system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 02:05:05 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Update NEWS

Browse source 
Fix typos, improve /dev exec/noexec description
This commit is contained in:
Topi Miettinen 2021-02-23 17:58:28 +00:00 committed by Zbigniew Jędrzejewski-Szmek
parent eceb61112c
commit 64297c8605
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
NEWS
View file

@ -118,7 +118,7 @@ CHANGES WITH 248:
unified v2 cgroup hierachy is used, and "v1" means that legacy v1
hierarchy or the hybrid hierarchy are used.
* The tables of system calls in seccomps filters are now automatically
* The tables of system calls in seccomp filters are now automatically
generated from kernel lists exported on
https://fedora.juszkiewicz.com.pl/syscalls.html.
@ -223,8 +223,10 @@ CHANGES WITH 248:
as device properties under the /sys/class/dmi/id/ pseudo device.
* /dev/ is not mounted noexec anymore. This didn't provide any
significant security benefits and would conflicts with the executable
mappings used with /dev/sgx device nodes.
significant security benefits and would conflict with the executable
mappings used with /dev/sgx device nodes. The previous behaviour can
be restored for individual services with NoExecPaths=/dev (or by allow-
listing and excluding /dev from ExecPaths=).
* Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
and /dev/vhost-net are owned by the kvm group.