diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-02-22 01:36:12 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-02-21 19:36:12 -0500 |
| commit | 05f426d2b80cefc171fc7756bb92df8373f8145a (patch) | |
| tree | d943c1a4622a56f34080447a28068505129bd8e0 /NEWS | |
| parent | c22569eeeafa94cf510267071f5b75c4ab714e09 (diff) | |
| download | systemd-05f426d2b80cefc171fc7756bb92df8373f8145a.tar.gz systemd-05f426d2b80cefc171fc7756bb92df8373f8145a.tar.bz2 systemd-05f426d2b80cefc171fc7756bb92df8373f8145a.zip | |
NEWS: add a comment about udev's MemoryDenyWriteExecute= setting (#5414)
Apparently if people are adventurous enought to run Go programs in udev
rules they might run into problems with MemoryDenyWriteExecute=.
I am pretty sure the best way out is for the toolchain generating
programs incompatible with W^X to be fixed, but this still deserves
documentation.
This was forgotten for the 232 release, hence add it now, retroactively.
See: #5400
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -357,6 +357,13 @@ CHANGES WITH 233 in spe CHANGES WITH 232: + * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and + RestrictAddressFamilies= enabled. These sandboxing options should + generally be compatible with the various external udev call-out + binaries we are aware of, however there may be exceptions, in + particular when exotic languages for these call-outs are used. In + this case, consider turning off these settings locally. + * The new RemoveIPC= option can be used to remove IPC objects owned by the user or group of a service when that service exits. |