diff options
| author | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2021-02-23 17:58:28 +0000 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-02-23 19:34:13 +0100 |
| commit | 64297c86059c90761359269893de8999c4a8d642 (patch) | |
| tree | a461647cf2cd462e2cebfb20d671093af7288b2f /NEWS | |
| parent | eceb61112c8ece03adfb4fcbc83e357875ca0ceb (diff) | |
| download | systemd-64297c86059c90761359269893de8999c4a8d642.tar.gz | |
Update NEWS
Fix typos, improve /dev exec/noexec description
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -118,7 +118,7 @@ CHANGES WITH 248: unified v2 cgroup hierachy is used, and "v1" means that legacy v1 hierarchy or the hybrid hierarchy are used. - * The tables of system calls in seccomps filters are now automatically + * The tables of system calls in seccomp filters are now automatically generated from kernel lists exported on https://fedora.juszkiewicz.com.pl/syscalls.html. @@ -223,8 +223,10 @@ CHANGES WITH 248: as device properties under the /sys/class/dmi/id/ pseudo device. * /dev/ is not mounted noexec anymore. This didn't provide any - significant security benefits and would conflicts with the executable - mappings used with /dev/sgx device nodes. + significant security benefits and would conflict with the executable + mappings used with /dev/sgx device nodes. The previous behaviour can + be restored for individual services with NoExecPaths=/dev (or by allow- + listing and excluding /dev from ExecPaths=). * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock and /dev/vhost-net are owned by the kvm group. |