[ubuntu/artful-proposed] systemd 234-2ubuntu1 (Accepted)

Dimitri John Ledkov launchpad at surgut.co.uk
Thu Jul 27 06:35:19 UTC 2017 

systemd (234-2ubuntu1) artful; urgency=medium

  [ Dimitri John Ledkov ]
  * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x.
    New udev generates stable interface names on s390x kvm instances, however, upon
    upgrades existing ethX names should be preserved to prevent breaking networking
    and software configurations.
    This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437)
  * Set UseDomains to true, by default, on Ubuntu.
    On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
    to a preset 3rd party by default. In resolved, dnssec is also disabled by
    default, as too much of the internet is broken and using Ubuntu users to debug
    the internet is not very productive - most of the time the end-user cannot fix
    or know how to notify the site owners about the dnssec mistakes. Inherintally
    the DHCP acquired DNS servers are therefore trusted, and are free to spoof
    records. Not trusting DNS search domains, in such scenario, provides limited
    security or privacy benefits. From user point of view, this also appears to be
    a regression from previous Ubuntu releases which do trust DHCP acquired search
    domains by default.
    Therefore we are enabling UseDomains by default on Ubuntu.
    Users may override this setting in the .network files by specifying
    [DHCP|IPv6AcceptRA] UseDomains=no|route options.
  * resolved: create private stub resolve file for integration with resolvconf.
    The stub-resolve.conf file points at resolved stub resolver, but also lists the
    available search domains. This is required to correctly resolve domains without
    using resolve nss module.
  * Enable systemd-resolved by default
  * Create /etc/resolv.conf at postinst, pointing at the stub resolver.
    The stub resolver file is dynamically managed by systemd-resolved. It points at
    the stub resolver as the nameserver, however it also dynamically updates the
    search stanza, thus non-nss dns tools work correctly with unqualified names and
    correctly use the DHCP acquired search domains.
  * libnss-resolve: do not disable and stop systemd-resolved
    resolved is always used by default on ubuntu via stub resolver, therefore it
    should continue to operate without libnss-resolve module installed.
  * modprobe.d: set max_bonds=0 for bonding module to prevent bond0 creation.
    This prevents confusing networkd, and allows networkd to manage bond0.
  * Cherrypick upstream networkd-test.py assertion/check fixes.
    This resolves ADT test suite failures, when running tests under lxc/lxd
    providers.
  * Cherrypick arm* seccomp fixes.
    This should resolve ADT test failures, on arm64, when running as root.
  * Re-enable seccomp and execute tests on arm.

  [ Balint Reczey ]
  * Skip starting systemd-remount-fs.service in containers
    even when /etc/fstab is present.
    This allows entering fully running state even when /etc/fstab
    lists / to be mounted from a device which is not present in the
    container. (LP: #1576341)

  [ Michael Biebl ]
  * selinux: Enable labeling and access checks for unprivileged users.
    Revert commit that inadvertently broke a lot of SELinux related
    functionality for both unprivileged users and systemd instances running
    as MANAGER_USER and instead deal with the auditd issue by checking for
    the CAP_AUDIT_WRITE capability before opening an audit netlink socket.
    (Closes: #863800)

systemd (234-2) unstable; urgency=medium

  [ Martin Pitt ]
  * udev README.Debian: Fix name of example *.link file

  [ Felipe Sateler ]
  * test-condition: Don't assume that all non-root users are normal users.
    Automated builders may run under a dedicated system user, and this test
    would fail that.

  [ Michael Biebl ]
  * Revert "units: Tell login to preserve environment"
    Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is
    not unsetting the variables but instead sets it to an empty var. Passing
    that environment to login messes up the system locale settings and
    breaks programs like gpg-agent.
    (Closes: #868695)

Date: 2017-07-25 13:14:24.986726+00:00
Changed-By: Dimitri John Ledkov <launchpad at surgut.co.uk>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/systemd/234-2ubuntu1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list