update NEWS

2024-11-23 18:23:32 +08:00 · 2019-11-20 12:47:52 +01:00 · 2019-11-20 12:47:52 +01:00 · 168e131b8b
commit 168e131b8b
parent 8490fc7aef
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@ -187,6 +187,19 @@ CHANGES WITH 244 in spe:
          used by the user service manager. The default is again to use the same
          path as the system manager.

+        * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
+          outputting the 128bit IDs in UUID format (i.e. in the "canonical
+          representation").
+
+        * Service units gained a new sandboxing option ProtectKernelLogs= which
+          makes sure the program cannot get direct access to the kernel log
+          buffer anymore, i.e. the syslog() system call (not to be confused
+          with the API of the same name in libc, which is not affected), the
+          /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
+          inaccessible to the service. It's recommended to enable this setting
+          for all services that should not be able to read from or write to the
+          kernel log buffer, which are probably almost all.
+
 CHANGES WITH 243:

        * This release enables unprivileged programs (i.e. requiring neither