public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/apparmor: move release note to 21.05

Browse Source
This commit is contained in:
Julien Moutinho 2021-01-04 00:13:30 +01:00
parent 7996dfb1a1
commit 03b2156d26
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -1513,24 +1513,6 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
to get the previous behavior of listening on all network interfaces. to get the previous behavior of listening on all network interfaces.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>security.apparmor</literal> module,
for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link>
Mandatory Access Control system,
has been substantialy improved along with related tools,
so that module maintainers can now more easily write AppArmor profiles for NixOS.
The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>,
replacing the previous <literal>profiles</literal> option
to provide a way to disable a profile
and to select whether to confine in enforce mode (default)
or in complain mode (see <literal>journalctl -b --grep apparmor</literal>).
Before enabling this module, either directly
or by importing <literal>&lt;nixpkgs/nixos/modules/profiles/hardened.nix&gt;</literal>,
please be sure to read the documentation of <link linkend="opt-security.apparmor.enable">security.apparmor.enable</link>,
and especially the part about <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>) With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)

18
nixos/doc/manual/release-notes/rl-2105.xml
View File

@ -857,6 +857,24 @@ environment.systemPackages = [
Note that users defined with an explicit UID below 500 are exempted from this check, as <xref linkend="opt-users.users._name_.isSystemUser" /> has no effect for those. Note that users defined with an explicit UID below 500 are exempted from this check, as <xref linkend="opt-users.users._name_.isSystemUser" /> has no effect for those.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>security.apparmor</literal> module,
for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link>
Mandatory Access Control system,
has been substantialy improved along with related tools,
so that module maintainers can now more easily write AppArmor profiles for NixOS.
The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>,
replacing the previous <literal>profiles</literal> option
to provide a way to disable a profile
and to select whether to confine in enforce mode (default)
or in complain mode (see <literal>journalctl -b --grep apparmor</literal>).
Before enabling this module, either directly
or by importing <literal>&lt;nixpkgs/nixos/modules/profiles/hardened.nix&gt;</literal>,
please be sure to read the documentation of <link linkend="opt-security.apparmor.enable">security.apparmor.enable</link>,
and especially the part about <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default. The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default.