shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-18 06:03:42 +03:00
Code

update NEWS

Browse Source
This commit is contained in:
Lennart Poettering 2020-07-07 11:48:45 +02:00
parent cbe952fe1f
commit 5d043c9fdf
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
NEWS
View File

@ -91,6 +91,15 @@ CHANGES WITH 246 in spe:
from the documentation, but will now result in warnings when used, from the documentation, but will now result in warnings when used,
and be converted to "journal" and "journal+console" automatically. and be converted to "journal" and "journal+console" automatically.
* If the service setting User= is set to the "nobody" user, a warning
message is now written to the logs (but the value is nonetheless
accepted). Setting User=nobody is unsafe, since the primary purpose
of the "nobody" user is to own all files whose owner cannot be mapped
locally. It's in particular used by the NFS subsystem and in user
namespacing. By running a service under this user's UID it might get
read and even write access to all these otherwise unmappable files,
which is quite likely a major security problem.
* A new kernel command line option systemd.hostname= has been added * A new kernel command line option systemd.hostname= has been added
that allows controlling the hostname that is initialized early during that allows controlling the hostname that is initialized early during
boot. boot.
@ -370,6 +379,21 @@ CHANGES WITH 246 in spe:
storage and file system may now be configured explicitly, too, via storage and file system may now be configured explicitly, too, via
the new /etc/systemd/homed.conf configuration file. the new /etc/systemd/homed.conf configuration file.
* systemd-homed now supports unlocking home directories with FIDO2
security tokens that support the 'hmac-secret' extension, in addition
to the existing support for PKCS#11 security token unlocking
support. Note that many recent hardware security tokens support both
interfaces. The FIDO2 support is accessible via homectl's
--fido2-device= option.
* homectl's --pkcs11-uri= setting now accepts two special parameters:
if "auto" is specified and only one suitable PKCS#11 security token
is plugged in, its URL is automatically determined and enrolled for
unlocking the home directory. If "list" is specified a brief table of
suitable PKCS#11 security tokens is shown. Similar, the new
--fido2-device= option also supports these two special values, for
automatically selecting and listing suitable FIDO2 devices.
* The /etc/crypttab tmp option now optionally takes an argument * The /etc/crypttab tmp option now optionally takes an argument
selecting the file system to use. Moreover, the default is now selecting the file system to use. Moreover, the default is now
changed from ext2 to ext4. changed from ext2 to ext4.
@ -496,7 +520,6 @@ CHANGES WITH 246 in spe:
LogControl1 D-Bus API which allows clients to change log level + LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime. target of the service during runtime.
CHANGES WITH 245: CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an * A new tool "systemd-repart" has been added, that operates as an