From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 18 Dec 2018 13:14:44 +0000 (+0100)
Subject: NEWS: add note about NNP=yes
X-Git-Tag: v240~22^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e68a35a78d736ac0bb6609a130f87546e6d48ab1;p=thirdparty%2Fsystemd.git

NEWS: add note about NNP=yes
---

diff --git a/NEWS b/NEWS
index a9ba9e13fd5..1bb8a138621 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,13 @@ systemd System and Service Manager
 
 CHANGES WITH 240 in spe:
 
+        * NoNewPrivileges=yes has been set for all long-running services
+          implemented by systemd. Previously, this was problematic due to
+          SELinux (as this would also prohibit the transition from PID1's label
+          to the service's label). This restriction has since been lifted, but
+          an SELinux policy update is required.
+          (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
+
         * A new service type has been added: Type=exec. It's very similar to
           Type=simple but ensures the service manager will wait for both fork()
           and execve() of the main service binary to complete before proceeding