+* service: when killing a service with SIGKILL always kill all processes, even if for SIGTERM we only killed the main process
+
+* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
+
+* DeviceAllow/DeviceDeny: disallow everything by default, but whitelist /dev/zero, /dev/null and friends