NEWS: mention MS_NOSUID for namespaced services by default

author Luca Boccassi <luca.boccassi@microsoft.com>

Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)

committer Luca Boccassi <luca.boccassi@microsoft.com>

Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)
author Luca Boccassi <luca.boccassi@microsoft.com>
Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)
committer Luca Boccassi <luca.boccassi@microsoft.com>
Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)
diff --git a/NEWS b/NEWS

index b0477bd54c2f4baae7775261af405b6d67030d97..6db192a06d8750257e7471d781a18a3981b9ee47 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -501,6 +501,10 @@ CHANGES WITH 249 in spe:
          * systemd-journald-upload gained a new NetworkTimeoutSec= option for
            setting a network timeout time.
  
+        * If a system service is running in a new mount namespace (RootDirectory=
+          and friends), all file systems will be mounted with MS_NOSUID by
+          default, unless the system is running with SELinux enabled.
+
          Contributions from: Aakash Singh, adrian5, Alexander Sverdlin,
          alexlzhu, Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
          Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
author	Luca Boccassi <luca.boccassi@microsoft.com>
	Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)
committer	Luca Boccassi <luca.boccassi@microsoft.com>
	Fri, 25 Jun 2021 13:04:34 +0000 (14:04 +0100)