Update NEWS for latest changes

diff --git a/NEWS b/NEWS
index bb5697f3877b7df2f08b2030f96d52613f0d6e08..2d96c285dea4e666d43cf689f5216f4846f0e51b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -105,6 +105,13 @@ CHANGES WITH 254 in spe:
           RestartMaxDelaySec= which allow exponentially-growing restart
           intervals for Restart=.
 
+        * The service activation logic gained a new setting RestartMode= which
+          can be set to 'direct' to skip the inactive/failed states when
+          restarting, so that dependent units are not notified until the service
+          converges to a final (successful or failed) state. For example, this
+          means that OnSuccess=/OnFailure= units will not be triggered until the
+          service state has converged.
+
         * PID 1 will now automatically load the virtio_console kernel module
           during early initialization if running in a suitable VM. This is done
           so that early-boot logging can be written to the console if available.
@@ -221,6 +228,17 @@ CHANGES WITH 254 in spe:
           compromising on security, as the memory is never paged out either
           way.
 
+        * The service manager now can detect when it is running in a
+          'Confidential Virtual Machine', and a corresponding 'cvm' value is now
+          accepted by ConditionSecurity= for units that want to conditionalize
+          themselves on this. systemd-detect-virt gained new 'cvm' and
+          '--list-cvm' switches to respectively perform the detection or list
+          all known flavours of confidential VM, depending on the vendor. The
+          manager will publish a 'ConfidentialVirtualization' D-Bus property,
+          and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
+          variable for unit generators. Finally, udev rules can match on a new
+          'cvm' key that will be set when in a confidential VM.
+
         Journal:
 
         * The sd-journal API gained a new call sd_journal_get_seqnum() to
@@ -440,6 +458,13 @@ CHANGES WITH 254 in spe:
           superficially validate DDI structure, and check whether a specific
           image policy allows the DDI.
 
+        * systemd-dissect gained support for a new --mtree-hash switch to
+          optionally disable calculating mtree hashes, which can be slow on
+          large images.
+
+        * systemd-dissect --copy-to, --copy-from, --list and --mtree switches
+          are now able to operate on directories too, other than images.
+
         Network Management:
 
         * networkd's GENEVE support as gained a new .network option
@@ -669,6 +694,9 @@ CHANGES WITH 254 in spe:
           as in text form on the console), and the system is turned off after a
           10s delay.
 
+        * The 'passwdqc' library is now supported as an alternative to the
+          'pwquality' library and it can be selected at build time.
+
         Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
         Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
         Andrei Stepanov, Antonio Alvarez Feijoo, Arian van Putten, Arthur Shau,