diff --git a/NEWS b/NEWS index e000e43ebba..74dc7e368e5 100644 --- a/NEWS +++ b/NEWS @@ -49,6 +49,45 @@ CHANGES WITH 245 in spe: https://systemd.io/GROUP_RECORD https://systemd.io/USER_GROUP_API + * A small new service systemd-homed.service has been added, that may be + used to securely manage home directories, with built-in encryption + and unifying the user's own home directory data together with + complete user record data in a single place, thus making home + directories naturally migratable. Its primary back-end is based on + LUKS volumes, but it also supports fscrypt, plain directories and + more. It solves a couple of problems we saw with traditional ways to + manage home directories, in particular when it comes to + encryption. For further discussion of this, see the video of + Lennart's talk at AllSystemsGo! 2019: + + https://media.ccc.de/v/ASG2019-164-reinventing-home-directories + + For further details about the format and expectations on home + directories this new daemon makes, see: + + https://systemd.io/HOME_DIRECTORY + + * systemd-journald is now multi-instantiable. In addition to the main + instance systemd-journald.service there's now a template unit + systemd-journald@.service that can be instantiated multiple times, + each time defining a new named log 'namespace' (whose name is + specified via the instance part of the instance unit name). A new + unit file setting LogNamespace= has been added, taking such a + namespace name, that allows assigning services to such log + namespaces. As each log namespace is serviced by its own, independent + journal daemon this functionality may be use to improve performance + and increase isolation of applications, at the price of losing global + message ordering. Each daemon may have a separate set of + configuration files, with possibly different disk space settings and + such. journalctl has been updated to take a new option --namespace= + which allows viewing logs from a specific log namespace. The + sd-journal.h API gained sd_journal_open_namespace() for opening the + log stream of a specific log namespace. systemd-journald also gained + the ability to exit on idle, which is useful in the context of log + namespaces, as this means log daemons for log namespaces can be + activated automatically on demand and stop automatically when no + longer used, minimizing resource usage. + * When systemd-tmpfiles copies a file tree using the 'C' line type it will now implicitly label every copied file matching the SELinux database. @@ -112,6 +151,10 @@ CHANGES WITH 245 in spe: support for a special new value "dhcp". If set the configured static route uses the gateway host configured via DHCP. + * A new User= setting has been implemented for the [RoutingPolicyRule] + section of .network files for configuring source routing based on UID + ranges. + * sd-bus gained a new API call sd_bus_message_sensitive() for marking a D-Bus message object as "sensitive". Objects that are marked that way are erased from memory when they are freed. This concept is intended @@ -121,6 +164,13 @@ CHANGES WITH 245 in spe: vtables like this, so that this new message flag is implicitly set for incoming and outgoing messages of specific methods. + * sd-bus gained a new API call sd_bus_message_dump() for dumping the + contents of a message (or parts thereof) onto standard output, for + debugging purposes. + + * systemd-sysusers gained support for creating users with primary + groups named differently than the user itself. + * systemd-resolved's DNS-over-TLS support gained SNI validation. * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)