From 5b8fdb187322f35786575624ec4df83eefdbc75e Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 25 Jun 2021 14:04:34 +0100
Subject: [PATCH] NEWS: mention MS_NOSUID for namespaced services by default

---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index b0477bd54c2..6db192a06d8 100644
--- a/NEWS
+++ b/NEWS
@@ -501,6 +501,10 @@ CHANGES WITH 249 in spe:
         * systemd-journald-upload gained a new NetworkTimeoutSec= option for
           setting a network timeout time.
 
+        * If a system service is running in a new mount namespace (RootDirectory=
+          and friends), all file systems will be mounted with MS_NOSUID by
+          default, unless the system is running with SELinux enabled.
+
         Contributions from: Aakash Singh, adrian5, Alexander Sverdlin,
         alexlzhu, Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
         Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
-- 
2.47.3