From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 18 Dec 2018 12:04:43 +0000 (+0100)
Subject: NEWS: add one more item
X-Git-Tag: v240~28^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F11200%2Fhead;p=thirdparty%2Fsystemd.git

NEWS: add one more item
---

diff --git a/NEWS b/NEWS
index cdca45b487e..a9ba9e13fd5 100644
--- a/NEWS
+++ b/NEWS
@@ -384,6 +384,17 @@ CHANGES WITH 240 in spe:
           SD_ID128_ALLF to test if a 128bit ID is set to all 0xFF bytes, and to
           initialize one to all 0xFF.
 
+        * After loading the SELinux policy systemd will now recursively relabel
+          all files and directories listed in
+          /run/systemd/relabel-extra.d/*.relabel (which should be simple
+          newline separated lists of paths) in addition to the ones it already
+          implicitly relabels in /run, /dev and /sys. After the relabelling is
+          completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
+          removed. This is useful to permit initrds (i.e. code running before
+          the SELinux policy is in effect) to generate files in the host
+          filesystem safely and ensure that the correct label is applied during
+          the transition to the host OS.
+
         * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
           mknod() handling in user namespaces. Previously mknod() would always
           fail with EPERM in user namespaces. Since 4.18 mknod() will succeed