RHBA-2015:2092 systemd bug fix and enhancement update

Updated -

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.

The systemd packages have been upgraded to upstream version 219, which provides a number of bug fixes and enhancements over the previous version. Notably (BZ#1199644):

  • The systemd-tmpfiles tool gained support for a new "v" line type for creating btrfs subvolumes. If the underlying file system is a legacy file system, this automatically degrades to creating a normal directory. Among others, the /var/lib/machines/ directory, if it is missing, is now created in this way at boot time.

  • The /var/lib/containers/ directory has been deprecated and replaced by /var/lib/machines/. The term "machines" has been used in the systemd context as a generic term for both Virtaul Machines (VMs) and containers, and therefore seems more appropriate, as the directory can also contain raw images bootable via QEMU/KVM.

  • The "loginctl user-status" and "loginctl session-status" commands now show the last 10 lines of log messages of the user and session respectively following the status output. Similarly, the "machinectl status" command shows the last 10 log lines associated with a virtual machine or container service.

  • The "loginctl session-status" command without further argument shows the status of the caller's session. Similarly, the "lock-session", "unlock-session", "activate", "enable-linger", and "disable-linger" commands cannot be called without the session or user parameter in which case they apply to the caller's session or user respectively.

  • The systemd-tmpfiles tool gained support for "a" lines for setting ACLs on files.

  • The systemd service now exposes the memory.usage_in_bytes cgroup attribute and shows it for each service in the "systemctl status" output, if available.

  • When the user presses Ctrl-Alt-Del more than seven times within 2s, an immediate reboot is triggered. This feature is useful if shutdown is hung and is unable to complete, to expedite the operation. Note that this kind of reboot still unmounts all file systems, and hence should not result in fsck being run on next reboot.

  • Similar to the various existing "ConditionXYZ=" settings for units, there are now matching "AssertXYZ=" settings. While failing conditions cause a unit to be skipped, but its job to succeed, failing assertions declared like this cause a unit start operation and its job to fail.

  • The systemctl utility gained a new "edit" command. When used on a unit file, this allows extending unit files with .d/ drop-in configuration snippets or editing the full file (after copying it from /usr/lib/ to /etc/). This invokes the user's editor (as configured with $EDITOR), and reloads the modified configuration after editing.

  • All systemd programs that read stand-alone configuration files in the /etc/ directory now also support a corresponding series of /.conf.d/ configuration directories in /etc/, /run/, /usr/local/lib/, /usr/lib/, and (if configured with the --enable-split-usr option) /lib/. In particular, the following configuration files now have corresponding configuration directories: system.conf, user.conf, logind.conf, journald.conf, sleep.conf, bootchart.conf, coredump.conf, resolved.conf, timesyncd.conf, journal-remote.conf, and journal-upload.conf. Note that distributions should use the configuration directories in /usr/lib/; the directories in /etc/ are reserved for the system administrator.

  • The journalctl utility gained the new "-t" and "--identifier=" options to match on the syslog identifier (also known as "tag"), as well as the "--utc" option to show log time stamps in the UTC timezone. The journalctl utility now also accepts "-n" and "--lines=all" options to disable line capping in a pager.

  • Services with "Type=oneshot" no longer have to have any ExecStart commands.

  • The udev rules can now remove tags on devices with TAG-="foobar".

  • If the word "rescue" is specified on the kernel command line, the system now boots into rescue mode (also known as rescue.target), which was previously available only by specifying "1" or "systemd.unit=rescue.target" on the kernel command line. This new kernel command-line option mirrors the already existing "emergency" kernel command-line option.

  • With this update, the logind daemon uses a new session type "web" in projects like Cockpit which register web clients as PAM sessions.

  • Timer units with at least one OnCalendar= setting are now started only after timer-sync.target has been reached. This way they do not elapse before the system clock has been corrected by a local Network Time Protocol (NTP) client or similar. This is particularly useful on RTC-less embedded machines that come up with an invalid system clock.

  • The systemd-analyze utility gained a new command "verify" for offline validation of unit files.

  • A new system group "input" has been introduced, and all input device nodes get this group assigned. This enables for system-level software to get access to input devices and complements what is already provided for "audio" and "video".

  • The "systemctl is-system-running" command has been added that allows checking the overall state of the system, for example whether it is fully up and running.

  • The [Install] section in unit files gained a new DefaultInstance= field for defining the default instance to create if a template unit is enabled with no instance specified.

  • Linux Standard Base (LSB) init scripts exposing a dependency on $network now get a dependency on network-online.target rather than simply network.target. This brings LSB handling closer to the logic used on SysV systems.

  • The PrivateDevices= unit file setting now also drops the CAP_MKNOD capability from the capability bound set, and imply DevicePolicy=closed.

  • Native tcpwrap support in systemd has been deprecated. For setups that require tcpwrap usage, consider invoking your socket-activated service using the tcpd daemon, like on traditional the inetd daemon.

  • A new condition check ConditionArchitecture= has been added to conditionalize units based on the system architecture, as reported by the uname()'s "machine" field..

  • This update adds a new tool to save and restore the rfkill state on shutdown and boot.

  • The systemctl utility gained a new "list-timers" command to print a listing of installed timer units with the times they elapse next.

  • The JoinsNamespaceOf= dependency type has been added which allows running two services within the same /tmp and network name space if PrivateNetwork= or PrivateTmp= are used.

  • The systemctl utility supports globbing on the various "list-xyz" commands, such as "list-units" or "list-sockets", as well as on those commands which take multiple unit names.

  • A new PrivateDevices= switch has been added to service units which allows running a service with a namespaced /dev directory that does not contain any device nodes for physical devices. More specifically, it only includes devices such as /dev/null, /dev/urandom, and /dev/zero which are API entry points.

  • This update also adds a new tool "systemd-socket-proxyd" which can act as a bidirectional proxy for TCP sockets. This tool is used for adding socket activation support to services that do not actually support socket activation, including for example virtual machines.

  • The systemd-run and systemd-analyze utilities gained support for the "-H" option to connect to remote hosts via SSH. This is particularly useful for systemd-run because it enables queuing of jobs onto remote systems.

  • A new command "cat" has been added to the systemctl utility. It outputs the original unit file of a unit, and concatenates the contents of additional "drop-in" unit file snippets, so that the full configuration is shown.

  • Mount points in the fstab file were not previously checked, and thus were not mounted in initramfs. This bug has been fixed within this rebase, and mount points in the fstab are now checked and mounted as expected.

  • The $XDG_RUNTIME_DIR runtime directories for each user are now individual tmpfs instances, which have the benefit of introducing separate pools for each user, with individual size limits, and thus making sure that unprivileged clients can no longer negatively impact the system or other users by filling up their $XDG_RUNTIME_DIR. A new logind.conf setting RuntimeDirectorySize= has been introduced that allows controlling the default size limit for all users. It defaults to 10% of the available physical memory. This is no replacement for quotas on tmpfs though (which the kernel still does not support), as the /dev/shm and /tmp directories are still shared resources used by both the system and unprivileged users.

  • PID 1 now maintains a system-wide system state engine with the states "starting", "running", "degraded", "maintenance", and "stopping". These states are bound to system startup, normal runtime, runtime with at least one failed service, rescue and emergency mode and system shutdown. These states are shown in the "systemctl status" output when no unit name is passed. This feature is used to determine system state, in particular for many systems or containers at once.

  • A new fsck.repair= kernel option has been added to control how fsck deals with unclean file systems at boot time.

  • Services can now notify the manager before they start a reload by sending RELOADING=1 or shutdown by sending STOPPING=1. This allows the manager to track and show the internal state of daemons and closes a race condition when the process is still running but has closed its D-Bus connection.

  • The systemd service now provides a way to store file descriptors per-service in PID 1. This is used for daemons to ensure that file descriptors they require are not lost during a daemon restart. The file descriptors are passed to the daemon on the next invocation in the same way socket activation file descriptors are passed. This is now used by journald to ensure that the various sockets connected to all the system's stdout/stderr are not lost when journald is restarted. File descriptors may be stored in PID 1 via the sd_pid_notify_with_fds() API, an extension to the sd_notify() function. Note that a limit is enforced on the number of file descriptors a service can store in PID 1, and it defaults to 0, so that no file descriptors can be stored, unless this is explicitly turned on.

  • The systemd service no longer leaves the /sys/fs/cgroup file mounted as read-write, but rather remounts /sys/fs/cgroup as read-only after all kernel supported controllers are mounted under this location during system boot. If some cgroup controller is not compiled and is also not mounted by systemd, the user must remount /sys/fs/cgroup to be writable again (mount /sys/fs/cgroup/ -o rw,remount), before trying to mount the controller.

This update also fixes the following bugs:

  • Without proper respective systemd rules, the hotplug memory previously did not come online automatically. A new udev rule has been added to 40-redhat.rules, which allows newly added memory come online automatically. (BZ#1105020)

  • Previously, the Small Computer System Interface (SCSI) generic module was unconditionaly loaded by iprutils init scripts. Starting with Red Hat Enterprise Linux version 7.1, these init scripts were removed and replaced with a unit-file, which does not load the sg module. This update adds a new udev rule to the 40-redhat.rules, and thus provides automatic loading of the sg module when SCSI devices are detected. (BZ#1193817)

  • Previously, some third-party init scripts did not explicitly require a network, but had a high start number, which on older systems guaranteed a network to be accessible. This update adds a dependency to network-online.target for all services with a start number higher than 10. (BZ#1189253)

  • Previously, different database names were used for a device with major and minor numbers attached and for a device with no numbers attached. Also, different paths were used at various events depending on whether the device number was copied or not. As a consequence, the udev utility or the systemd service created unexpected symlinks in the /dev/disk/by-id/ directory. This update makes sure the device number is always copied, and udev and systemd now work as expected. (BZ#1157344)

  • Certain Mellanox network cards did not communicate with the firmware correctly, which caused the udev utility to provide the same name for two different ports. The naming convention has been changed, and different ports are now assigned with unique names as expected. (BZ#1160345)

  • Previously, there was no way to easily set up the dependencies for some mounts, which led to the machine halt without booting up and asking for the root password. This update adds "x-systemd.requires" and "x-systemd.requires-mounts-for" systemd fstab options, and the system now boots successfully without any intervention. (BZ#1164334)

  • Previously, migrating several guests at once in some cases failed with the "did not receive reply" error. This update improves the responsiveness of the systemd service when handling multiple guests at the same time, which prevents the described problem from occurring. (BZ#1172387)

  • Previously, the systemd service in some cases printed the "Failed to reset devices.list on /machine.slice: Invalid argument" redundant error message in the journald log. With this update, the log_level value for these messages has been lowered, which prevents them from being logged. (BZ#1178848)

  • Not being enabled for all types of network mounts, user quota for LVM volumes created over iSCSI devices were previously not enabled. With this update, qoutas on purely network file systems like NFS are no longer enabled, and user quota is now enabled for LVM volumes as expected. (BZ#1207153)

  • Prior to this update, using the "systemd-run" command to create a scope unit file led to the systemd service becoming unresponsive. This update removes several unintended segments of "systemd-run" code, which prevents systemd from hanging in the described scenario. (BZ#1215823)

  • Previously, the systemd service sometimes did not detect correctly whether the IPv6 connection was enabled or not. As a consequence, systemd attempted to add an IPv6 loopback device and reported an error. This update improves the detection process, and systemd no longer tries to add an IPv6 loopback device when IPv6 is not enabled. (BZ#1225228)

  • Previously, the pam_systemd utility did not change the XDG_RUNTIME_DIR environment variable on user switch. Consequently, applications using XDG_RUNTIME_DIR tried to access data of another user and received "access denied" messages. With this update, pam_systemd unsets XDG_RUNTIME_DIR when switching users while on the same session. As a result, applications no longer try to access data of a different user in the described situation. (BZ#1226472)

  • Due to wrong permissions of the /run/log/journal file, using the journalctl command to view user session logs did not work. With this update, permissions of /run/log/journal have been adjusted so that members of adm and wheel groups can read it. As a result, the journalctl command now works as expected. (BZ#1240511)

In addition, this update adds the following enhancements:

  • Prior to this update, the administrator could enable the unit file only to a target specified in the [Install] section of the unit file using the "systemctl enable" command or had to create the link to .wants/ and .require/ directories manually. This update introduces the "systemctl add-wants" and "systemctl add-requires" commands which enable the unit file to a target (systemctl add-wants sysinit.target cups.service). (BZ#1135988)

  • This update provides udev identifiers based on physical layer of the OSI model (PHY) identifier, so that both ID_SAS_PATH and ID_PATH identifiers are set for Serial Attached SCSI (SAS) disk drives. (BZ#957112)

  • A new systemd-debug-generator has been added with three new options to be used on the kernel line:

    • systemd.mask, which masks a unit for one boot;
    • systemd.wants, which adds an extra unit to boot transaction;
    • systemd.debug-shell, which enables debug shell.

    For details see the systemd-debug-generator(8) man pages. (BZ#1015485)

  • Settings from the sysctl.conf file for bridges were previously applied only during boot. However, the kernel bridge module could be loaded later and such a setting was thus not applied. As a consequence, bridged connections to virtual machines did not work properly. With this update, a udev rule has been added, which makes sure the setting added even after a bridge module is loaded. Now, bridged connections work as expected. (BZ#1182105)

  • This enhancement update adds the systemd-journal-upload command to allow logs to be shipped to a remote log consolidator, and the systemd-journal-remote command to allow logs to be received on a remote log consolidator. (BZ#1193375)

  • This enhancement update backports the systemd-213 CPUQuota feature. CPUQuota assigns the specified CPU time quota to the processes executed. CPUQuota takes a percentage value, suffixed with "%". The percentage specifies how much CPU time the unit gets at maximum, relative to the total CPU time available on one CPU. (BZ#1193470)

  • This update introduces the KillMode=mixed killing procedure configuration which sends the SIGTERM signal only to the main process, but SIGKILL to all daemon processes. Also, KillMode=mixed fixes some race conditions with terminating "systemd --user" where the system systemd instance could race against the user systemd instance when sending SIGTERM. (BZ#1193824)

  • This update allows the user to use the "-y" fsck repair option in the command line as some unattended systems do not have a console attached and entering the default rescue mode is not helpful. This option is used to attempt to fix all file system errors. (BZ#1227922)

Users of systemd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. The system must be rebooted for this update to take effect.

For more information on this erratum, see also RHBA-2015-2092.