update NEWS
This commit is contained in:
parent
6f659e5075
commit
e01d9e2193
9
NEWS
9
NEWS
|
@ -46,6 +46,15 @@ CHANGES WITH 239 in spe:
|
||||||
both runtime and persistent enablement/masking, i.e. it will remove
|
both runtime and persistent enablement/masking, i.e. it will remove
|
||||||
any relevant symlinks both in /run and /etc.
|
any relevant symlinks both in /run and /etc.
|
||||||
|
|
||||||
|
* Note that all long-running system services shipped with systemd will
|
||||||
|
now default to a system call whitelist (rather than a blacklist, as
|
||||||
|
before). In particular, systemd-udevd will now enforce one too. For
|
||||||
|
most cases this should be safe, however downstream distributions
|
||||||
|
which disabled sandboxing of systemd-udevd (specifically the
|
||||||
|
MountFlags= setting), might want to disable this security feature
|
||||||
|
too, as the default whitelisting will prohibit all mount, swap,
|
||||||
|
reboot and clock changing operations from udev rules.
|
||||||
|
|
||||||
* sd-boot acquired new loader configuration settings to optionally turn
|
* sd-boot acquired new loader configuration settings to optionally turn
|
||||||
off Windows and MacOS boot partition discovery as well as
|
off Windows and MacOS boot partition discovery as well as
|
||||||
reboot-into-firmware menu items. It is also able to pick a better
|
reboot-into-firmware menu items. It is also able to pick a better
|
||||||
|
|
Loading…
Reference in New Issue