X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=972b9b0b11d49d30993db3a611c21904b1c29442;hp=76aec064721e153e9df2a7ffab0ef1a1f947e16f;hb=04f2a4fb6eded359cc8be1ba4ce33d7f7db6919f;hpb=19f8fd9088f02c672f42cf1005c43cb5aac18e93

diff --git a/NEWS b/NEWS
index 76aec0647..972b9b0b1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,24 +1,58 @@
+udev 137
+========
+Bugfixes.
+
+The udevadm test command has no longer a --force option, nodes and symlinks
+are always updated with a test run now.
+
+The udevd daemon can be started with --resolve-names=never to avoid all user
+and group lookups (e.g. in cut-down systems) or --resolve-names=late to
+lookup user and groups every time events are handled.
+
 udev 136
 ========
 Bugfixes.
 
-For some more advanced features Linux 2.6.22 is the oldest supported
-version now. The kernel config with enabled SYSFS_DEPRECATED
-is no longer supported. Older kernels should still work, and devices
-nodes should be reliably created, but some rules and libudev will
-not work correctly because the old kernels do not provide the expected
-information or interfaces.
+We are currently merging the Ubuntu rules in the udev default rules,
+and get one step closer to provide a common Linux /dev setup, regarding
+device names, symlinks, and default device permissions. On udev startup,
+we now expect the following groups to be resolvable to their ids with
+glibc's getgrnam():
+  disk, cdrom, floppy, tape, audio, video, lp, tty, dialout, kmem.
+LDAP setups need to make sure, that these groups are always resolvable at
+bootup, with only the rootfs mounted, and without network access available.
+
+Some systems may need to add some new, currently not used groups, or need
+to add some users to new groups, but the cost of this change is minimal,
+compared to the pain the current, rather random, differences between the
+various distributions cause for upstream projects and third-party vendors.
+
+In general, "normal" users who log into a machine should never be a member
+of any such group, but the device-access should be managed by dynamic ACLs,
+which get added and removed for the specific users on login/logout and
+session activity/inactivity. These groups are only provided for custom setups,
+and mainly system services, to allow proper privilege separation.
+A video-streaming daemon uid would be a member of "audio" and "video", to get
+access to the sound and video devices, but no "normal" user should ever belong
+to the "audio" group, because he could listen to the built-in microphone with
+any ssh-session established from the other side of the world.
 
 /dev/serial/by-{id,path}/ now contains links for ttyUSB devices,
 which do not depend on the kernel device name. As usual, unique
 devices - only a single one per product connected, or a real
 USB serial number in the device - are always found with the same
 name in the by-id/ directory.
-Completely Identical devices may overwrite their names in by-id/
+Completely identical devices may overwrite their names in by-id/
 and can only be found reliably in the by-path/ directory. Devices
 specified by by-path/ must not change their connection, like the
 USB port number they are plugged in, to keep their name.
 
+To support some advanced features, Linux 2.6.22 is the oldest supported
+version now. The kernel config with enabled SYSFS_DEPRECATED is no longer
+supported. Older kernels should still work, and devices nodes should be
+reliably created, but some rules and libudev will not work correctly because
+the old kernels do not provide the expected information or interfaces.
+
 udev 135
 ========
 Bugfixes.