NEWS: add more news

diff --git a/NEWS b/NEWS
index 44c57ef42a300124e6dbff01a567ceafe07d1f90..d068ddfd92719bd2995ec7eba2085d93cd711f38 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -53,11 +53,15 @@ CHANGES WITH 239 in spe:
 
         * The elogind-resolve tool has been renamed to resolvectl (it also
         * elogind-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
-          turned off by default, use PrivateDNS=yes to turn it on in
+          turned off by default, use PrivateDNS=opportunistic to turn it on in
           resolved.conf. We intend to make this the default as soon as couple
           of additional techniques for optimizing the initial latency caused by
           establishing a TLS/TCP connection are implemented.
 
+        * elogind-resolved.service and elogind-networkd.service now set
+          DynamicUser=yes. The users elogind-resolve and elogind-network are
+          not created by elogind-sysusers.
+
           remains available under the old name, for compatibility), and its
           interface is now verb-based, similar in style to the other <xyz>ctl
           tools, such as systemctl or loginctl.
@@ -200,6 +204,11 @@ CHANGES WITH 239 in spe:
           about its state.
 
         * elogind-nspawn gained a new --rlimit= switch for setting initial
+        * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
+          understood by elogind-timedated. It takes a colon-separated list of
+          unit names of NTP client services. The list is used by
+          "timedatectl set-ntp".
+
           resource limits for the container payload. There's a new switch
           --hostname= to explicitly override the container's hostname. A new
           --no-new-privileges= switch may be used to control the
@@ -285,6 +294,15 @@ CHANGES WITH 239 in spe:
           query the default, built-in $PATH PID 1 will pass to the services it
           manages.
 
+        * A new unit file setting PrivateMounts= has been added. It's a boolean
+          option. If enabled the unit's processes are invoked in their own file
+          system namespace. Note that this behaviour is also implied if any
+          other file system namespacing options (such as PrivateTmp=,
+          PrivateDevices=, ProtectSystem=, …) are used. This option is hence
+          primarily useful for services that do not use any of the other file
+          system namespacing options. One such service is elogind-udevd.service
+          wher this is now used by default.
+
         Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
         Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud
         Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian