From 0d2592f8b1f71c81d7710c92421ef06e5d4c4825 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 14:52:57 +0900 Subject: [PATCH] NEWS: add more news --- NEWS | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 44c57ef42..d068ddfd9 100644 --- a/NEWS +++ b/NEWS @@ -53,11 +53,15 @@ CHANGES WITH 239 in spe: * The elogind-resolve tool has been renamed to resolvectl (it also * elogind-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still - turned off by default, use PrivateDNS=yes to turn it on in + turned off by default, use PrivateDNS=opportunistic to turn it on in resolved.conf. We intend to make this the default as soon as couple of additional techniques for optimizing the initial latency caused by establishing a TLS/TCP connection are implemented. + * elogind-resolved.service and elogind-networkd.service now set + DynamicUser=yes. The users elogind-resolve and elogind-network are + not created by elogind-sysusers. + remains available under the old name, for compatibility), and its interface is now verb-based, similar in style to the other ctl tools, such as systemctl or loginctl. @@ -200,6 +204,11 @@ CHANGES WITH 239 in spe: about its state. * elogind-nspawn gained a new --rlimit= switch for setting initial + * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now + understood by elogind-timedated. It takes a colon-separated list of + unit names of NTP client services. The list is used by + "timedatectl set-ntp". + resource limits for the container payload. There's a new switch --hostname= to explicitly override the container's hostname. A new --no-new-privileges= switch may be used to control the @@ -285,6 +294,15 @@ CHANGES WITH 239 in spe: query the default, built-in $PATH PID 1 will pass to the services it manages. + * A new unit file setting PrivateMounts= has been added. It's a boolean + option. If enabled the unit's processes are invoked in their own file + system namespace. Note that this behaviour is also implied if any + other file system namespacing options (such as PrivateTmp=, + PrivateDevices=, ProtectSystem=, …) are used. This option is hence + primarily useful for services that do not use any of the other file + system namespacing options. One such service is elogind-udevd.service + wher this is now used by default. + Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale, Alexander Kurtz, Alex Gartrell, Anssi Hannula, Antique, Arnaud Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lesiak, Christian -- 2.30.2