groups systemd and the core operating system
          require.

        * A new tmpfiles snippet has been added that rebuilds the
          essential files in /etc on boot, should they be missing.

        * A directive for ensuring automatic clean-up of
          /var/cache/man/ has been removed from the default
          configuration. This line should now be shipped by the man
          implementation. The necessary change has been made to the
          man-db implementation. Note that you need to update your man
          implementation to one that ships this line, otherwise no
          automatic clean-up of /var/cache/man will take place.

        * A new condition ConditionNeedsUpdate= has been added that
          may conditionalize services to only run when /etc or /var
          are "older" than the vendor operating system resources in
          /usr. This is useful for reconstructing or updating /etc
          after an offline update of /usr or a factory reset, on the
          next reboot. Services that want to run once after such an
          update or reset should use this condition and order
          themselves before the new systemd-update-done.service, which
          will mark the two directories as fully updated. A number of
          service files have been added making use of this, to rebuild
          the udev hardware database, the journald message catalog and
          dynamic loader cache (ldconfig). The systemd-sysusers tool
          described above also makes use of this now. With this in
          place it is now possible to start up a minimal operating
          system with /etc empty cleanly. For more information on the
          concepts involved see this recent blog story:

          https://0pointer.de/blog/projects/stateless.html

        * A new system group "input" has been introduced, and all
          input device nodes get this group assigned. This is useful
          for system-level software to get access to input devices. It
          complements what is already done for "audio" and "video".

        * systemd-networkd learnt minimal DHCPv4 server support in
          addition to the existing DHCPv4 client support. It also
          learnt DHCPv6 client and IPv6 Router Solicitation client
          support. The DHCPv4 client gained support for static routes
          passed in from the server. Note that the [DHCPv4] section
          known in older systemd-networkd versions has been renamed to
          [DHCP] and is now also used by the DHCPv6 client. Existing
          .network files using settings of this section should be
          updated, though compatibility is maintained. Optionally, the
          client hostname may now be sent to the DHCP server.

        * networkd gained support for vxlan virtual networks as well
          as tun/tap and dummy devices.

        * networkd gained support for automatic allocation of address
          ranges for interfaces from a system-wide pool of
          addresses. This is useful for dynamically managing a large
          number of interfaces with a single network configuration
          file. In particular this is useful to easily assign
          appropriate IP addresses to the veth links of a large number
          of nspawn instances.

        * RPM macros for processing sysusers, sysctl and binfmt
          drop-in snippets at package installation time have been
          added.

        * The /etc/os-release file should now be placed in
          /usr/lib/os-release. The old location is automatically
          created as symlink. /usr/lib is the more appropriate
          location of this file, since it shall actually describe the
          vendor operating system shipped in /usr, and not the
          configuration stored in /etc.

        * .mount units gained a new boolean SloppyOptions= setting
          that maps to mount(8)'s -s option which enables permissive
          parsing of unknown mount options.

        * tmpfiles learnt a new "L+" directive which creates a symlink
          but (unlike "L") deletes a pre-existing file first, should
          it already exist and not already be the correct
          symlink. Similarly, "b+", "c+" and "p+" directives have been
          added as well, which create block and character devices, as
          well as fifos in the filesystem, possibly removing any
          pre-existing files of different types.

        * For tmpfiles' "L", "L+", "C" and "C+" directives the final
          'argument' field (which so far specified the source to
          symlink/copy the files from) is now optional. If omitted the
          same file os copied from /usr/share/factory/ suffixed by the
          full destination path. This is useful for populating /etc
          with essential files, by copying them from vendor defaults
          shipped in /usr/share/factory/etc.

        * A new command "systemctl preset-all" has been added that
          applies the service preset settings to all installed unit
          files. A new switch --preset-mode= has been added that
          controls whether only enable or only disable operations
          shall be executed.

        * A new command "systemctl is-system-running" has been added
          that allows checking the overall state of the system, for
          example whether it is fully up and running.

        * When the system boots up with an empty /etc, the equivalent
          to "systemctl preset-all" is executed during early boot, to
          make sure all default services are enabled after a factory
          reset.

        * systemd now contains a minimal preset file that enables the
          most basic services systemd ships by default.

        * Unit files' [Install] section gained a new DefaultInstance=
          field for defining the default instance to create if a
          template unit is enabled with no instance specified.

        * A new passive target cryptsetup-pre.target has been added
          that may be used by services that need to make they run and
          finish before the first LUKS cryptographic device is set up.

        * The /dev/loop-control and /dev/btrfs-control device nodes
          are now owned by the "disk" group by default, opening up
          access to this group.

        * systemd-coredump will now automatically generate a
          stack trace of all core dumps taking place on the system,
          based on elfutils' libdw library. This stack trace is logged
          to the journal.

        * systemd-coredump may now optionally store coredumps directly
          on disk (in /var/lib/systemd/coredump, possibly compressed),
          instead of storing them unconditionally in the journal. This
          mode is the new default. A new configuration file
          /etc/systemd/coredump.conf has been added to configure this
          and other parameters of systemd-coredump.

        * coredumpctl gained a new "info" verb to show details about a
          specific coredump. A new switch "-1" has also been added
          that makes sure to only show information about the most
          recent entry instead of all entries. Also, as the tool is
          generally useful now the "systemd-" prefix of the binary
          name has been removed. Distributions that want to maintain
          compatibility with the old name should add a symlink from
          the old name to the new name.

        * journald's SplitMode= now defaults to "uid". This makes sure
          that unprivileged users can access their own coredumps with
          coredumpctl without restrictions.

        * New kernel command line options "systemd.wants=" (for
          pulling an additional unit during boot), "systemd.mask="
          (for masking a specific unit for the boot), and
          "systemd.debug-shell" (for enabling the debug shell on tty9)
          have been added. This is implemented in the new generator
          "systemd-debug-generator".

        * systemd-nspawn will now by default filter a couple of
          syscalls for containers, among them those required for
          kernel module loading, direct x86 IO port access, swap
          management, and kexec. Most importantly though
          open_by_handle_at() is now prohibited for containers,
          closing a hole similar to a recently discussed vulnerability
          in docker regarding access to files on file hierarchies the
          container should normally not have access to. Note that, for
          nspawn, we generally make no security claims anyway (and
          this is explicitly documented in the man page), so this is
          just a fix for one of the most obvious problems.

        * A new man page file-hierarchy(7) has been added that
          contains a minimized, modernized version of the file system
          layout systemd expects, similar in style to the FHS
          specification or hier(5). A new tool systemd-path(1) has
          been added to query many of these paths for the local
          machine and user.

        * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
          longer done. Since the directory now has a per-user size
          limit, and is cleaned on logout this appears unnecessary,
          in particular since this now brings the lifecycle of this
          directory closer in line with how IPC objects are handled.

        * systemd.pc now exports a number of additional directories,
          including $libdir (which is useful to identify the library
          path for the primary architecture of the system), and a
          couple of drop-in directories.

        * udev's predictable network interface names now use the dev_port
          sysfs attribute, introduced in linux 3.15 instead of dev_id to
          distinguish between ports of the same PCI function. dev_id should
          only be used for ports using the same HW address, hence the need
          for dev_port.

        * machined has been updated to export the OS version of a
          container (read from /etc/os-release and
          /usr/lib/os-release) on the bus. This is now shown in
          "machinectl status" for a machine.

        * A new service setting RestartForceExitStatus= has been
          added. If configured to a set of exit signals or process
          return values, the service will be restarted when the main
          daemon process exits with any of them, regardless of the
          Restart= setting.

        * systemctl's -H switch for connecting to remote systemd
          machines has been extended so that it may be used to
          directly connect to a specific container on the
          host. "systemctl -H root@foobar:waldi" will now connect as
          user "root" to host "foobar", and then proceed directly to
          the container named "waldi". Note that currently you have to
          authenticate as user "root" for this to work, as entering
          containers is a privileged operation.

        Contributions from: Andreas Henriksson, Benjamin Steinwender,
        Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
        Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
        Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
        Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
        Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
        Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
        Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
        Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
        Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
        Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
        Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-07-03

CHANGES WITH 214:

        * As an experimental feature, udev now tries to lock the
          disk device node (flock(LOCK_SH|LOCK_NB)) while it
          executes events for the disk or any of its partitions.
          Applications like partitioning programs can lock the
          disk device node (flock(LOCK_EX)) and claim temporary
          device ownership that way; udev will entirely skip all event
          handling for this disk and its partitions. If the disk
          was opened for writing, the close will trigger a partition
          table rescan in udev's "watch" facility, and if needed
          synthesize "change" events for the disk and all its partitions.
          This is now unconditionally enabled, and if it turns out to
          cause major problems, we might turn it on only for specific
          devices, or might need to disable it entirely. Device Mapper
          devices are excluded from this logic.

        * We temporarily dropped the "-l" switch for fsck invocations,
          since they collide with the flock() logic above. util-linux
          upstream has been changed already to avoid this conflict,
          and we will re-add "-l" as soon as util-linux with this
          change has been released.

        * The dependency on libattr has been removed. Since a long
          time, the extended attribute calls have moved to glibc, and
          libattr is thus unnecessary.

        * Virtualization detection works without privileges now. This
          means the systemd-detect-virt binary no longer requires
          CAP_SYS_PTRACE file capabilities, and our daemons can run
          with fewer privileges.

        * systemd-networkd now runs under its own "systemd-network"
          user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
          CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
          loses the ability to write to files owned by root this way.

        * Similarly, systemd-resolved now runs under its own
          "systemd-resolve" user with no capabilities remaining.

        * Similarly, systemd-bus-proxyd now runs under its own
          "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.

        * systemd-networkd gained support for setting up "veth"
          virtual Ethernet devices for container connectivity, as well
          as GRE and VTI tunnels.

        * systemd-networkd will no longer automatically attempt to
          manually load kernel modules necessary for certain tunnel
          transports. Instead, it is assumed the kernel loads them
          automatically when required. This only works correctly on
          very new kernels. On older kernels, please consider adding
          the kernel modules to /etc/modules-load.d/ as a work-around.

        * The resolv.conf file systemd-resolved generates has been
          moved to /run/systemd/resolve/. If you have a symlink from
          /etc/resolv.conf, it might be necessary to correct it.

        * Two new service settings, ProtectHome= and ProtectSystem=,
          have been added. When enabled, they will make the user data
          (such as /home) inaccessible or read-only and the system
          (such as /usr) read-only, for specific services. This allows
          very light-weight per-service sandboxing to avoid
          modifications of user data or system files from
          services. These two new switches have been enabled for all
          of systemd's long-running services, where appropriate.

        * Socket units gained new SocketUser= and SocketGroup=
          settings to set the owner user and group of AF_UNIX sockets
          and FIFOs in the file system.

        * Socket units gained a new RemoveOnStop= setting. If enabled,
          all FIFOS and sockets in the file system will be removed
          when the specific socket unit is stopped.

        * Socket units gained a new Symlinks= setting. It takes a list
          of symlinks to create to file system sockets or FIFOs
          created by the specific Unix sockets. This is useful to
          manage symlinks to socket nodes with the same lifecycle as
          the socket itself.

        * The /dev/log socket and /dev/initctl FIFO have been moved to
          /run, and have been replaced by symlinks. This allows
          connecting to these facilities even if PrivateDevices=yes is
          used for a service (which makes /dev/log itself unavailable,
          but /run is left). This also has the benefit of ensuring
          that /dev only contains device nodes, directories and
          symlinks, and nothing else.

        * sd-daemon gained two new calls sd_pid_notify() and
          sd_pid_notifyf(). They are similar to sd_notify() and
          sd_notifyf(), but allow overriding of the source PID of
          notification messages if permissions permit this. This is
          useful to send notify messages on behalf of a different
          process (for example, the parent process). The
          systemd-notify tool has been updated to make use of this
          when sending messages (so that notification messages now
          originate from the shell script invoking systemd-notify and
          not the systemd-notify process itself. This should minimize
          a race where systemd fails to associate notification
          messages to services when the originating process already
          vanished.

        * A new "on-abnormal" setting for Restart= has been added. If
          set, it will result in automatic restarts on all "abnormal"
          reasons for a process to exit, which includes unclean
          signals, core dumps, timeouts and watchdog timeouts, but
          does not include clean and unclean exit codes or clean
          signals. Restart=on-abnormal is an alternative for
          Restart=on-failure for services that shall be able to
          terminate and avoid restarts on certain errors, by
          indicating so with an unclean exit code. Restart=on-failure
          or Restart=on-abnormal is now the recommended setting for
          all long-running services.

        * If the InaccessibleDirectories= service setting points to a
          mount point (or if there are any submounts contained within
          it), it is now attempted to completely unmount it, to make
          the file systems truly unavailable for the respective
          service.

        * The ReadOnlyDirectories= service setting and
          systemd-nspawn's --read-only parameter are now recursively
          applied to all submounts, too.

        * Mount units may now be created transiently via the bus APIs.

        * The support for SysV and LSB init scripts has been removed
          from the systemd daemon itself. Instead, it is now
          implemented as a generator that creates native systemd units
          from these scripts when needed. This enables us to remove a
          substantial amount of legacy code from PID 1, following the
          fact that many distributions only ship a very small number
          of LSB/SysV init scripts nowadays.

        * Privileged Xen (dom0) domains are not considered
          virtualization anymore by the virtualization detection
          logic. After all, they generally have unrestricted access to
          the hardware and usually are used to manage the unprivileged
          (domU) domains.

        * systemd-tmpfiles gained a new "C" line type, for copying
          files or entire directories.

        * systemd-tmpfiles "m" lines are now fully equivalent to "z"
          lines. So far, they have been non-globbing versions of the
          latter, and have thus been redundant. In future, it is
          recommended to only use "z". "m" has hence been removed
          from the documentation, even though it stays supported.

        * A tmpfiles snippet to recreate the most basic structure in
          /var has been added. This is enough to create the /var/run →
          /run symlink and create a couple of structural
          directories. This allows systems to boot up with an empty or
          volatile /var. Of course, while with this change, the core OS
          now is capable with dealing with a volatile /var, not all
          user services are ready for it. However, we hope that sooner
          or later, many service daemons will be changed upstream so
          that they are able to automatically create their necessary
          directories in /var at boot, should they be missing. This is
          the first step to allow state-less systems that only require
          the vendor image for /usr to boot.

        * systemd-nspawn has gained a new --tmpfs= switch to mount an
          empty tmpfs instance to a specific directory. This is
          particularly useful for making use of the automatic
          reconstruction of /var (see above), by passing --tmpfs=/var.

        * Access modes specified in tmpfiles snippets may now be
          prefixed with "~", which indicates that they shall be masked
          by whether the existing file or directory is currently
          writable, readable or executable at all. Also, if specified,
          the sgid/suid/sticky bits will be masked for all
          non-directories.

        * A new passive target unit "network-pre.target" has been
          added which is useful for services that shall run before any
          network is configured, for example firewall scripts.

        * The "floppy" group that previously owned the /dev/fd*
          devices is no longer used. The "disk" group is now used
          instead. Distributions should probably deprecate usage of
          this group.

        Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
        King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
        Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
        Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
        Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
        Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
        Jędrzejewski-Szmek

        — Berlin, 2014-06-11

CHANGES WITH 213:

        * A new "systemd-timesyncd" daemon has been added for
          synchronizing the system clock across the network. It
          implements an SNTP client. In contrast to NTP
          implementations such as chrony or the NTP reference server,
          this only implements a client side, and does not bother with
          the full NTP complexity, focusing only on querying time from
          one remote server and synchronizing the local clock to
          it. Unless you intend to serve NTP to networked clients or
          want to connect to local hardware clocks, this simple NTP
          client should be more than appropriate for most
          installations. The daemon runs with minimal privileges, and
          has been hooked up with networkd to only operate when
          network connectivity is available. The daemon saves the
          current clock to disk every time a new NTP sync has been
          acquired, and uses this to possibly correct the system clock
          early at bootup, in order to accommodate for systems that
          lack an RTC such as the Raspberry Pi and embedded devices,
          and to make sure that time monotonically progresses on these
          systems, even if it is not always correct. To make use of
          this daemon, a new system user and group "systemd-timesync"
          needs to be created on installation of systemd.

        * The queue "seqnum" interface of libudev has been disabled, as
          it was generally incompatible with device namespacing as
          sequence numbers of devices go "missing" if the devices are
          part of a different namespace.

        * "systemctl list-timers" and "systemctl list-sockets" gained
          a --recursive switch for showing units of these types also
          for all local containers, similar in style to the already
          supported --recursive switch for "systemctl list-units".

        * A new RebootArgument= setting has been added for service
          units, which may be used to specify a kernel reboot argument
          to use when triggering reboots with StartLimitAction=.

        * A new FailureAction= setting has been added for service
          units which may be used to specify an operation to trigger
          when a service fails. This works similarly to
          StartLimitAction=, but unlike it, controls what is done
          immediately rather than only after several attempts to
          restart the service in question.

        * hostnamed got updated to also expose the kernel name,
          release, and version on the bus. This is useful for
          executing commands like hostnamectl with the -H switch.
          systemd-analyze makes use of this to properly display
          details when running non-locally.

        * The bootchart tool can now show cgroup information in the
          graphs it generates.

        * The CFS CPU quota cgroup attribute is now exposed for
          services. The new CPUQuota= switch has been added for this
          which takes a percentage value. Setting this will have the
          result that a service may never get more CPU time than the
          specified percentage, even if the machine is otherwise idle.

        * systemd-networkd learned IPIP and SIT tunnel support.

        * LSB init scripts exposing a dependency on $network will now
          get a dependency on network-online.target rather than simply
          network.target. This should bring LSB handling closer to
          what it was on SysV systems.

        * A new fsck.repair= kernel option has been added to control
          how fsck shall deal with unclean file systems at boot.

        * The (.ini) configuration file parser will now silently ignore
          sections whose names begin with "X-". This may be used to maintain
          application-specific extension sections in unit files.

        * machined gained a new API to query the IP addresses of
          registered containers. "machinectl status" has been updated
          to show these addresses in its output.

        * A new call sd_uid_get_display() has been added to the
          sd-login APIs for querying the "primary" session of a
          user. The "primary" session of the user is elected from the
          user's sessions and generally a graphical session is
          preferred over a text one.

        * A minimal systemd-resolved daemon has been added. It
          currently simply acts as a companion to systemd-networkd and
          manages resolv.conf based on per-interface DNS
          configuration, possibly supplied via DHCP. In the long run
          we hope to extend this into a local DNSSEC enabled DNS and
          mDNS cache.

        * The systemd-networkd-wait-online tool is now enabled by
          default. It will delay network-online.target until a network
          connection has been configured. The tool primarily integrates
          with networkd, but will also make a best effort to make sense
          of network configuration performed in some other way.

        * Two new service options StartupCPUShares= and
          StartupBlockIOWeight= have been added that work similarly to
          CPUShares= and BlockIOWeight= however only apply during
          system startup. This is useful to prioritize certain services
          differently during bootup than during normal runtime.

        * hostnamed has been changed to prefer the statically
          configured hostname in /etc/hostname (unless set to
          'localhost' or empty) over any dynamic one supplied by
          dhcp. With this change, the rules for picking the hostname
          match more closely the rules of other configuration settings
          where the local administrator's configuration in /etc always
          overrides any other settings.

        Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van
        den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
        Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
        David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
        Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
        Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
        Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
        Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
        Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
        Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
        Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
        Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
        Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
        Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
        Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
        Lindskog, WaLyong Cho, Will Woods, Zbigniew
        Jędrzejewski-Szmek

        — Beijing, 2014-05-28

CHANGES WITH 212:

        * When restoring the screen brightness at boot, stay away from
          the darkest setting or from the lowest 5% of the available
          range, depending on which is the larger value of both. This
          should effectively protect the user from rebooting into a
          black screen, should the brightness have been set to minimum
          by accident.

        * sd-login gained a new sd_machine_get_class() call to
          determine the class ("vm" or "container") of a machine
          registered with machined.

        * sd-login gained new calls
          sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
          to query the identity of the peer of a local AF_UNIX
          connection. They operate similarly to their sd_pid_get_xyz()
          counterparts.

        * PID 1 will now maintain a system-wide system state engine
          with the states "starting", "running", "degraded",
          "maintenance", "stopping". These states are bound to system
          startup, normal runtime, runtime with at least one failed
          service, rescue/emergency mode and system shutdown. This
          state is shown in the "systemctl status" output when no unit
          name is passed. It is useful to determine system state, in
          particularly when doing so for many systems or containers at
          once.

        * A new command "list-machines" has been added to "systemctl"
          that lists all local OS containers and shows their system
          state (see above), if systemd runs inside of them.

        * systemctl gained a new "-r" switch to recursively enumerate
          units on all local containers, when used with the
          "list-unit" command (which is the default one that is
          executed when no parameters are specified).

        * The GPT automatic partition discovery logic will now honour
          two GPT partition flags: one may be set on a partition to
          cause it to be mounted read-only, and the other may be set
          on a partition to ignore it during automatic discovery.

        * Two new GPT type UUIDs have been added for automatic root
          partition discovery, for 32-bit and 64-bit ARM. This is not
          particularly useful for discovering the root directory on
          these architectures during bare-metal boots (since UEFI is
          not common there), but still very useful to allow booting of
          ARM disk images in nspawn with the -i option.

        * MAC addresses of interfaces created with nspawn's
          --network-interface= switch will now be generated from the
          machine name, and thus be stable between multiple invocations
          of the container.

        * logind will now automatically remove all IPC objects owned
          by a user if she or he fully logs out. This makes sure that
          users who are logged out cannot continue to consume IPC
          resources. This covers SysV memory, semaphores and message
          queues as well as POSIX shared memory and message
          queues. Traditionally, SysV and POSIX IPC had no lifecycle
          limits. With this functionality, that is corrected. This may
          be turned off by using the RemoveIPC= switch of logind.conf.

        * The systemd-machine-id-setup and tmpfiles tools gained a
          --root= switch to operate on a specific root directory,
          instead of /.

        * journald can now forward logged messages to the TTYs of all
          logged in users ("wall"). This is the default for all
          emergency messages now.

        * A new tool systemd-journal-remote has been added to stream
          journal log messages across the network.

        * /sys/fs/cgroup/ is now mounted read-only after all cgroup
          controller trees are mounted into it. Note that the
          directories mounted beneath it are not read-only. This is a
          security measure and is particularly useful because glibc
          actually includes a search logic to pick any tmpfs it can
          find to implement shm_open() if /dev/shm is not available
          (which it might very well be in namespaced setups).

        * machinectl gained a new "poweroff" command to cleanly power
          down a local OS container.

        * The PrivateDevices= unit file setting will now also drop the
          CAP_MKNOD capability from the capability bound set, and
          imply DevicePolicy=closed.

        * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
          comprehensively on all long-running systemd services where
          this is appropriate.

        * systemd-udevd will now run in a disassociated mount
          namespace. To mount directories from udev rules, make sure to
          pull in mount units via SYSTEMD_WANTS properties.

        * The kdbus support gained support for uploading policy into
          the kernel. sd-bus gained support for creating "monitoring"
          connections that can eavesdrop into all bus communication
          for debugging purposes.

        * Timestamps may now be specified in seconds since the UNIX
          epoch Jan 1st, 1970 by specifying "@" followed by the value
          in seconds.

        * Native tcpwrap support in systemd has been removed. tcpwrap
          is old code, not really maintained anymore and has serious
          shortcomings, and better options such as firewalls
          exist. For setups that require tcpwrap usage, please
          consider invoking your socket-activated service via tcpd,
          like on traditional inetd.

        * A new system.conf configuration option
          DefaultTimerAccuracySec= has been added that controls the
          default AccuracySec= setting of .timer units.

        * Timer units gained a new WakeSystem= switch. If enabled,
          timers configured this way will cause the system to resume
          from system suspend (if the system supports that, which most
          do these days).

        * Timer units gained a new Persistent= switch. If enabled,
          timers configured this way will save to disk when they have
          been last triggered. This information is then used on next
          reboot to possible execute overdue timer events, that
          could not take place because the system was powered off.
          This enables simple anacron-like behaviour for timer units.

        * systemctl's "list-timers" will now also list the time a
          timer unit was last triggered in addition to the next time
          it will be triggered.

        * systemd-networkd will now assign predictable IPv4LL
          addresses to its local interfaces.

        Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
        Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
        Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
        Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
        Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
        Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
        Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
        Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
        Jędrzejewski-Szmek

        — Berlin, 2014-03-25

CHANGES WITH 211:

        * A new unit file setting RestrictAddressFamilies= has been
          added to restrict which socket address families unit
          processes gain access to. This takes address family names
          like "AF_INET" or "AF_UNIX", and is useful to minimize the
          attack surface of services via exotic protocol stacks. This
          is built on seccomp system call filters.

        * Two new unit file settings RuntimeDirectory= and
          RuntimeDirectoryMode= have been added that may be used to
          manage a per-daemon runtime directories below /run. This is
          an alternative for setting up directory permissions with
          tmpfiles snippets, and has the advantage that the runtime
          directory's lifetime is bound to the daemon runtime and that
          the daemon starts up with an empty directory each time. This
          is particularly useful when writing services that drop
          privileges using the User= or Group= setting.

        * The DeviceAllow= unit setting now supports globbing for
          matching against device group names.

        * The systemd configuration file system.conf gained new
          settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
          DefaultMemoryAccounting= to globally turn on/off accounting
          for specific resources (cgroups) for all units. These
          settings may still be overridden individually in each unit
          though.

        * systemd-gpt-auto-generator is now able to discover /srv and
          root partitions in addition to /home and swap partitions. It
          also supports LUKS-encrypted partitions now. With this in
          place, automatic discovery of partitions to mount following
          the Discoverable Partitions Specification
          (https://systemd.io/DISCOVERABLE_PARTITIONS/)
          is now a lot more complete. This allows booting without
          /etc/fstab and without root= on the kernel command line on
          systems prepared appropriately.

        * systemd-nspawn gained a new --image= switch which allows
          booting up disk images and Linux installations on any block
          device that follow the Discoverable Partitions Specification
          (see above). This means that installations made with
          appropriately updated installers may now be started and
          deployed using container managers, completely
          unmodified. (We hope that libvirt-lxc will add support for
          this feature soon, too.)

        * systemd-nspawn gained a new --network-macvlan= setting to
          set up a private macvlan interface for the
          container. Similarly, systemd-networkd gained a new
          Kind=macvlan setting in .netdev files.

        * systemd-networkd now supports configuring local addresses
          using IPv4LL.

        * A new tool systemd-network-wait-online has been added to
          synchronously wait for network connectivity using
          systemd-networkd.

        * The sd-bus.h bus API gained a new sd_bus_track object for
          tracking the lifecycle of bus peers. Note that sd-bus.h is
          still not a public API though (unless you specify
          --enable-kdbus on the configure command line, which however
          voids your warranty and you get no API stability guarantee).

        * The $XDG_RUNTIME_DIR runtime directories for each user are
          now individual tmpfs instances, which has the benefit of
          introducing separate pools for each user, with individual
          size limits, and thus making sure that unprivileged clients
          can no longer negatively impact the system or other users by
          filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
          RuntimeDirectorySize= has been introduced that allows
          controlling the default size limit for all users. It
          defaults to 10% of the available physical memory. This is no
          replacement for quotas on tmpfs though (which the kernel
          still does not support), as /dev/shm and /tmp are still
          shared resources used by both the system and unprivileged
          users.

        * logind will now automatically turn off automatic suspending
          on laptop lid close when more than one display is
          connected. This was previously expected to be implemented
          individually in desktop environments (such as GNOME),
          however has been added to logind now, in order to fix a
          boot-time race where a desktop environment might not have
          been started yet and thus not been able to take an inhibitor
          lock at the time where logind already suspends the system
          due to a closed lid.

        * logind will now wait at least 30s after each system
          suspend/resume cycle, and 3min after system boot before
          suspending the system due to a closed laptop lid. This
          should give USB docking stations and similar enough time to
          be probed and configured after system resume and boot in
          order to then act as suspend blocker.

        * systemd-run gained a new --property= setting which allows
          initialization of resource control properties (and others)
          for the created scope or service unit. Example: "systemd-run
          --property=BlockIOWeight=10 updatedb" may be used to run
          updatedb at a low block IO scheduling weight.

        * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
          now also work in --scope mode.

        * When systemd is compiled with kdbus support, basic support
          for enforced policies is now in place. (Note that enabling
          kdbus still voids your warranty and no API compatibility
          promises are made.)

        Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
        K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
        Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
        Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
        Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
        Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
        Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
        Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
        Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
        Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-03-12

CHANGES WITH 210:

        * systemd will now relabel /dev after loading the SMACK policy
          according to SMACK rules.

        * A new unit file option AppArmorProfile= has been added to
          set the AppArmor profile for the processes of a unit.

        * A new condition check ConditionArchitecture= has been added
          to conditionalize units based on the system architecture, as
          reported by uname()'s "machine" field.

        * systemd-networkd now supports matching on the system
          virtualization, architecture, kernel command line, hostname
          and machine ID.

        * logind is now a lot more aggressive when suspending the
          machine due to a closed laptop lid. Instead of acting only
          on the lid close action, it will continuously watch the lid
          status and act on it. This is useful for laptops where the
          power button is on the outside of the chassis so that it can
          be reached without opening the lid (such as the Lenovo
          Yoga). On those machines, logind will now immediately
          re-suspend the machine if the power button has been
          accidentally pressed while the laptop was suspended and in a
          backpack or similar.

        * logind will now watch SW_DOCK switches and inhibit reaction
          to the lid switch if it is pressed. This means that logind
          will not suspend the machine anymore if the lid is closed
          and the system is docked, if the laptop supports SW_DOCK
          notifications via the input layer. Note that ACPI docking
          stations do not generate this currently. Also note that this
          logic is usually not fully sufficient and Desktop
          Environments should take a lid switch inhibitor lock when an
          external display is connected, as systemd will not watch
          this on its own.

        * nspawn will now make use of the devices cgroup controller by
          default, and only permit creation of and access to the usual
          API device nodes like /dev/null or /dev/random, as well as
          access to (but not creation of) the pty devices.

        * We will now ship a default .network file for
          systemd-networkd that automatically configures DHCP for
          network interfaces created by nspawn's --network-veth or
          --network-bridge= switches.

        * systemd will now understand the usual M, K, G, T suffixes
          according to SI conventions (i.e. to the base 1000) when
          referring to throughput and hardware metrics. It will stay
          with IEC conventions (i.e. to the base 1024) for software
          metrics, according to what is customary according to
          Wikipedia. We explicitly document which base applies for
          each configuration option.

        * The DeviceAllow= setting in unit files now supports a syntax to
          allow-list an entire group of devices node majors at once, based on
          the /proc/devices listing. For example, with the string "char-pts",
          it is now possible to allow-list all current and future pseudo-TTYs
          at once.

        * sd-event learned a new "post" event source. Event sources of
          this type are triggered by the dispatching of any event
          source of a type that is not "post". This is useful for
          implementing clean-up and check event sources that are
          triggered by other work being done in the program.

        * systemd-networkd is no longer statically enabled, but uses
          the usual [Install] sections so that it can be
          enabled/disabled using systemctl. It still is enabled by
          default however.

        * When creating a veth interface pair with systemd-nspawn, the
          host side will now be prefixed with "vb-" if
          --network-bridge= is used, and with "ve-" if --network-veth
          is used. This way, it is easy to distinguish these cases on
          the host, for example to apply different configuration to
          them with systemd-networkd.

        * The compatibility libraries for libsystemd-journal.so,
          libsystem-id128.so, libsystemd-login.so and
          libsystemd-daemon.so do not make use of IFUNC
          anymore. Instead, we now build libsystemd.so multiple times
          under these alternative names. This means that the footprint
          is drastically increased, but given that these are
          transitional compatibility libraries, this should not matter
          much. This change has been made necessary to support the ARM
          platform for these compatibility libraries, as the ARM
          toolchain is not really at the same level as the toolchain
          for other architectures like x86 and does not support
          IFUNC. Please make sure to use --enable-compat-libs only
          during a transitional period!

        * The .include syntax has been deprecated and is not documented
          anymore. Drop-in files in .d directories should be used instead.

        Contributions from: Andreas Fuchs, Armin K., Colin Walters,
        Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
        Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
        St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
        Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
        Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
        Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
        Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-02-24

CHANGES WITH 209:

        * A new component "systemd-networkd" has been added that can
          be used to configure local network interfaces statically or
          via DHCP. It is capable of bringing up bridges, VLANs, and
          bonding. Currently, no hook-ups for interactive network
          configuration are provided. Use this for your initrd,
          container, embedded, or server setup if you need a simple,
          yet powerful, network configuration solution. This
          configuration subsystem is quite nifty, as it allows wildcard
          hotplug matching in interfaces. For example, with a single
          configuration snippet, you can configure that all Ethernet
          interfaces showing up are automatically added to a bridge,
          or similar. It supports link-sensing and more.

        * A new tool "systemd-socket-proxyd" has been added which can
          act as a bidirectional proxy for TCP sockets. This is
          useful for adding socket activation support to services that
          do not actually support socket activation, including virtual
          machines and the like.

        * Add a new tool to save/restore rfkill state on
          shutdown/boot.

        * Save/restore state of keyboard backlights in addition to
          display backlights on shutdown/boot.

        * udev learned a new SECLABEL{} construct to label device
          nodes with a specific security label when they appear. For
          now, only SECLABEL{selinux} is supported, but the syntax is
          prepared for additional security frameworks.

        * udev gained a new scheme to configure link-level attributes
          from files in /etc/systemd/network/*.link. These files can
          match against MAC address, device path, driver name and type,
          and will apply attributes like the naming policy, link speed,
          MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
          address assignment policy (randomized, …).

        * The configuration of network interface naming rules for
          "permanent interface names" has changed: a new NamePolicy=
          setting in the [Link] section of .link files determines the
          priority of possible naming schemes (onboard, slot, MAC,
          path). The default value of this setting is determined by
          /usr/lib/net/links/99-default.link. Old
          80-net-name-slot.rules udev configuration file has been
          removed, so local configuration overriding this file should
          be adapted to override 99-default.link instead.

        * When the User= switch is used in a unit file, also
          initialize $SHELL= based on the user database entry.

        * systemd no longer depends on libdbus. All communication is
          now done with sd-bus, systemd's low-level bus library
          implementation.

        * kdbus support has been added to PID 1 itself. When kdbus is
          enabled, this causes PID 1 to set up the system bus and
          enable support for a new ".busname" unit type that
          encapsulates bus name activation on kdbus. It works a little
          bit like ".socket" units, except for bus names. A new
          generator has been added that converts classic dbus1 service
          activation files automatically into native systemd .busname
          and .service units.

        * sd-bus: add a light-weight vtable implementation that allows
          defining objects on the bus with a simple static const
          vtable array of its methods, signals and properties.

        * systemd will not generate or install static dbus
          introspection data anymore to /usr/share/dbus-1/interfaces,
          as the precise format of these files is unclear, and
          nothing makes use of it.

        * A proxy daemon is now provided to proxy clients connecting
          via classic D-Bus AF_UNIX sockets to kdbus, to provide full
          compatibility with classic D-Bus.

        * A bus driver implementation has been added that supports the
          classic D-Bus bus driver calls on kdbus, also for
          compatibility purposes.

        * A new API "sd-event.h" has been added that implements a
          minimal event loop API built around epoll. It provides a
          couple of features that direct epoll usage is lacking:
          prioritization of events, scales to large numbers of timer
          events, per-event timer slack (accuracy), system-wide
          coalescing of timer events, exit handlers, watchdog
          supervision support using systemd's sd_notify() API, child
          process handling.

        * A new API "sd-rntl.h" has been added that provides an API
          around the route netlink interface of the kernel, similar in
          style to "sd-bus.h".

        * A new API "sd-dhcp-client.h" has been added that provides a
          small DHCPv4 client-side implementation. This is used by
          "systemd-networkd".

        * There is a new kernel command line option
          "systemd.restore_state=0|1". When set to "0", none of the
          systemd tools will restore saved runtime state to hardware
          devices. More specifically, the rfkill and backlight states
          are not restored.

        * The FsckPassNo= compatibility option in mount/service units
          has been removed. The fstab generator will now add the
          necessary dependencies automatically, and does not require
          PID1's support for that anymore.

        * journalctl gained a new switch, --list-boots, that lists
          recent boots with their times and boot IDs.

        * The various tools like systemctl, loginctl, timedatectl,
          busctl, systemd-run, … have gained a new switch "-M" to
          connect to a specific, local OS container (as direct
          connection, without requiring SSH). This works on any
          container that is registered with machined, such as those
          created by libvirt-lxc or nspawn.

        * systemd-run and systemd-analyze also gained support for "-H"
          to connect to remote hosts via SSH. This is particularly
          useful for systemd-run because it enables queuing of jobs
          onto remote systems.

        * machinectl gained a new command "login" to open a getty
          login in any local container. This works with any container
          that is registered with machined (such as those created by
          libvirt-lxc or nspawn), and which runs systemd inside.

        * machinectl gained a new "reboot" command that may be used to
          trigger a reboot on a specific container that is registered
          with machined. This works on any container that runs an init
          system of some kind.

        * systemctl gained a new "list-timers" command to print a nice
          listing of installed timer units with the times they elapse
          next.

        * Alternative reboot() parameters may now be specified on the
          "systemctl reboot" command line and are passed to the
          reboot() system call.

        * systemctl gained a new --job-mode= switch to configure the
          mode to queue a job with. This is a more generic version of
          --fail, --irreversible, and --ignore-dependencies, which are
          still available but not advertised anymore.

        * /etc/systemd/system.conf gained new settings to configure
          various default timeouts of units, as well as the default
          start limit interval and burst. These may still be overridden
          within each Unit.

        * PID1 will now export on the bus profile data of the security
          policy upload process (such as the SELinux policy upload to
          the kernel).

        * journald: when forwarding logs to the console, include
          timestamps (following the setting in
          /sys/module/printk/parameters/time).

        * OnCalendar= in timer units now understands the special
          strings "yearly" and "annually". (Both are equivalent)

        * The accuracy of timer units is now configurable with the new
          AccuracySec= setting. It defaults to 1min.

        * A new dependency type JoinsNamespaceOf= has been added that
          allows running two services within the same /tmp and network
          namespace, if PrivateNetwork= or PrivateTmp= are used.

        * A new command "cat" has been added to systemctl. It outputs
          the original unit file of a unit, and concatenates the
          contents of additional "drop-in" unit file snippets, so that
          the full configuration is shown.

        * systemctl now supports globbing on the various "list-xyz"
          commands, like "list-units" or "list-sockets", as well as on
          those commands which take multiple unit names.

        * journalctl's --unit= switch gained support for globbing.

        * All systemd daemons now make use of the watchdog logic so
          that systemd automatically notices when they hang.

        * If the $container_ttys environment variable is set,
          getty-generator will automatically spawn a getty for each
          listed tty. This is useful for container managers to request
          login gettys to be spawned on as many ttys as needed.

        * %h, %s, %U specifier support is not available anymore when
          used in unit files for PID 1. This is because NSS calls are
          not safe from PID 1. They stay available for --user
          instances of systemd, and as special case for the root user.

        * loginctl gained a new "--no-legend" switch to turn off output
          of the legend text.

        * The "sd-login.h" API gained three new calls:
          sd_session_is_remote(), sd_session_get_remote_user(),
          sd_session_get_remote_host() to query information about
          remote sessions.

        * The udev hardware database now also carries vendor/product
          information of SDIO devices.

        * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
          determine whether watchdog notifications are requested by
          the system manager.

        * Socket-activated per-connection services now include a
          short description of the connection parameters in the
          description.

        * tmpfiles gained a new "--boot" option. When this is not used,
          only lines where the command character is not suffixed with
          "!" are executed. When this option is specified, those
          options are executed too. This partitions tmpfiles
          directives into those that can be safely executed at any
          time, and those which should be run only at boot (for
          example, a line that creates /run/nologin).

        * A new API "sd-resolve.h" has been added which provides a simple
          asynchronous wrapper around glibc NSS hostname resolution
          calls, such as getaddrinfo(). In contrast to glibc's
          getaddrinfo_a(), it does not use signals. In contrast to most
          other asynchronous name resolution libraries, this one does
          not reimplement DNS, but reuses NSS, so that alternate
          hostname resolution systems continue to work, such as mDNS,
          LDAP, etc. This API is based on libasyncns, but it has been
          cleaned up for inclusion in systemd.

        * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
          "sd-daemon.h" are no longer found in individual libraries
          libsystemd-journal.so, libsystemd-login.so,
          libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
          merged them into a single library, libsystemd.so, which
          provides all symbols. The reason for this is cyclic
          dependencies, as these libraries tend to use each other's
          symbols. So far, we have managed to workaround that by linking
          a copy of a good part of our code into each of these
          libraries again and again, which, however, makes certain
          things hard to do, like sharing static variables. Also, it
          substantially increases footprint. With this change, there
          is only one library for the basic APIs systemd
          provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
          "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
          library as well, however are subject to the --enable-kdbus
          switch (see below). Note that "sd-dhcp-client.h" is not part
          of this library (this is because it only consumes, never
          provides, services of/to other APIs). To make the transition
          easy from the separate libraries to the unified one, we
          provide the --enable-compat-libs compile-time switch which
          will generate stub libraries that are compatible with the
          old ones but redirect all calls to the new one.

        * All of the kdbus logic and the new APIs "sd-bus.h",
          "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
          and "sd-utf8.h" are compile-time optional via the
          "--enable-kdbus" switch, and they are not compiled in by
          default. To make use of kdbus, you have to explicitly enable
          the switch. Note however, that neither the kernel nor the
          userspace API for all of this is considered stable yet. We
          want to maintain the freedom to still change the APIs for
          now. By specifying this build-time switch, you acknowledge
          that you are aware of the instability of the current
          APIs.

        * Also, note that while kdbus is pretty much complete,
          it lacks one thing: proper policy support. This means you
          can build a fully working system with all features; however,
          it will be highly insecure. Policy support will be added in
          one of the next releases, at the same time that we will
          declare the APIs stable.

        * When the kernel command line argument "kdbus" is specified,
          systemd will automatically load the kdbus.ko kernel module. At
          this stage of development, it is only useful for testing kdbus
          and should not be used in production. Note: if "--enable-kdbus"
          is specified, and the kdbus.ko kernel module is available, and
          "kdbus" is added to the kernel command line, the entire system
          runs with kdbus instead of dbus-daemon, with the above mentioned
          problem of missing the system policy enforcement. Also a future
          version of kdbus.ko or a newer systemd will not be compatible with
          each other, and will unlikely be able to boot the machine if only
          one of them is updated.

        * systemctl gained a new "import-environment" command which
          uploads the caller's environment (or parts thereof) into the
          service manager so that it is inherited by services started
          by the manager. This is useful to upload variables like
          $DISPLAY into the user service manager.

        * A new PrivateDevices= switch has been added to service units
          which allows running a service with a namespaced /dev
          directory that does not contain any device nodes for
          physical devices. More specifically, it only includes devices
          such as /dev/null, /dev/urandom, and /dev/zero which are API
          entry points.

        * logind has been extended to support behaviour like VT
          switching on seats that do not support a VT. This makes
          multi-session available on seats that are not the first seat
          (seat0), and on systems where kernel support for VTs has
          been disabled at compile-time.

        * If a process holds a delay lock for system sleep or shutdown
          and fails to release it in time, we will now log its
          identity. This makes it easier to identify processes that
          cause slow suspends or power-offs.

        * When parsing /etc/crypttab, support for a new key-slot=
          option as supported by Debian is added. It allows indicating
          which LUKS slot to use on disk, speeding up key loading.

        * The sd_journal_sendv() API call has been checked and
          officially declared to be async-signal-safe so that it may
          be invoked from signal handlers for logging purposes.

        * Boot-time status output is now enabled automatically after a
          short timeout if boot does not progress, in order to give
          the user an indication what she or he is waiting for.

        * The boot-time output has been improved to show how much time
          remains until jobs expire.

        * The KillMode= switch in service units gained a new possible
          value "mixed". If set, and the unit is shut down, then the
          initial SIGTERM signal is sent only to the main daemon
          process, while the following SIGKILL signal is sent to
          all remaining processes of the service.

        * When a scope unit is registered, a new property "Controller"
          may be set. If set to a valid bus name, systemd will send a
          RequestStop() signal to this name when it would like to shut
          down the scope. This may be used to hook manager logic into
          the shutdown logic of scope units. Also, scope units may now
          be put in a special "abandoned" state, in which case the
          manager process which created them takes no further
          responsibilities for it.

        * When reading unit files, systemd will now verify
          the access mode of these files, and warn about certain
          suspicious combinations. This has been added to make it
          easier to track down packaging bugs where unit files are
          marked executable or world-writable.

        * systemd-nspawn gained a new "--setenv=" switch to set
          container-wide environment variables. The similar option in
          systemd-activate was renamed from "--environment=" to
          "--setenv=" for consistency.

        * systemd-nspawn has been updated to create a new kdbus domain
          for each container that is invoked, thus allowing each
          container to have its own set of system and user buses,
          independent of the host.

        * systemd-nspawn gained a new --drop-capability= switch to run
          the container with less capabilities than the default. Both
          --drop-capability= and --capability= now take the special
          string "all" for dropping or keeping all capabilities.

        * systemd-nspawn gained new switches for executing containers
          with specific SELinux labels set.

        * systemd-nspawn gained a new --quiet switch to not generate
          any additional output but the container's own console
          output.

        * systemd-nspawn gained a new --share-system switch to run a
          container without PID namespacing enabled.

        * systemd-nspawn gained a new --register= switch to control
          whether the container is registered with systemd-machined or
          not. This is useful for containers that do not run full
          OS images, but only specific apps.

        * systemd-nspawn gained a new --keep-unit which may be used
          when invoked as the only program from a service unit, and
          results in registration of the unit service itself in
          systemd-machined, instead of a newly opened scope unit.

        * systemd-nspawn gained a new --network-interface= switch for
          moving arbitrary interfaces to the container. The new
          --network-veth switch creates a virtual Ethernet connection
          between host and container. The new --network-bridge=
          switch then allows assigning the host side of this virtual
          Ethernet connection to a bridge device.

        * systemd-nspawn gained a new --personality= switch for
          setting the kernel personality for the container. This is
          useful when running a 32-bit container on a 64-bit host. A
          similar option Personality= is now also available for service
          units to use.

        * logind will now also track a "Desktop" identifier for each
          session which encodes the desktop environment of it. This is
          useful for desktop environments that want to identify
          multiple running sessions of itself easily.

        * A new SELinuxContext= setting for service units has been
          added that allows setting a specific SELinux execution
          context for a service.

        * Most systemd client tools will now honour $SYSTEMD_LESS for
          settings of the "less" pager. By default, these tools will
          override $LESS to allow certain operations to work, such as
          jump-to-the-end. With $SYSTEMD_LESS, it is possible to
          influence this logic.

        * systemd's "seccomp" hook-up has been changed to make use of
          the libseccomp library instead of using its own
          implementation. This has benefits for portability among
          other things.

        * For usage together with SystemCallFilter=, a new
          SystemCallErrorNumber= setting has been introduced that
          allows configuration of a system error number to be returned
          on filtered system calls, instead of immediately killing the
          process. Also, SystemCallArchitectures= has been added to
          limit access to system calls of a particular architecture
          (in order to turn off support for unused secondary
          architectures). There is also a global
          SystemCallArchitectures= setting in system.conf now to turn
          off support for non-native system calls system-wide.

        * systemd requires a kernel with a working name_to_handle_at(),
          please see the kernel config requirements in the README file.

        Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
        Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
        Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
        Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
        Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
        David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
        Elia Pinto, Florian Weimer, George McCollister, Goffredo
        Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
        Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
        Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
        Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
        Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
        Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
        Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
        Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
        Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
        Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
        Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
        Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
        Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
        Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
        Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
        Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
        Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2014-02-20

CHANGES WITH 208:

        * logind has gained support for facilitating privileged input
          and drm device access for unprivileged clients. This work is
          useful to allow Wayland display servers (and similar
          programs, such as kmscon) to run under the user's ID and
          access input and drm devices which are normally
          protected. When this is used (and the kernel is new enough)
          logind will "mute" IO on the file descriptors passed to
          Wayland as long as it is in the background and "unmute" it
          if it returns into the foreground. This allows secure
          session switching without allowing background sessions to
          eavesdrop on input and display data. This also introduces
          session switching support if VT support is turned off in the
          kernel, and on seats that are not seat0.

        * A new kernel command line option luks.options= is understood
          now which allows specifying LUKS options for usage for LUKS
          encrypted partitions specified with luks.uuid=.

        * tmpfiles.d(5) snippets may now use specifier expansion in
          path names. More specifically %m, %b, %H, %v, are now
          replaced by the local machine id, boot id, hostname, and
          kernel version number.

        * A new tmpfiles.d(5) command "m" has been introduced which
          may be used to change the owner/group/access mode of a file
          or directory if it exists, but do nothing if it does not.

        * This release removes high-level support for the
          MemorySoftLimit= cgroup setting. The underlying kernel
          cgroup attribute memory.soft_limit= is currently badly
          designed and likely to be removed from the kernel API in its
          current form, hence we should not expose it for now.

        * The memory.use_hierarchy cgroup attribute is now enabled for
          all cgroups systemd creates in the memory cgroup
          hierarchy. This option is likely to be come the built-in
          default in the kernel anyway, and the non-hierarchical mode
          never made much sense in the intrinsically hierarchical
          cgroup system.

        * A new field _SYSTEMD_SLICE= is logged along with all journal
          messages containing the slice a message was generated
          from. This is useful to allow easy per-customer filtering of
          logs among other things.

        * systemd-journald will no longer adjust the group of journal
          files it creates to the "systemd-journal" group. Instead we
          rely on the journal directory to be owned by the
          "systemd-journal" group, and its setgid bit set, so that the
          kernel file system layer will automatically enforce that
          journal files inherit this group assignment. The reason for
          this change is that we cannot allow NSS look-ups from
          journald which would be necessary to resolve
          "systemd-journal" to a numeric GID, because this might
          create deadlocks if NSS involves synchronous queries to
          other daemons (such as nscd, or sssd) which in turn are
          logging clients of journald and might block on it, which
          would then dead lock. A tmpfiles.d(5) snippet included in
          systemd will make sure the setgid bit and group are
          properly set on the journal directory if it exists on every
          boot. However, we recommend adjusting it manually after
          upgrades too (or from RPM scriptlets), so that the change is
          not delayed until next reboot.

        * Backlight and random seed files in /var/lib/ have moved into
          the /var/lib/systemd/ directory, in order to centralize all
          systemd generated files in one directory.

        * Boot time performance measurements (as displayed by
          "systemd-analyze" for example) will now read ACPI 5.0 FPDT
          performance information if that's available to determine how
          much time BIOS and boot loader initialization required. With
          a sufficiently new BIOS you hence no longer need to boot
          with Gummiboot to get access to such information.

        Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
        Cristian Rodríguez, Dave Reisner, David Herrmann, David
        Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
        feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
        Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
        Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2013-10-02

CHANGES WITH 207:

        * The Restart= option for services now understands a new
          on-watchdog setting, which will restart the service
          automatically if the service stops sending out watchdog keep
          alive messages (as configured with WatchdogSec=).

        * The getty generator (which is responsible for bringing up a
          getty on configured serial consoles) will no longer only
          start a getty on the primary kernel console but on all
          others, too. This makes the order in which console= is
          specified on the kernel command line less important.

        * libsystemd-logind gained a new sd_session_get_vt() call to
          retrieve the VT number of a session.

        * If the option "tries=0" is set for an entry of /etc/crypttab
          its passphrase is queried indefinitely instead of any
          maximum number of tries.

        * If a service with a configure PID file terminates its PID
          file will now be removed automatically if it still exists
          afterwards. This should put an end to stale PID files.

        * systemd-run will now also take relative binary path names
          for execution and no longer insists on absolute paths.

        * InaccessibleDirectories= and ReadOnlyDirectories= now take
          paths that are optionally prefixed with "-" to indicate that
          it should not be considered a failure if they do not exist.

        * journalctl -o (and similar commands) now understands a new
          output mode "short-precise", it is similar to "short" but
          shows timestamps with usec accuracy.

        * The option "discard" (as known from Debian) is now
          synonymous to "allow-discards" in /etc/crypttab. In fact,
          "discard" is preferred now (since it is easier to remember
          and type).

        * Some licensing clean-ups were made, so that more code is now
          LGPL-2.1 licensed than before.

        * A minimal tool to save/restore the display backlight
          brightness across reboots has been added. It will store the
          backlight setting as late as possible at shutdown, and
          restore it as early as possible during reboot.

        * A logic to automatically discover and enable home and swap
          partitions on GPT disks has been added. With this in place
          /etc/fstab becomes optional for many setups as systemd can
          discover certain partitions located on the root disk
          automatically. Home partitions are recognized under their
          GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
          partitions are recognized under their GPT type ID
          0657fd6da4ab43c484e50933c84b4f4f.

        * systemd will no longer pass any environment from the kernel
          or initrd to system services. If you want to set an
          environment for all services, do so via the kernel command
          line systemd.setenv= assignment.

        * The systemd-sysctl tool no longer natively reads the file
          /etc/sysctl.conf. If desired, the file should be symlinked
          from /etc/sysctl.d/99-sysctl.conf. Apart from providing
          legacy support by a symlink rather than built-in code, it
          also makes the otherwise hidden order of application of the
          different files visible. (Note that this partly reverts to a
          pre-198 application order of sysctl knobs!)

        * The "systemctl set-log-level" and "systemctl dump" commands
          have been moved to systemd-analyze.

        * systemd-run learned the new --remain-after-exit switch,
          which causes the scope unit not to be cleaned up
          automatically after the process terminated.

        * tmpfiles learned a new --exclude-prefix= switch to exclude
          certain paths from operation.

        * journald will now automatically flush all messages to disk
          as soon as a message at the log level CRIT, ALERT or EMERG
          is received.

        Contributions from: Andrew Cook, Brandon Philips, Christian
        Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
        Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
        McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
        Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
        Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
        Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
        Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
        Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
        Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
        Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
        Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
        William Giokas, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2013-09-13

CHANGES WITH 206:

        * The documentation has been updated to cover the various new
          concepts introduced with 205.

        * Unit files now understand the new %v specifier which
          resolves to the kernel version string as returned by "uname
          -r".

        * systemctl now supports filtering the unit list output by
          load state, active state and sub state, using the new
          --state= parameter.

        * "systemctl status" will now show the results of the
          condition checks (like ConditionPathExists= and similar) of
          the last start attempts of the unit. They are also logged to
          the journal.

        * "journalctl -b" may now be used to look for boot output of a
          specific boot. Try "journalctl -b -1" for the previous boot,
          but the syntax is substantially more powerful.

        * "journalctl --show-cursor" has been added which prints the
          cursor string the last shown log line. This may then be used
          with the new "journalctl --after-cursor=" switch to continue
          browsing logs from that point on.

        * "journalctl --force" may now be used to force regeneration
          of an FSS key.

        * Creation of "dead" device nodes has been moved from udev
          into kmod and tmpfiles. Previously, udev would read the kmod
          databases to pre-generate dead device nodes based on meta
          information contained in kernel modules, so that these would
          be auto-loaded on access rather then at boot. As this
          does not really have much to do with the exposing actual
          kernel devices to userspace this has always been slightly
          alien in the udev codebase. Following the new scheme kmod
          will now generate a runtime snippet for tmpfiles from the
          module meta information and it now is tmpfiles' job to the
          create the nodes. This also allows overriding access and
          other parameters for the nodes using the usual tmpfiles
          facilities. As side effect this allows us to remove the
          CAP_SYS_MKNOD capability bit from udevd entirely.

        * logind's device ACLs may now be applied to these "dead"
          devices nodes too, thus finally allowing managed access to
          devices such as /dev/snd/sequencer without loading the
          backing module right-away.

        * A new RPM macro has been added that may be used to apply
          tmpfiles configuration during package installation.

        * systemd-detect-virt and ConditionVirtualization= now can
          detect User-Mode-Linux machines (UML).

        * journald will now implicitly log the effective capabilities
          set of processes in the message metadata.

        * systemd-cryptsetup has gained support for TrueCrypt volumes.

        * The initrd interface has been simplified (more specifically,
          support for passing performance data via environment
          variables and fsck results via files in /run has been
          removed). These features were non-essential, and are
          nowadays available in a much nicer way by having systemd in
          the initrd serialize its state and have the hosts systemd
          deserialize it again.

        * The udev "keymap" data files and tools to apply keyboard
          specific mappings of scan to key codes, and force-release
          scan code lists have been entirely replaced by a udev
          "keyboard" builtin and a hwdb data file.

        * systemd will now honour the kernel's "quiet" command line
          argument also during late shutdown, resulting in a
          completely silent shutdown when used.

        * There's now an option to control the SO_REUSEPORT socket
          option in .socket units.

        * Instance units will now automatically get a per-template
          subslice of system.slice unless something else is explicitly
          configured. For example, instances of sshd@.service will now
          implicitly be placed in system-sshd.slice rather than
          system.slice as before.

        * Test coverage support may now be enabled at build time.

        Contributions from: Dave Reisner, Frederic Crozat, Harald
        Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
        Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
        Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
        Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
        Giokas, Zbigniew Jędrzejewski-Szmek

        — Berlin, 2013-07-23

CHANGES WITH 205:

        * Two new unit types have been introduced:

          Scope units are very similar to service units, however, are
          created out of pre-existing processes — instead of PID 1
          forking off the processes. By using scope units it is
          possible for system services and applications to group their
          own child processes (worker processes) in a powerful way
          which then maybe used to organize them, or kill them
          together, or apply resource limits on them.

          Slice units may be used to partition system resources in an
          hierarchical fashion and then assign other units to them. By
          default there are now three slices: system.slice (for all
          system services), user.slice (for all user sessions),
          machine.slice (for VMs and containers).

          Slices and scopes have been introduced primarily in
          context of the work to move cgroup handling to a
          single-writer scheme, where only PID 1
          creates/removes/manages cgroups.

        * There's a new concept of "transient" units. In contrast to
          normal units these units are created via an API at runtime,
          not from configuration from disk. More specifically this
          means it is now possible to run arbitrary programs as
          independent services, with all execution parameters passed
          in via bus APIs rather than read from disk. Transient units
          make systemd substantially more dynamic then it ever was,
          and useful as a general batch manager.

        * logind has been updated to make use of scope and slice units
          for managing user sessions. As a user logs in he will get
          his own private slice unit, to which all sessions are added
          as scope units. We also added support for automatically
          adding an instance of user@.service for the user into the
          slice. Effectively logind will no longer create cgroup
          hierarchies on its own now, it will defer entirely to PID 1
          for this by means of scope, service and slice units. Since
          user sessions this way become entities managed by PID 1
          the output of "systemctl" is now a lot more comprehensive.

        * A new mini-daemon "systemd-machined" has been added which
          may be used by virtualization managers to register local
          VMs/containers. nspawn has been updated accordingly, and
          libvirt will be updated shortly. machined will collect a bit
          of meta information about the VMs/containers, and assign
          them their own scope unit (see above). The collected
          meta-data is then made available via the "machinectl" tool,
          and exposed in "ps" and similar tools. machined/machinectl
          is compile-time optional.

        * As discussed earlier, the low-level cgroup configuration
          options ControlGroup=, ControlGroupModify=,
          ControlGroupPersistent=, ControlGroupAttribute= have been
          removed. Please use high-level attribute settings instead as
          well as slice units.

        * A new bus call SetUnitProperties() has been added to alter
          various runtime parameters of a unit. This is primarily
          useful to alter cgroup parameters dynamically in a nice way,
          but will be extended later on to make more properties
          modifiable at runtime. systemctl gained a new set-properties
          command that wraps this call.

        * A new tool "systemd-run" has been added which can be used to
          run arbitrary command lines as transient services or scopes,
          while configuring a number of settings via the command
          line. This tool is currently very basic, however already
          very useful. We plan to extend this tool to even allow
          queuing of execution jobs with time triggers from the
          command line, similar in fashion to "at".

        * nspawn will now inform the user explicitly that kernels with
          audit enabled break containers, and suggest the user to turn
          off audit.

        * Support for detecting the IMA and AppArmor security
          frameworks with ConditionSecurity= has been added.

        * journalctl gained a new "-k" switch for showing only kernel
          messages, mimicking dmesg output; in addition to "--user"
          and "--system" switches for showing only user's own logs
          and system logs.

        * systemd-delta can now show information about drop-in
          snippets extending unit files.

        * libsystemd-bus has been substantially updated but is still
          not available as public API.

        * systemd will now look for the "debug" argument on the kernel
          command line and enable debug logging, similar to what
          "systemd.log_level=debug" already did before.

        * "systemctl set-default", "systemctl get-default" has been
          added to configure the default.target symlink, which
          controls what to boot into by default.

        * "systemctl set-log-level" has been added as a convenient
          way to raise and lower systemd logging threshold.

        * "systemd-analyze plot" will now show the time the various
          generators needed for execution, as well as information
          about the unit file loading.

        * libsystemd-journal gained a new sd_journal_open_files() call
          for opening specific journal files. journactl also gained a
          new switch to expose this new functionality. Previously we
          only supported opening all files from a directory, or all
          files from the system, as opening individual files only is
          racy due to journal file rotation.

        * systemd gained the new DefaultEnvironment= setting in
          /etc/systemd/system.conf to set environment variables for
          all services.

        * If a privileged process logs a journal message with the
          OBJECT_PID= field set, then journald will automatically
          augment this with additional OBJECT_UID=, OBJECT_GID=,
          OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
          system services want to log events about specific client
          processes. journactl/systemctl has been updated to make use
          of this information if all log messages regarding a specific
          unit is requested.

        Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
        Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
        Reisner, David Coppa, David King, David Strauss, Eelco
        Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
        Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
        Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
        Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
        Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
        Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
        Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
        Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
        Łukasz Stelmach, 장동준

CHANGES WITH 204:

        * The Python bindings gained some minimal support for the APIs
          exposed by libsystemd-logind.

        * ConditionSecurity= gained support for detecting SMACK. Since
          this condition already supports SELinux and AppArmor we only
          miss IMA for this. Patches welcome!

        Contributions from: Karol Lewandowski, Lennart Poettering,
        Zbigniew Jędrzejewski-Szmek

CHANGES WITH 203:

        * systemd-nspawn will now create /etc/resolv.conf if
          necessary, before bind-mounting the host's file onto it.

        * systemd-nspawn will now store meta information about a
          container on the container's cgroup as extended attribute
          fields, including the root directory.

        * The cgroup hierarchy has been reworked in many ways. All
          objects any of the components systemd creates in the cgroup
          tree are now suffixed. More specifically, user sessions are
          now placed in cgroups suffixed with ".session", users in
          cgroups suffixed with ".user", and nspawn containers in
          cgroups suffixed with ".nspawn". Furthermore, all cgroup
          names are now escaped in a simple scheme to avoid collision
          of userspace object names with kernel filenames. This work
          is preparation for making these objects relocatable in the
          cgroup tree, in order to allow easy resource partitioning of
          these objects without causing naming conflicts.

        * systemctl list-dependencies gained the new switches
          --plain, --reverse, --after and --before.

        * systemd-inhibit now shows the process name of processes that
          have taken an inhibitor lock.

        * nss-myhostname will now also resolve "localhost"
          implicitly. This makes /etc/hosts an optional file and
          nicely handles that on IPv6 ::1 maps to both "localhost" and
          the local hostname.

        * libsystemd-logind.so gained a new call
          sd_get_machine_names() to enumerate running containers and
          VMs (currently only supported by very new libvirt and
          nspawn). sd_login_monitor can now be used to watch
          VMs/containers coming and going.

        * .include is not allowed recursively anymore, and only in
          unit files. Usually it is better to use drop-in snippets in
          .d/*.conf anyway, as introduced with systemd 198.

        * systemd-analyze gained a new "critical-chain" command that
          determines the slowest chain of units run during system
          boot-up. It is very useful for tracking down where
          optimizing boot time is the most beneficial.

        * systemd will no longer allow manipulating service paths in
          the name=systemd:/system cgroup tree using ControlGroup= in
          units. (But is still fine with it in all other dirs.)

        * There's a new systemd-nspawn@.service service file that may
          be used to easily run nspawn containers as system
          services. With the container's root directory in
          /var/lib/container/foobar it is now sufficient to run
          "systemctl start systemd-nspawn@foobar.service" to boot it.

        * systemd-cgls gained a new parameter "--machine" to list only
          the processes within a certain container.

        * ConditionSecurity= now can check for "apparmor". We still
          are lacking checks for SMACK and IMA for this condition
          check though. Patches welcome!

        * A new configuration file /etc/systemd/sleep.conf has been
          added that may be used to configure which kernel operation
          systemd is supposed to execute when "suspend", "hibernate"
          or "hybrid-sleep" is requested. This makes the new kernel
          "freeze" state accessible to the user.

        * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
          the passed argument if applicable.

        Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
        Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
        Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
        Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
        MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
        Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
        Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
        Jędrzejewski-Szmek

CHANGES WITH 202:

        * The output of 'systemctl list-jobs' got some polishing. The
          '--type=' argument may now be passed more than once. A new
          command 'systemctl list-sockets' has been added which shows
          a list of kernel sockets systemd is listening on with the
          socket units they belong to, plus the units these socket
          units activate.

        * The experimental libsystemd-bus library got substantial
          updates to work in conjunction with the (also experimental)
          kdbus kernel project. It works well enough to exchange
          messages with some sophistication. Note that kdbus is not
          ready yet, and the library is mostly an elaborate test case
          for now, and not installable.

        * systemd gained a new unit 'systemd-static-nodes.service'
          that generates static device nodes earlier during boot, and
          can run in conjunction with udev.

        * libsystemd-login gained a new call sd_pid_get_user_unit()
          to retrieve the user systemd unit a process is running
          in. This is useful for systems where systemd is used as
          session manager.

        * systemd-nspawn now places all containers in the new /machine
          top-level cgroup directory in the name=systemd
          hierarchy. libvirt will soon do the same, so that we get a
          uniform separation of /system, /user and /machine for system
          services, user processes and containers/virtual
          machines. This new cgroup hierarchy is also useful to stick
          stable names to specific container instances, which can be
          recognized later this way (this name may be controlled
          via systemd-nspawn's new -M switch). libsystemd-login also
          gained a new call sd_pid_get_machine_name() to retrieve the
          name of the container/VM a specific process belongs to.

        * bootchart can now store its data in the journal.

        * libsystemd-journal gained a new call
          sd_journal_add_conjunction() for AND expressions to the
          matching logic. This can be used to express more complex
          logical expressions.

        * journactl can now take multiple --unit= and --user-unit=
          switches.

        * The cryptsetup logic now understands the "luks.key=" kernel
          command line switch for specifying a file to read the
          decryption key from. Also, if a configured key file is not
          found the tool will now automatically fall back to prompting
          the user.

        * Python systemd.journal module was updated to wrap recently
          added functions from libsystemd-journal. The interface was
          changed to bring the low level interface in s.j._Reader
          closer to the C API, and the high level interface in
          s.j.Reader was updated to wrap and convert all data about
          an entry.

        Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
        Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
        Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
        Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
        Tom Gundersen, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 201:

        * journalctl --update-catalog now understands a new --root=
          option to operate on catalogs found in a different root
          directory.

        * During shutdown after systemd has terminated all running
          services a final killing loop kills all remaining left-over
          processes. We will now print the name of these processes
          when we send SIGKILL to them, since this usually indicates a
          problem.

        * If /etc/crypttab refers to password files stored on
          configured mount points automatic dependencies will now be
          generated to ensure the specific mount is established first
          before the key file is attempted to be read.

        * 'systemctl status' will now show information about the
          network sockets a socket unit is listening on.

        * 'systemctl status' will also shown information about any
          drop-in configuration file for units. (Drop-In configuration
          files in this context are files such as
          /etc/systemd/system/foobar.service.d/*.conf)

        * systemd-cgtop now optionally shows summed up CPU times of
          cgroups. Press '%' while running cgtop to switch between
          percentage and absolute mode. This is useful to determine
          which cgroups use up the most CPU time over the entire
          runtime of the system. systemd-cgtop has also been updated
          to be 'pipeable' for processing with further shell tools.

        * 'hostnamectl set-hostname' will now allow setting of FQDN
          hostnames.

        * The formatting and parsing of time span values has been
          changed. The parser now understands fractional expressions
          such as "5.5h". The formatter will now output fractional
          expressions for all time spans under 1min, i.e. "5.123456s"
          rather than "5s 123ms 456us". For time spans under 1s
          millisecond values are shown, for those under 1ms
          microsecond values are shown. This should greatly improve
          all time-related output of systemd.

        * libsystemd-login and libsystemd-journal gained new
          functions for querying the poll() events mask and poll()
          timeout value for integration into arbitrary event
          loops.

        * localectl gained the ability to list available X11 keymaps
          (models, layouts, variants, options).

        * 'systemd-analyze dot' gained the ability to filter for
          specific units via shell-style globs, to create smaller,
          more useful graphs. I.e. it is now possible to create simple
          graphs of all the dependencies between only target units, or
          of all units that Avahi has dependencies with.

        Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
        Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
        Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
        Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
        Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
        Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
        Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach

CHANGES WITH 200:

        * The boot-time readahead implementation for rotating media
          will now read the read-ahead data in multiple passes which
          consist of all read requests made in equidistant time
          intervals. This means instead of strictly reading read-ahead
          data in its physical order on disk we now try to find a
          middle ground between physical and access time order.

        * /etc/os-release files gained a new BUILD_ID= field for usage
          on operating systems that provide continuous builds of OS
          images.

        Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
        Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
        William Douglas, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 199:

        * systemd-python gained an API exposing libsystemd-daemon.

        * The SMACK setup logic gained support for uploading CIPSO
          security policy.

        * Behaviour of PrivateTmp=, ReadWriteDirectories=,
          ReadOnlyDirectories= and InaccessibleDirectories= has
          changed. The private /tmp and /var/tmp directories are now
          shared by all processes of a service (which means
          ExecStartPre= may now leave data in /tmp that ExecStart= of
          the same service can still access). When a service is
          stopped its temporary directories are immediately deleted
          (normal clean-up with tmpfiles is still done in addition to
          this though).

        * By default, systemd will now set a couple of sysctl
          variables in the kernel: the safe sysrq options are turned
          on, IP route verification is turned on, and source routing
          disabled. The recently added hardlink and softlink
          protection of the kernel is turned on. These settings should
          be reasonably safe, and good defaults for all new systems.

        * The predictable network naming logic may now be turned off
          with a new kernel command line switch: net.ifnames=0.

        * A new libsystemd-bus module has been added that implements a
          pretty complete D-Bus client library. For details see:

          https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html

        * journald will now explicitly flush the journal files to disk
          at the latest 5min after each write. The file will then also
          be marked offline until the next write. This should increase
          reliability in case of a crash. The synchronization delay
          can be configured via SyncIntervalSec= in journald.conf.

        * There's a new remote-fs-setup.target unit that can be used
          to pull in specific services when at least one remote file
          system is to be mounted.

        * There are new targets timers.target and paths.target as
          canonical targets to pull user timer and path units in
          from. This complements sockets.target with a similar
          purpose for socket units.

        * libudev gained a new call udev_device_set_attribute_value()
          to set sysfs attributes of a device.

        * The udev daemon now sets the default number of worker
          processes executed in parallel based on the number of available
          CPUs instead of the amount of available RAM. This is supposed
          to provide a more reliable default and limit a too aggressive
          parallelism for setups with 1000s of devices connected.

        Contributions from: Auke Kok, Colin Walters, Cristian
        Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
        Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
        Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
        Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
        Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
        Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
        Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
        Zbigniew Jędrzejewski-Szmek

CHANGES WITH 198:

        * Configuration of unit files may now be extended via drop-in
          files without having to edit/override the unit files
          themselves. More specifically, if the administrator wants to
          change one value for a service file foobar.service he can
          now do so by dropping in a configuration snippet into
          /etc/systemd/system/foobar.service.d/*.conf. The unit logic
          will load all these snippets and apply them on top of the
          main unit configuration file, possibly extending or
          overriding its settings. Using these drop-in snippets is
          generally nicer than the two earlier options for changing
          unit files locally: copying the files from
          /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
          them there; or creating a new file in /etc/systemd/system/
          that incorporates the original one via ".include". Drop-in
          snippets into these .d/ directories can be placed in any
          directory systemd looks for units in, and the usual
          overriding semantics between /usr/lib, /etc and /run apply
          for them too.

        * Most unit file settings which take lists of items can now be
          reset by assigning the empty string to them. For example,
          normally, settings such as Environment=FOO=BAR append a new
          environment variable assignment to the environment block,
          each time they are used. By assigning Environment= the empty
          string the environment block can be reset to empty. This is
          particularly useful with the .d/*.conf drop-in snippets
          mentioned above, since this adds the ability to reset list
          settings from vendor unit files via these drop-ins.

        * systemctl gained a new "list-dependencies" command for
          listing the dependencies of a unit recursively.

        * Inhibitors are now honored and listed by "systemctl
          suspend", "systemctl poweroff" (and similar) too, not only
          GNOME. These commands will also list active sessions by
          other users.

        * Resource limits (as exposed by the various control group
          controllers) can now be controlled dynamically at runtime
          for all units. More specifically, you can now use a command
          like "systemctl set-cgroup-attr foobar.service cpu.shares
          2000" to alter the CPU shares a specific service gets. These
          settings are stored persistently on disk, and thus allow the
          administrator to easily adjust the resource usage of
          services with a few simple commands. This dynamic resource
          management logic is also available to other programs via the
          bus. Almost any kernel cgroup attribute and controller is
          supported.

        * systemd-vconsole-setup will now copy all font settings to
          all allocated VTs, where it previously applied them only to
          the foreground VT.

        * libsystemd-login gained the new sd_session_get_tty() API
          call.

        * This release drops support for a few legacy or
          distribution-specific LSB facility names when parsing init
          scripts: $x-display-manager, $mail-transfer-agent,
          $mail-transport-agent, $mail-transfer-agent, $smtp,
          $null. Also, the mail-transfer-agent.target unit backing
          this has been removed. Distributions which want to retain
          compatibility with this should carry the burden for
          supporting this themselves and patch support for these back
          in, if they really need to. Also, the facilities $syslog and
          $local_fs are now ignored, since systemd does not support
          early-boot LSB init scripts anymore, and these facilities
          are implied anyway for normal services. syslog.target has
          also been removed.

        * There are new bus calls on PID1's Manager object for
          cancelling jobs, and removing snapshot units. Previously,
          both calls were only available on the Job and Snapshot
          objects themselves.

        * systemd-journal-gatewayd gained SSL support.

        * The various "environment" files, such as /etc/locale.conf
          now support continuation lines with a backslash ("\") as
          last character in the line, similarly in style (but different)
          to how this is supported in shells.

        * For normal user processes the _SYSTEMD_USER_UNIT= field is
          now implicitly appended to every log entry logged. systemctl
          has been updated to filter by this field when operating on a
          user systemd instance.

        * nspawn will now implicitly add the CAP_AUDIT_WRITE and
          CAP_AUDIT_CONTROL capabilities to the capabilities set for
          the container. This makes it easier to boot unmodified
          Fedora systems in a container, which however still requires
          audit=0 to be passed on the kernel command line. Auditing in
          kernel and userspace is unfortunately still too broken in
          context of containers, hence we recommend compiling it out
          of the kernel or using audit=0. Hopefully this will be fixed
          one day for good in the kernel.

        * nspawn gained the new --bind= and --bind-ro= parameters to
          bind mount specific directories from the host into the
          container.

        * nspawn will now mount its own devpts file system instance
          into the container, in order not to leak pty devices from
          the host into the container.

        * systemd will now read the firmware boot time performance
          information from the EFI variables, if the used boot loader
          supports this, and takes it into account for boot performance
          analysis via "systemd-analyze". This is currently supported
          only in conjunction with Gummiboot, but could be supported
          by other boot loaders too. For details see:

          https://systemd.io/BOOT_LOADER_INTERFACE

        * A new generator has been added that automatically mounts the
          EFI System Partition (ESP) to /boot, if that directory
          exists, is empty, and no other file system has been
          configured to be mounted there.

        * logind will now send out PrepareForSleep(false) out
          unconditionally, after coming back from suspend. This may be
          used by applications as asynchronous notification for
          system resume events.

        * "systemctl unlock-sessions" has been added, that allows
          unlocking the screens of all user sessions at once, similar
          to how "systemctl lock-sessions" already locked all users
          sessions. This is backed by a new D-Bus call UnlockSessions().

        * "loginctl seat-status" will now show the master device of a
          seat. (i.e. the device of a seat that needs to be around for
          the seat to be considered available, usually the graphics
          card).

        * tmpfiles gained a new "X" line type, that allows
          configuration of files and directories (with wildcards) that
          shall be excluded from automatic cleanup ("aging").

        * udev default rules set the device node permissions now only
          at "add" events, and do not change them any longer with a
          later "change" event.

        * The log messages for lid events and power/sleep keypresses
          now carry a message ID.

        * We now have a substantially larger unit test suite, but this
          continues to be work in progress.

        * udevadm hwdb gained a new --root= parameter to change the
          root directory to operate relative to.

        * logind will now issue a background sync() request to the kernel
          early at shutdown, so that dirty buffers are flushed to disk early
          instead of at the last moment, in order to optimize shutdown
          times a little.

        * A new bootctl tool has been added that is an interface for
          certain boot loader operations. This is currently a preview
          and is likely to be extended into a small mechanism daemon
          like timedated, localed, hostnamed, and can be used by
          graphical UIs to enumerate available boot options, and
          request boot into firmware operations.

        * systemd-bootchart has been relicensed to LGPLv2.1+ to match
          the rest of the package. It also has been updated to work
          correctly in initrds.

        * polkit previously has been runtime optional, and is now also
          compile time optional via a configure switch.

        * systemd-analyze has been reimplemented in C. Also "systemctl
          dot" has moved into systemd-analyze.

        * "systemctl status" with no further parameters will now print
          the status of all active or failed units.

        * Operations such as "systemctl start" can now be executed
          with a new mode "--irreversible" which may be used to queue
          operations that cannot accidentally be reversed by a later
          job queuing. This is by default used to make shutdown
          requests more robust.

        * The Python API of systemd now gained a new module for
          reading journal files.

        * A new tool kernel-install has been added that can install
          kernel images according to the Boot Loader Specification:

          https://systemd.io/BOOT_LOADER_SPECIFICATION

        * Boot time console output has been improved to provide
          animated boot time output for hanging jobs.

        * A new tool systemd-activate has been added which can be used
          to test socket activation with, directly from the command
          line. This should make it much easier to test and debug
          socket activation in daemons.

        * journalctl gained a new "--reverse" (or -r) option to show
          journal output in reverse order (i.e. newest line first).

        * journalctl gained a new "--pager-end" (or -e) option to jump
          to immediately jump to the end of the journal in the
          pager. This is only supported in conjunction with "less".

        * journalctl gained a new "--user-unit=" option, that works
          similarly to "--unit=" but filters for user units rather than
          system units.

        * A number of unit files to ease adoption of systemd in
          initrds has been added. This moves some minimal logic from
          the various initrd implementations into systemd proper.

        * The journal files are now owned by a new group
          "systemd-journal", which exists specifically to allow access
          to the journal, and nothing else. Previously, we used the
          "adm" group for that, which however possibly covers more
          than just journal/log file access. This new group is now
          already used by systemd-journal-gatewayd to ensure this
          daemon gets access to the journal files and as little else
          as possible. Note that "make install" will also set FS ACLs
          up for /var/log/journal to give "adm" and "wheel" read
          access to it, in addition to "systemd-journal" which owns
          the journal files. We recommend that packaging scripts also
          add read access to "adm" + "wheel" to /var/log/journal, and
          all existing/future journal files. To normal users and
          administrators little changes, however packagers need to
          ensure to create the "systemd-journal" system group at
          package installation time.

        * The systemd-journal-gatewayd now runs as unprivileged user
          systemd-journal-gateway:systemd-journal-gateway. Packaging
          scripts need to create these system user/group at
          installation time.

        * timedated now exposes a new boolean property CanNTP that
          indicates whether a local NTP service is available or not.

        * systemd-detect-virt will now also detect xen PVs

        * The pstore file system is now mounted by default, if it is
          available.

        * In addition to the SELinux and IMA policies we will now also
          load SMACK policies at early boot.

        Contributions from: Adel Gadllah, Aleksander Morgado, Auke
        Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
        Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
        Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
        Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
        Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
        Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
        Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
        Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
        Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
        Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
        Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
        Gundersen, Umut Tezduyar, William Giokas, Zbigniew
        Jędrzejewski-Szmek, Zeeshan Ali (Khattak)

CHANGES WITH 197:

        * Timer units now support calendar time events in addition to
          monotonic time events. That means you can now trigger a unit
          based on a calendar time specification such as "Thu,Fri
          2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
          or fifth day of any month of the year 2013, given that it is
          a Thursday or a Friday. This brings timer event support
          considerably closer to cron's capabilities. For details on
          the supported calendar time specification language see
          systemd.time(7).

        * udev now supports a number of different naming policies for
          network interfaces for predictable names, and a combination
          of these policies is now the default. Please see this wiki
          document for details:

          https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html

        * Auke Kok's bootchart implementation has been added to the
          systemd tree. It is an optional component that can graph the
          boot in quite some detail. It is one of the best bootchart
          implementations around and minimal in its code and
          dependencies.

        * nss-myhostname has been integrated into the systemd source
          tree. nss-myhostname guarantees that the local hostname
          always stays resolvable via NSS. It has been a weak
          requirement of systemd-hostnamed since a long time, and
          since its code is actually trivial we decided to just
          include it in systemd's source tree. It can be turned off
          with a configure switch.

        * The read-ahead logic is now capable of properly detecting
          whether a btrfs file system is on SSD or rotating media, in
          order to optimize the read-ahead scheme. Previously, it was
          only capable of detecting this on traditional file systems
          such as ext4.

        * In udev, additional device properties are now read from the
          IAB in addition to the OUI database. Also, Bluetooth company
          identities are attached to the devices as well.

        * In service files %U may be used as specifier that is
          replaced by the configured user name of the service.

        * nspawn may now be invoked without a controlling TTY. This
          makes it suitable for invocation as its own service. This
          may be used to set up a simple containerized server system
          using only core OS tools.

        * systemd and nspawn can now accept socket file descriptors
          when they are started for socket activation. This enables
          implementation of socket activated nspawn
          containers. i.e. think about autospawning an entire OS image
          when the first SSH or HTTP connection is received. We expect
          that similar functionality will also be added to libvirt-lxc
          eventually.

        * journalctl will now suppress ANSI color codes when
          presenting log data.

        * systemctl will no longer show control group information for
          a unit if the control group is empty anyway.

        * logind can now automatically suspend/hibernate/shutdown the
          system on idle.

        * /etc/machine-info and hostnamed now also expose the chassis
          type of the system. This can be used to determine whether
          the local system is a laptop, desktop, handset or
          tablet. This information may either be configured by the
          user/vendor or is automatically determined from ACPI and DMI
          information if possible.

        * A number of polkit actions are now bound together with "imply"
          rules. This should simplify creating UIs because many actions
          will now authenticate similar ones as well.

        * Unit files learnt a new condition ConditionACPower= which
          may be used to conditionalize a unit depending on whether an
          AC power source is connected or not, of whether the system
          is running on battery power.

        * systemctl gained a new "is-failed" verb that may be used in
          shell scripts and suchlike to check whether a specific unit
          is in the "failed" state.

        * The EnvironmentFile= setting in unit files now supports file
          globbing, and can hence be used to easily read a number of
          environment files at once.

        * systemd will no longer detect and recognize specific
          distributions. All distribution-specific #ifdeffery has been
          removed, systemd is now fully generic and
          distribution-agnostic. Effectively, not too much is lost as
          a lot of the code is still accessible via explicit configure
          switches. However, support for some distribution specific
          legacy configuration file formats has been dropped. We
          recommend distributions to simply adopt the configuration
          files everybody else uses now and convert the old
          configuration from packaging scripts. Most distributions
          already did that. If that's not possible or desirable,
          distributions are welcome to forward port the specific
          pieces of code locally from the git history.

        * When logging a message about a unit systemd will now always
          log the unit name in the message meta data.

        * localectl will now also discover system locale data that is
          not stored in locale archives, but directly unpacked.

        * logind will no longer unconditionally use framebuffer
          devices as seat masters, i.e. as devices that are required
          to be existing before a seat is considered preset. Instead,
          it will now look for all devices that are tagged as
          "seat-master" in udev. By default, framebuffer devices will
          be marked as such, but depending on local systems, other
          devices might be marked as well. This may be used to
          integrate graphics cards using closed source drivers (such
          as NVidia ones) more nicely into logind. Note however, that
          we recommend using the open source NVidia drivers instead,
          and no udev rules for the closed-source drivers will be
          shipped from us upstream.

        Contributions from: Adam Williamson, Alessandro Crismani, Auke
        Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
        Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
        Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
        Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
        Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
        Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
        Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
        Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
        Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
        Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
        Jędrzejewski-Szmek

CHANGES WITH 196:

        * udev gained support for loading additional device properties
          from an indexed database that is keyed by vendor/product IDs
          and similar device identifiers. For the beginning this
          "hwdb" is populated with data from the well-known PCI and
          USB database, but also includes PNP, ACPI and OID data. In
          the longer run this indexed database shall grow into
          becoming the one central database for non-essential
          userspace device metadata. Previously, data from the PCI/USB
          database was only attached to select devices, since the
          lookup was a relatively expensive operation due to O(n) time
          complexity (with n being the number of entries in the
          database). Since this is now O(1), we decided to add in this
          data for all devices where this is available, by
          default. Note that the indexed database needs to be rebuilt
          when new data files are installed. To achieve this you need
          to update your packaging scripts to invoke "udevadm hwdb
          --update" after installation of hwdb data files. For
          RPM-based distributions we introduced the new
          %udev_hwdb_update macro for this purpose.

        * The Journal gained support for the "Message Catalog", an
          indexed database to link up additional information with
          journal entries. For further details please check:

          https://systemd.io/CATALOG

          The indexed message catalog database also needs to be
          rebuilt after installation of message catalog files. Use
          "journalctl --update-catalog" for this. For RPM-based
          distributions we introduced the %journal_catalog_update
          macro for this purpose.

        * The Python Journal bindings gained support for the standard
          Python logging framework.

        * The Journal API gained new functions for checking whether
          the underlying file system of a journal file is capable of
          properly reporting file change notifications, or whether
          applications that want to reflect journal changes "live"
          need to recheck journal files continuously in appropriate
          time intervals.

        * It is now possible to set the "age" field for tmpfiles
          entries to 0, indicating that files matching this entry
          shall always be removed when the directories are cleaned up.

        * coredumpctl gained a new "gdb" verb which invokes gdb
          right-away on the selected coredump.

        * There's now support for "hybrid sleep" on kernels that
          support this, in addition to "suspend" and "hibernate". Use
          "systemctl hybrid-sleep" to make use of this.

        * logind's HandleSuspendKey= setting (and related settings)
          now gained support for a new "lock" setting to simply
          request the screen lock on all local sessions, instead of
          actually executing a suspend or hibernation.

        * systemd will now mount the EFI variables file system by
          default.

        * Socket units now gained support for configuration of the
          SMACK security label.

        * timedatectl will now output the time of the last and next
          daylight saving change.

        * We dropped support for various legacy and distro-specific
          concepts, such as insserv, early-boot SysV services
          (i.e. those for non-standard runlevels such as 'b' or 'S')
          or ArchLinux /etc/rc.conf support. We recommend the
          distributions who still need support this to either continue
          to maintain the necessary patches downstream, or find a
          different solution. (Talk to us if you have questions!)

        * Various systemd components will now bypass polkit checks for
          root and otherwise handle properly if polkit is not found to
          be around. This should fix most issues for polkit-less
          systems. Quite frankly this should have been this way since
          day one. It is absolutely our intention to make systemd work
          fine on polkit-less systems, and we consider it a bug if
          something does not work as it should if polkit is not around.

        * For embedded systems it is now possible to build udev and
          systemd without blkid and/or kmod support.

        * "systemctl switch-root" is now capable of switching root
          more than once. I.e. in addition to transitions from the
          initrd to the host OS it is now possible to transition to
          further OS images from the host. This is useful to implement
          offline updating tools.

        * Various other additions have been made to the RPM macros
          shipped with systemd. Use %udev_rules_update() after
          installing new udev rules files. %_udevhwdbdir,
          %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
          %_sysctldir are now available which resolve to the right
          directories for packages to place various data files in.

        * journalctl gained the new --full switch (in addition to
          --all, to disable ellipsation for long messages.

        Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
        Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
        Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
        Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
        Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
        Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
        Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
        Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
        Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 195:

        * journalctl gained new --since= and --until= switches to
          filter by time. It also now supports nice filtering for
          units via --unit=/-u.

        * Type=oneshot services may use ExecReload= and do the
          right thing.

        * The journal daemon now supports time-based rotation and
          vacuuming, in addition to the usual disk-space based
          rotation.

        * The journal will now index the available field values for
          each field name. This enables clients to show pretty drop
          downs of available match values when filtering. The bash
          completion of journalctl has been updated
          accordingly. journalctl gained a new switch -F to list all
          values a certain field takes in the journal database.

        * More service events are now written as structured messages
          to the journal, and made recognizable via message IDs.

        * The timedated, localed and hostnamed mini-services which
          previously only provided support for changing time, locale
          and hostname settings from graphical DEs such as GNOME now
          also have a minimal (but very useful) text-based client
          utility each. This is probably the nicest way to changing
          these settings from the command line now, especially since
          it lists available options and is fully integrated with bash
          completion.

        * There's now a new tool "systemd-coredumpctl" to list and
          extract coredumps from the journal.

        * We now install a README each in /var/log/ and
          /etc/rc.d/init.d explaining where the system logs and init
          scripts went. This hopefully should help folks who go to
          that dirs and look into the otherwise now empty void and
          scratch their heads.

        * When user-services are invoked (by systemd --user) the
          $MANAGERPID env var is set to the PID of systemd.

        * SIGRTMIN+24 when sent to a --user instance will now result
          in immediate termination of systemd.

        * gatewayd received numerous feature additions such as a
          "follow" mode, for live syncing and filtering.

        * browse.html now allows filtering and showing detailed
          information on specific entries. Keyboard navigation and
          mouse screen support has been added.

        * gatewayd/journalctl now supports HTML5/JSON
          Server-Sent-Events as output.

        * The SysV init script compatibility logic will now
          heuristically determine whether a script supports the
          "reload" verb, and only then make this available as
          "systemctl reload".

        * "systemctl status --follow" has been removed, use "journalctl
          -u" instead.

        * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
          have been removed since they are hardly useful to be
          configured.

        * And I'd like to take the opportunity to specifically mention
          Zbigniew for his great contributions. Zbigniew, you rock!

        Contributions from: Andrew Eikum, Christian Hesse, Colin
        Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
        Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
        Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
        Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
        Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
        Jędrzejewski-Szmek, Сковорода Никита Андреевич

CHANGES WITH 194:

        * If /etc/vconsole.conf is non-existent or empty we will no
          longer load any console font or key map at boot by
          default. Instead the kernel defaults will be left
          intact. This is definitely the right thing to do, as no
          configuration should mean no configuration, and hard-coding
          font names that are different on all archs is probably a bad
          idea. Also, the kernel default key map and font should be
          good enough for most cases anyway, and mostly identical to
          the userspace fonts/key maps we previously overloaded them
          with. If distributions want to continue to default to a
          non-kernel font or key map they should ship a default
          /etc/vconsole.conf with the appropriate contents.

        Contributions from: Colin Walters, Daniel J Walsh, Dave
        Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
        Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 193:

        * journalctl gained a new --cursor= switch to show entries
          starting from the specified location in the journal.

        * We now enforce a size limit on journal entry fields exported
          with "-o json" in journalctl. Fields larger than 4K will be
          assigned null. This can be turned off with --all.

        * An (optional) journal gateway daemon is now available as
          "systemd-journal-gatewayd.service". This service provides
          access to the journal via HTTP and JSON. This functionality
          will be used to implement live log synchronization in both
          pull and push modes, but has various other users too, such
          as easy log access for debugging of embedded devices. Right
          now it is already useful to retrieve the journal via HTTP:

          # systemctl start systemd-journal-gatewayd.service
          # wget http://localhost:19531/entries

          This will download the journal contents in a
          /var/log/messages compatible format. The same as JSON:

          # curl -H"Accept: application/json" http://localhost:19531/entries

          This service is also accessible via a web browser where a
          single static HTML5 app is served that uses the JSON logic
          to enable the user to do some basic browsing of the
          journal. This will be extended later on. Here's an example
          screenshot of this app in its current state:

          https://0pointer.de/public/journal-gatewayd

        Contributions from: Kay Sievers, Lennart Poettering, Robert
        Milasan, Tom Gundersen

CHANGES WITH 192:

        * The bash completion logic is now available for journalctl
          too.

        * We do not mount the "cpuset" controller anymore together with
          "cpu" and "cpuacct", as "cpuset" groups generally cannot be
          started if no parameters are assigned to it. "cpuset" hence
          broke code that assumed it could create "cpu" groups and
          just start them.

        * journalctl -f will now subscribe to terminal size changes,
          and line break accordingly.

        Contributions from: Dave Reisner, Kay Sievers, Lennart
        Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín

CHANGES WITH 191:

        * nspawn will now create a symlink /etc/localtime in the
          container environment, copying the host's timezone
          setting. Previously this has been done via a bind mount, but
          since symlinks cannot be bind mounted this has now been
          changed to create/update the appropriate symlink.

        * journalctl -n's line number argument is now optional, and
          will default to 10 if omitted.

        * journald will now log the maximum size the journal files may
          take up on disk. This is particularly useful if the default
          built-in logic of determining this parameter from the file
          system size is used. Use "systemctl status
          systemd-journald.service" to see this information.

        * The multi-seat X wrapper tool has been stripped down. As X
          is now capable of enumerating graphics devices via udev in a
          seat-aware way the wrapper is not strictly necessary
          anymore. A stripped down temporary stop-gap is still shipped
          until the upstream display managers have been updated to
          fully support the new X logic. Expect this wrapper to be
          removed entirely in one of the next releases.

        * HandleSleepKey= in logind.conf has been split up into
          HandleSuspendKey= and HandleHibernateKey=. The old setting
          is not available anymore. X11 and the kernel are
          distinguishing between these keys and we should too. This
          also means the inhibition lock for these keys has been split
          into two.

        Contributions from: Dave Airlie, Eelco Dolstra, Lennart
        Poettering, Lukas Nykryn, Václav Pavlín

CHANGES WITH 190:

        * Whenever a unit changes state we will now log this to the
          journal and show along the unit's own log output in
          "systemctl status".

        * ConditionPathIsMountPoint= can now properly detect bind
          mount points too. (Previously, a bind mount of one file
          system to another place in the same file system could not be
          detected as mount, since they shared struct stat's st_dev
          field.)

        * We will now mount the cgroup controllers cpu, cpuacct,
          cpuset and the controllers net_cls, net_prio together by
          default.

        * nspawn containers will now have a virtualized boot
          ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
          over with a randomized ID at container initialization). This
          has the effect of making "journalctl -b" do the right thing
          in a container.

        * The JSON output journal serialization has been updated not
          to generate "endless" list objects anymore, but rather one
          JSON object per line. This is more in line how most JSON
          parsers expect JSON objects. The new output mode
          "json-pretty" has been added to provide similar output, but
          neatly aligned for readability by humans.

        * We dropped all explicit sync() invocations in the shutdown
          code. The kernel does this implicitly anyway in the kernel
          reboot() syscall. halt(8)'s -n option is now a compatibility
          no-op.

        * We now support virtualized reboot() in containers, as
          supported by newer kernels. We will fall back to exit() if
          CAP_SYS_REBOOT is not available to the container. Also,
          nspawn makes use of this now and will actually reboot the
          container if the containerized OS asks for that.

        * journalctl will only show local log output by default
          now. Use --merge (-m) to show remote log output, too.

        * libsystemd-journal gained the new sd_journal_get_usage()
          call to determine the current disk usage of all journal
          files. This is exposed in the new "journalctl --disk-usage"
          command.

        * journald gained a new configuration setting SplitMode= in
          journald.conf which may be used to control how user journals
          are split off. See journald.conf(5) for details.

        * A new condition type ConditionFileNotEmpty= has been added.

        * tmpfiles' "w" lines now support file globbing, to write
          multiple files at once.

        * We added Python bindings for the journal submission
          APIs. More Python APIs for a number of selected APIs will
          likely follow. Note that we intend to add native bindings
          only for the Python language, as we consider it common
          enough to deserve bindings shipped within systemd. There are
          various projects outside of systemd that provide bindings
          for languages such as PHP or Lua.

        * Many conditions will now resolve specifiers such as %i. In
          addition, PathChanged= and related directives of .path units
          now support specifiers as well.

        * There's now a new RPM macro definition for the system preset
          dir: %_presetdir.

        * journald will now warn if it ca not forward a message to the
          syslog daemon because its socket is full.

        * timedated will no longer write or process /etc/timezone,
          except on Debian. As we do not support late mounted /usr
          anymore /etc/localtime always being a symlink is now safe,
          and hence the information in /etc/timezone is not necessary
          anymore.

        * logind will now always reserve one VT for a text getty (VT6
          by default). Previously if more than 6 X sessions where
          started they took up all the VTs with auto-spawned gettys,
          so that no text gettys were available anymore.

        * udev will now automatically inform the btrfs kernel logic
          about btrfs RAID components showing up. This should make
          simple hotplug based btrfs RAID assembly work.

        * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
          (but not for its children which will stay at the kernel
          default). This should allow setups with a lot more listening
          sockets.

        * systemd will now always pass the configured timezone to the
          kernel at boot. timedated will do the same when the timezone
          is changed.

        * logind's inhibition logic has been updated. By default,
          logind will now handle the lid switch, the power and sleep
          keys all the time, even in graphical sessions. If DEs want
          to handle these events on their own they should take the new
          handle-power-key, handle-sleep-key and handle-lid-switch
          inhibitors during their runtime. A simple way to achieve
          that is to invoke the DE wrapped in an invocation of:

          systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …

        * Access to unit operations is now checked via SELinux taking
          the unit file label and client process label into account.

        * systemd will now notify the administrator in the journal
          when he over-mounts a non-empty directory.

        * There are new specifiers that are resolved in unit files,
          for the hostname (%H), the machine ID (%m) and the boot ID
          (%b).

        Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
        Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
        Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
        Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
        Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
        Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
        Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 189:

        * Support for reading structured kernel messages from
          /dev/kmsg has now been added and is enabled by default.

        * Support for reading kernel messages from /proc/kmsg has now
          been removed. If you want kernel messages in the journal
          make sure to run a recent kernel (>= 3.5) that supports
          reading structured messages from /dev/kmsg (see
          above). /proc/kmsg is now exclusive property of classic
          syslog daemons again.

        * The libudev API gained the new
          udev_device_new_from_device_id() call.

        * The logic for file system namespace (ReadOnlyDirectory=,
          ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
          require pivot_root() anymore. This means fewer temporary
          directories are created below /tmp for this feature.

        * nspawn containers will now see and receive all submounts
          made on the host OS below the root file system of the
          container.

        * Forward Secure Sealing is now supported for Journal files,
          which provide cryptographical sealing of journal files so
          that attackers cannot alter log history anymore without this
          being detectable. Lennart will soon post a blog story about
          this explaining it in more detail.

        * There are two new service settings RestartPreventExitStatus=
          and SuccessExitStatus= which allow configuration of exit
          status (exit code or signal) which will be excepted from the
          restart logic, resp. consider successful.

        * journalctl gained the new --verify switch that can be used
          to check the integrity of the structure of journal files and
          (if Forward Secure Sealing is enabled) the contents of
          journal files.

        * nspawn containers will now be run with /dev/stdin, /dev/fd/
          and similar symlinks pre-created. This makes running shells
          as container init process a lot more fun.

        * The fstab support can now handle PARTUUID= and PARTLABEL=
          entries.

        * A new ConditionHost= condition has been added to match
          against the hostname (with globs) and machine ID. This is
          useful for clusters where a single OS image is used to
          provision a large number of hosts which shall run slightly
          different sets of services.

        * Services which hit the restart limit will now be placed in a
          failure state.

        Contributions from: Bertram Poettering, Dave Reisner, Huang
        Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
        Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 188:

        * When running in --user mode systemd will now become a
          subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
          tree a lot more organized.

        * A new PartOf= unit dependency type has been introduced that
          may be used to group services in a natural way.

        * "systemctl enable" may now be used to enable instances of
          services.

        * journalctl now prints error log levels in red, and
          warning/notice log levels in bright white. It also supports
          filtering by log level now.

        * cgtop gained a new -n switch (similar to top), to configure
          the maximum number of iterations to run for. It also gained
          -b, to run in batch mode (accepting no input).

        * The suffix ".service" may now be omitted on most systemctl
          command lines involving service unit names.

        * There's a new bus call in logind to lock all sessions, as
          well as a loginctl verb for it "lock-sessions".

        * libsystemd-logind.so gained a new call sd_journal_perror()
          that works similar to libc perror() but logs to the journal
          and encodes structured information about the error number.

        * /etc/crypttab entries now understand the new keyfile-size=
          option.

        * shutdown(8) now can send a (configurable) wall message when
          a shutdown is cancelled.

        * The mount propagation mode for the root file system will now
          default to "shared", which is useful to make containers work
          nicely out-of-the-box so that they receive new mounts from
          the host. This can be undone locally by running "mount
          --make-rprivate /" if needed.

        * The prefdm.service file has been removed. Distributions
          should maintain this unit downstream if they intend to keep
          it around. However, we recommend writing normal unit files
          for display managers instead.

        * Since systemd is a crucial part of the OS we will now
          default to a number of compiler switches that improve
          security (hardening) such as read-only relocations, stack
          protection, and suchlike.

        * The TimeoutSec= setting for services is now split into
          TimeoutStartSec= and TimeoutStopSec= to allow configuration
          of individual time outs for the start and the stop phase of
          the service.

        Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
        Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
        Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
        Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
        Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
        Gundersen, Zbigniew Jędrzejewski-Szmek

CHANGES WITH 187:

        * The journal and id128 C APIs are now fully documented as man
          pages.

        * Extra safety checks have been added when transitioning from
          the initial RAM disk to the main system to avoid accidental
          data loss.

        * /etc/crypttab entries now understand the new keyfile-offset=
          option.

        * systemctl -t can now be used to filter by unit load state.

        * The journal C API gained the new sd_journal_wait() call to
          make writing synchronous journal clients easier.

        * journalctl gained the new -D switch to show journals from a
          specific directory.

        * journalctl now displays a special marker between log
          messages of two different boots.

        * The journal is now explicitly flushed to /var via a service
          systemd-journal-flush.service, rather than implicitly simply
          by seeing /var/log/journal to be writable.

        * journalctl (and the journal C APIs) can now match for much
          more complex expressions, with alternatives and
          disjunctions.

        * When transitioning from the initial RAM disk to the main
          system we will now kill all processes in a killing spree to
          ensure no processes stay around by accident.

        * Three new specifiers may be used in unit files: %u, %h, %s
          resolve to the user name, user home directory resp. user
          shell. This is useful for running systemd user instances.

        * We now automatically rotate journal files if their data
          object hash table gets a fill level > 75%. We also size the
          hash table based on the configured maximum file size. This
          together should lower hash collisions drastically and thus
          speed things up a bit.

        * journalctl gained the new "--header" switch to introspect
          header data of journal files.

        * A new setting SystemCallFilters= has been added to services which may
          be used to apply deny lists or allow lists to system calls. This is
          based on SECCOMP Mode 2 of Linux 3.5.

        * nspawn gained a new --link-journal= switch (and quicker: -j)
          to link the container journal with the host. This makes it
          very easy to centralize log viewing on the host for all
          guests while still keeping the journal files separated.

        * Many bugfixes and optimizations

        Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
        Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
        Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
        Jędrzejewski-Szmek

CHANGES WITH 186:

        * Several tools now understand kernel command line arguments,
          which are only read when run in an initial RAM disk. They
          usually follow closely their normal counterparts, but are
          prefixed with rd.

        * There's a new tool to analyze the readahead files that are
          automatically generated at boot. Use:

          /usr/lib/systemd/systemd-readahead analyze /.readahead

        * We now provide an early debug shell on tty9 if this enabled. Use:

          systemctl enable debug-shell.service

        * All plymouth related units have been moved into the Plymouth
          package. Please make sure to upgrade your Plymouth version
          as well.

        * systemd-tmpfiles now supports getting passed the basename of
          a configuration file only, in which case it will look for it
          in all appropriate directories automatically.

        * udevadm info now takes a /dev or /sys path as argument, and
          does the right thing. Example:

          udevadm info /dev/sda
          udevadm info /sys/class/block/sda

        * systemctl now prints a warning if a unit is stopped but a
          unit that might trigger it continues to run. Example: a
          service is stopped but the socket that activates it is left
          running.

        * "systemctl status" will now mention if the log output was
          shortened due to rotation since a service has been started.

        * The journal API now exposes functions to determine the
          "cutoff" times due to rotation.

        * journald now understands SIGUSR1 and SIGUSR2 for triggering
          immediately flushing of runtime logs to /var if possible,
          resp. for triggering immediate rotation of the journal
          files.

        * It is now considered an error if a service is attempted to
          be stopped that is not loaded.

        * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.

        * systemd-analyze now supports Python 3

        * tmpfiles now supports cleaning up directories via aging
          where the first level dirs are always kept around but
          directories beneath it automatically aged. This is enabled
          by prefixing the age field with '~'.

        * Seat objects now expose CanGraphical, CanTTY properties
          which is required to deal with very fast bootups where the
          display manager might be running before the graphics drivers
          completed initialization.

        * Seat objects now expose a State property.

        * We now include RPM macros for service enabling/disabling
          based on the preset logic. We recommend RPM based
          distributions to make use of these macros if possible. This
          makes it simpler to reuse RPM spec files across
          distributions.

        * We now make sure that the collected systemd unit name is
          always valid when services log to the journal via
          STDOUT/STDERR.

        * There's a new man page kernel-command-line(7) detailing all
          command line options we understand.

        * The fstab generator may now be disabled at boot by passing
          fstab=0 on the kernel command line.

        * A new kernel command line option modules-load= is now understood
          to load a specific kernel module statically, early at boot.

        * Unit names specified on the systemctl command line are now
          automatically escaped as needed. Also, if file system or
          device paths are specified they are automatically turned
          into the appropriate mount or device unit names. Example:

          systemctl status /home
          systemctl status /dev/sda

        * The SysVConsole= configuration option has been removed from
          system.conf parsing.

        * The SysV search path is no longer exported on the D-Bus
          Manager object.

        * The Names= option has been removed from unit file parsing.

        * There's a new man page bootup(7) detailing the boot process.

        * Every unit and every generator we ship with systemd now
          comes with full documentation. The self-explanatory boot is
          complete.

        * A couple of services gained "systemd-" prefixes in their
          name if they wrap systemd code, rather than only external
          code. Among them fsck@.service which is now
          systemd-fsck@.service.

        * The HaveWatchdog property has been removed from the D-Bus
          Manager object.

        * systemd.confirm_spawn= on the kernel command line should now
          work sensibly.

        * There's a new man page crypttab(5) which details all options
          we actually understand.

        * systemd-nspawn gained a new --capability= switch to pass
          additional capabilities to the container.

        * timedated will now read known NTP implementation unit names
          from /usr/lib/systemd/ntp-units.d/*.list,
          systemd-timedated-ntp.target has been removed.

        * journalctl gained a new switch "-b" that lists log data of
          the current boot only.

        * The notify socket is in the abstract namespace again, in
          order to support daemons which chroot() at start-up.

        * There is a new Storage= configuration option for journald
          which allows configuration of where log data should go. This
          also provides a way to disable journal logging entirely, so
          that data collected is only forwarded to the console, the
          kernel log buffer or another syslog implementation.

        * Many bugfixes and optimizations

        Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
        David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
        Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
        Shawn Landden, Tom Gundersen

CHANGES WITH 185:

        * "systemctl help <unit>" now shows the man page if one is
          available.

        * Several new man pages have been added.

        * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
          MaxLevelConsole= can now be specified in
          journald.conf. These options allow reducing the amount of
          data stored on disk or forwarded by the log level.

        * TimerSlackNSec= can now be specified in system.conf for
          PID1. This allows system-wide power savings.

        Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
        Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
        Matthias Clasen

CHANGES WITH 184:

        * logind is now capable of (optionally) handling power and
          sleep keys as well as the lid switch.

        * journalctl now understands the syntax "journalctl
          /usr/bin/avahi-daemon" to get all log output of a specific
          daemon.

        * CapabilityBoundingSet= in system.conf now also influences
          the capability bound set of usermode helpers of the kernel.

        Contributions from: Daniel Drake, Daniel J. Walsh, Gert
        Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
        Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
        Menzel, Shawn Landden, Tero Roponen, Tom Gundersen

CHANGES WITH 183:

        * Note that we skipped 139 releases here in order to set the
          new version to something that is greater than both udev's
          and systemd's most recent version number.

        * udev: all udev sources are merged into the systemd source tree now.
          All future udev development will happen in the systemd tree. It
          is still fully supported to use the udev daemon and tools without
          systemd running, like in initramfs or other init systems. Building
          udev though, will require the *build* of the systemd tree, but
          udev can be properly *run* without systemd.

        * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
          should be used to create dead device nodes as workarounds for broken
          subsystems.

        * udev: RUN+="socket:…"  and udev_monitor_new_from_socket() is
          no longer supported. udev_monitor_new_from_netlink() needs to be
          used to subscribe to events.

        * udev: when udevd is started by systemd, processes which are left
          behind by forking them off of udev rules, are unconditionally cleaned
          up and killed now after the event handling has finished. Services or
          daemons must be started as systemd services. Services can be
          pulled-in by udev to get started, but they can no longer be directly
          forked by udev rules.

        * udev: the daemon binary is called systemd-udevd now and installed
          in /usr/lib/systemd/. Standalone builds or non-systemd systems need
          to adapt to that, create symlink, or rename the binary after building
          it.

        * libudev no longer provides these symbols:
            udev_monitor_from_socket()
            udev_queue_get_failed_list_entry()
            udev_get_{dev,sys,run}_path()
          The versions number was bumped and symbol versioning introduced.

        * systemd-loginctl and systemd-journalctl have been renamed
          to loginctl and journalctl to match systemctl.

        * The config files: /etc/systemd/systemd-logind.conf and
          /etc/systemd/systemd-journald.conf have been renamed to
          logind.conf and journald.conf. Package updates should rename
          the files to the new names on upgrade.

        * For almost all files the license is now LGPL2.1+, changed
          from the previous GPL2.0+. Exceptions are some minor stuff
          of udev (which will be changed to LGPL2.1 eventually, too),
          and the MIT licensed sd-daemon.[ch] library that is suitable
          to be used as drop-in files.

        * systemd and logind now handle system sleep states, in
          particular suspending and hibernating.

        * logind now implements a sleep/shutdown/idle inhibiting logic
          suitable for a variety of uses. Soonishly Lennart will blog
          about this in more detail.

        * var-run.mount and var-lock.mount are no longer provided
          (which previously bind mounted these directories to their new
          places). Distributions which have not converted these
          directories to symlinks should consider stealing these files
          from git history and add them downstream.

        * We introduced the Documentation= field for units and added
          this to all our shipped units. This is useful to make it
          easier to explore the boot and the purpose of the various
          units.

        * All smaller setup units (such as
          systemd-vconsole-setup.service) now detect properly if they
          are run in a container and are skipped when
          appropriate. This guarantees an entirely noise-free boot in
          Linux container environments such as systemd-nspawn.

        * A framework for implementing offline system updates is now
          integrated, for details see:
          https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html

        * A new service type Type=idle is available now which helps us
          avoiding ugly interleaving of getty output and boot status
          messages.

        * There's now a system-wide CapabilityBoundingSet= option to
          globally reduce the set of capabilities for the
          system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
          CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
          even CAP_NET_ADMIN system-wide for secure systems.

        * There are now system-wide DefaultLimitXXX= options to
          globally change the defaults of the various resource limits
          for all units started by PID 1.

        * Harald Hoyer's systemd test suite has been integrated into
          systemd which allows easy testing of systemd builds in qemu
          and nspawn. (This is really awesome! Ask us for details!)

        * The fstab parser is now implemented as generator, not inside
          of PID 1 anymore.

        * systemctl will now warn you if .mount units generated from
          /etc/fstab are out of date due to changes in fstab that
          have not been read by systemd yet.

        * systemd is now suitable for usage in initrds. Dracut has
          already been updated to make use of this. With this in place
          initrds get a slight bit faster but primarily are much
          easier to introspect and debug since "systemctl status" in
          the host system can be used to introspect initrd services,
          and the journal from the initrd is kept around too.

        * systemd-delta has been added, a tool to explore differences
          between user/admin configuration and vendor defaults.

        * PrivateTmp= now affects both /tmp and /var/tmp.

        * Boot time status messages are now much prettier and feature
          proper english language. Booting up systemd has never been
          so sexy.

        * Read-ahead pack files now include the inode number of all
          files to pre-cache. When the inode changes the pre-caching
          is not attempted. This should be nicer to deal with updated
          packages which might result in changes of read-ahead
          patterns.

        * We now temporaritly lower the kernel's read_ahead_kb variable
          when collecting read-ahead data to ensure the kernel's
          built-in read-ahead does not add noise to our measurements
          of necessary blocks to pre-cache.

        * There's now RequiresMountsFor= to add automatic dependencies
          for all mounts necessary for a specific file system path.

        * MountAuto= and SwapAuto= have been removed from
          system.conf. Mounting file systems at boot has to take place
          in systemd now.

        * nspawn now learned a new switch --uuid= to set the machine
          ID on the command line.

        * nspawn now learned the -b switch to automatically search
          for an init system.

        * vt102 is now the default TERM for serial TTYs, upgraded from
          vt100.

        * systemd-logind now works on VT-less systems.

        * The build tree has been reorganized. The individual
          components now have directories of their own.

        * A new condition type ConditionPathIsReadWrite= is now available.

        * nspawn learned the new -C switch to create cgroups for the
          container in other hierarchies.

        * We now have support for hardware watchdogs, configurable in
          system.conf.

        * The scheduled shutdown logic now has a public API.

        * We now mount /tmp as tmpfs by default, but this can be
          masked and /etc/fstab can override it.

        * Since udisks does not make use of /media anymore we are not
          mounting a tmpfs on it anymore.

        * journalctl gained a new --local switch to only interleave
          locally generated journal files.

        * We can now load the IMA policy at boot automatically.

        * The GTK tools have been split off into a systemd-ui.

        Contributions from: Andreas Schwab, Auke Kok, Ayan George,
        Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
        Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
        Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
        Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
        Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
        A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
        Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
        Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
        Gundersen

CHANGES WITH 44:

        * This is mostly a bugfix release

        * Support optional initialization of the machine ID from the
          KVM or container configured UUID.

        * Support immediate reboots with "systemctl reboot -ff"

        * Show /etc/os-release data in systemd-analyze output

        * Many bugfixes for the journal, including endianness fixes and
          ensuring that disk space enforcement works

        * sd-login.h is C++ compatible again

        * Extend the /etc/os-release format on request of the Debian
          folks

        * We now refuse non-UTF8 strings used in various configuration
          and unit files. This is done to ensure we do not pass invalid
          data over D-Bus or expose it elsewhere.

        * Register Mimo USB Screens as suitable for automatic seat
          configuration

        * Read SELinux client context from journal clients in a race
          free fashion

        * Reorder configuration file lookup order. /etc now always
          overrides /run in order to allow the administrator to always
          and unconditionally override vendor-supplied or
          automatically generated data.

        * The various user visible bits of the journal now have man
          pages. We still lack man pages for the journal API calls
          however.

        * We now ship all man pages in HTML format again in the
          tarball.

        Contributions from: Dave Reisner, Dirk Eibach, Frederic
        Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
        Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
        Reding

CHANGES WITH 43:

        * This is mostly a bugfix release

        * systems lacking /etc/os-release  are no longer supported.

        * Various functionality updates to libsystemd-login.so

        * Track class of PAM logins to distinguish greeters from
          normal user logins.

        Contributions from: Kay Sievers, Lennart Poettering, Michael
        Biebl

CHANGES WITH 42:

        * This is an important bugfix release for v41.

        * Building man pages is now optional which should be useful
          for those building systemd from git but unwilling to install
          xsltproc.

        * Watchdog support for supervising services is now usable. In
          a future release support for hardware watchdogs
          (i.e. /dev/watchdog) will be added building on this.

        * Service start rate limiting is now configurable and can be
          turned off per service. When a start rate limit is hit a
          reboot can automatically be triggered.

        * New CanReboot(), CanPowerOff() bus calls in systemd-logind.

        Contributions from: Benjamin Franzke, Bill Nottingham,
        Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
        Schmidt, Michał Górny, Piotr Drąg

CHANGES WITH 41:

        * The systemd binary is installed /usr/lib/systemd/systemd now;
          An existing /sbin/init symlink needs to be adapted with the
          package update.

        * The code that loads kernel modules has been ported to invoke
          libkmod directly, instead of modprobe. This means we do not
          support systems with module-init-tools anymore.

        * Watchdog support is now already useful, but still not
          complete.

        * A new kernel command line option systemd.setenv= is
          understood to set system wide environment variables
          dynamically at boot.

        * We now limit the set of capabilities of systemd-journald.

        * We now set SIGPIPE to ignore by default, since it only is
          useful in shell pipelines, and has little use in general
          code. This can be disabled with IgnoreSIPIPE=no in unit
          files.

        Contributions from: Benjamin Franzke, Kay Sievers, Lennart
        Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
        William Douglas

CHANGES WITH 40:

        * This is mostly a bugfix release

        * We now expose the reason why a service failed in the
          "Result" D-Bus property.

        * Rudimentary service watchdog support (will be completed over
          the next few releases.)

        * When systemd forks off in order execute some service we will
          now immediately changes its argv[0] to reflect which process
          it will execute. This is useful to minimize the time window
          with a generic argv[0], which makes bootcharts more useful

        Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
        Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
        Mike Kazantsev, Ray Strode

CHANGES WITH 39:

        * This is mostly a test release, but incorporates many
          bugfixes.

        * New systemd-cgtop tool to show control groups by their
          resource usage.

        * Linking against libacl for ACLs is optional again. If
          disabled, support tracking device access for active logins
          goes becomes unavailable, and so does access to the user
          journals by the respective users.

        * If a group "adm" exists, journal files are automatically
          owned by them, thus allow members of this group full access
          to the system journal as well as all user journals.

        * The journal now stores the SELinux context of the logging
          client for all entries.

        * Add C++ inclusion guards to all public headers

        * New output mode "cat" in the journal to print only text
          messages, without any meta data like date or time.

        * Include tiny X server wrapper as a temporary stop-gap to
          teach XOrg udev display enumeration. This is used by display
          managers such as gdm, and will go away as soon as XOrg
          learned native udev hotplugging for display devices.

        * Add new systemd-cat tool for executing arbitrary programs
          with STDERR/STDOUT connected to the journal. Can also act as
          BSD logger replacement, and does so by default.

        * Optionally store all locally generated coredumps in the
          journal along with meta data.

        * systemd-tmpfiles learnt four new commands: n, L, c, b, for
          writing short strings to files (for usage for /sys), and for
          creating symlinks, character and block device nodes.

        * New unit file option ControlGroupPersistent= to make cgroups
          persistent, following the mechanisms outlined in
          https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups

        * Support multiple local RTCs in a sane way

        * No longer monopolize IO when replaying readahead data on
          rotating disks, since we might starve non-file-system IO to
          death, since fanotify() will not see accesses done by blkid,
          or fsck.

        * Do not show kernel threads in systemd-cgls anymore, unless
          requested with new -k switch.

        Contributions from: Dan Horák, Kay Sievers, Lennart
        Poettering, Michal Schmidt

CHANGES WITH 38:

        * This is mostly a test release, but incorporates many
          bugfixes.

        * The git repository moved to:
          git://anongit.freedesktop.org/systemd/systemd
          ssh://git.freedesktop.org/git/systemd/systemd

        * First release with the journal
          https://0pointer.de/blog/projects/the-journal.html

        * The journal replaces both systemd-kmsg-syslogd and
          systemd-stdout-bridge.

        * New sd_pid_get_unit() API call in libsystemd-logind

        * Many systemadm clean-ups

        * Introduce remote-fs-pre.target which is ordered before all
          remote mounts and may be used to start services before all
          remote mounts.

        * Added Mageia support

        * Add bash completion for systemd-loginctl

        * Actively monitor PID file creation for daemons which exit in
          the parent process before having finished writing the PID
          file in the daemon process. Daemons which do this need to be
          fixed (i.e. PID file creation must have finished before the
          parent exits), but we now react a bit more gracefully to them.

        * Add colourful boot output, mimicking the well-known output
          of existing distributions.

        * New option PassCredentials= for socket units, for
          compatibility with a recent kernel ABI breakage.

        * /etc/rc.local is now hooked in via a generator binary, and
          thus will no longer act as synchronization point during
          boot.

        * systemctl list-unit-files now supports --root=.

        * systemd-tmpfiles now understands two new commands: z, Z for
          relabelling files according to the SELinux database. This is
          useful to apply SELinux labels to specific files in /sys,
          among other things.

        * Output of SysV services is now forwarded to both the console
          and the journal by default, not only just the console.

        * New man pages for all APIs from libsystemd-login.

        * The build tree got reorganized and the build system is a
          lot more modular allowing embedded setups to specifically
          select the components of systemd they are interested in.

        * Support for Linux systems lacking the kernel VT subsystem is
          restored.

        * configure's --with-rootdir= got renamed to
          --with-rootprefix= to follow the naming used by udev and
          kmod

        * Unless specified otherwise we will now install to /usr instead
          of /usr/local by default.

        * Processes with '@' in argv[0][0] are now excluded from the
          final shut-down killing spree, following the logic explained
          in:
          https://systemd.io/ROOT_STORAGE_DAEMONS/

        * All processes remaining in a service cgroup when we enter
          the START or START_PRE states are now killed with
          SIGKILL. That means it is no longer possible to spawn
          background processes from ExecStart= lines (which was never
          supported anyway, and bad style).

        * New PropagateReloadTo=/PropagateReloadFrom= options to bind
          reloading of units together.

        Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
        Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
        Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
        Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
        Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek