From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 25 Jun 2021 13:04:34 +0000 (+0100)
Subject: NEWS: mention MS_NOSUID for namespaced services by default
X-Git-Tag: v249-rc2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5b8fdb187322f35786575624ec4df83eefdbc75e;p=thirdparty%2Fsystemd.git

NEWS: mention MS_NOSUID for namespaced services by default
---

diff --git a/NEWS b/NEWS
index b0477bd54c2..6db192a06d8 100644
--- a/NEWS
+++ b/NEWS
@@ -501,6 +501,10 @@ CHANGES WITH 249 in spe:
         * systemd-journald-upload gained a new NetworkTimeoutSec= option for
           setting a network timeout time.
 
+        * If a system service is running in a new mount namespace (RootDirectory=
+          and friends), all file systems will be mounted with MS_NOSUID by
+          default, unless the system is running with SELinux enabled.
+
         Contributions from: Aakash Singh, adrian5, Alexander Sverdlin,
         alexlzhu, Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
         Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,