Features:
+* in the final killing spree, detect processes from the root directory, and
+ complain loudly if they have argv[0][0] == '@' set.
+ https://bugzilla.redhat.com/show_bug.cgi?id=961044
+
+* read the kernel's console "debug" keyword like we read "quiet" and adjust:
+ systemd.log_level=debug and maybe systemd.log_target=kmsg
+
+* add an option to nspawn that uses seccomp to make socket(AF_NETLINK,
+ SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that
+ makes the audit userspace to think auditing is not available in the
+ kernel.
+
* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on
https://bugzilla.redhat.com/show_bug.cgi?id=952634
- pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree
- logind: GetSessionByPID() should accept 0 as PID value
- we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case
- - add configuration/switches to use
- freeze (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git) and
- standby (https://bugs.freedesktop.org/show_bug.cgi?id=57793) as suspend modes
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
* ExecOnFailure=/usr/bin/foo
-* ConditionSecurity= should learn about IMA and SMACK
-
* udev:
- remove src/udev/udev-builtin-firmware.c (CONFIG_FW_LOADER_USER_HELPER=n)
- move to LGPL