chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Correct a number of trivial typos.
[elogind.git] / NEWS
diff --git a/NEWS b/NEWS
index 2ff6246028650f0146d5ea4aa8693c8a1e69c06f..642ad4d046845978c86df123fdfabab26a62275f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,15 @@ CHANGES WITH 239 in spe:
           both runtime and persistent enablement/masking, i.e. it will remove
           any relevant symlinks both in /run and /etc.
 
+        * Note that all long-running system services shipped with elogind will
+          now default to a system call whitelist (rather than a blacklist, as
+          before). In particular, elogind-udevd will now enforce one too. For
+          most cases this should be safe, however downstream distributions
+          which disabled sandboxing of elogind-udevd (specifically the
+          MountFlags= setting), might want to disable this security feature
+          too, as the default whitelisting will prohibit all mount, swap,
+          reboot and clock changing operations from udev rules.
+
         * sd-boot acquired new loader configuration settings to optionally turn
           off Windows and MacOS boot partition discovery as well as
           reboot-into-firmware menu items. It is also able to pick a better
Unnamed repository; edit this file 'description' to name the repository.