both runtime and persistent enablement/masking, i.e. it will remove
any relevant symlinks both in /run and /etc.
+ * Note that all long-running system services shipped with elogind will
+ now default to a system call whitelist (rather than a blacklist, as
+ before). In particular, elogind-udevd will now enforce one too. For
+ most cases this should be safe, however downstream distributions
+ which disabled sandboxing of elogind-udevd (specifically the
+ MountFlags= setting), might want to disable this security feature
+ too, as the default whitelisting will prohibit all mount, swap,
+ reboot and clock changing operations from udev rules.
+
* sd-boot acquired new loader configuration settings to optionally turn
off Windows and MacOS boot partition discovery as well as
reboot-into-firmware menu items. It is also able to pick a better
system namespacing options. One such service is elogind-udevd.service
wher this is now used by default.
+ * A new unit "system-update-pre.target" is added, which defines an
+ optional synchronization point for offline system updates, as
+ implemented by the pre-existing "system-update.target" unit. It
+ allows ordering services before the service that executes the actual
+ update process in a generic way.
+
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
J. Murrell, Bruno Vernay, Chris Lesiak, Christian Brauner, Christian