diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-11-20 12:47:52 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-20 16:16:46 +0100 |
| commit | 168e131b8b18fb6b23beb0409b2a65d244d99033 (patch) | |
| tree | 492baa0c36f1ed63f9dc2edcc6ff61bc7d4f4804 /NEWS | |
| parent | 8490fc7aefc078785de9b42ec78398a5799795c3 (diff) | |
| download | systemd-168e131b8b18fb6b23beb0409b2a65d244d99033.tar.gz | |
update NEWS
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -187,6 +187,19 @@ CHANGES WITH 244 in spe: used by the user service manager. The default is again to use the same path as the system manager. + * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for + outputting the 128bit IDs in UUID format (i.e. in the "canonical + representation"). + + * Service units gained a new sandboxing option ProtectKernelLogs= which + makes sure the program cannot get direct access to the kernel log + buffer anymore, i.e. the syslog() system call (not to be confused + with the API of the same name in libc, which is not affected), the + /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made + inaccessible to the service. It's recommended to enable this setting + for all services that should not be able to read from or write to the + kernel log buffer, which are probably almost all. + CHANGES WITH 243: * This release enables unprivileged programs (i.e. requiring neither |