NEWS: update NEWS about ProtectKernelModules= option (#4445)

author: Djalal Harouni <tixxdz@opendz.org> 2016-10-21 13:25:23 +0200
committer: Lennart Poettering <lennart@poettering.net> 2016-10-21 13:25:23 +0200
commit: 6fa441140ee6faf131c97b1aa002e060b81aaaff (patch)
tree: 5871a95b00a242de74ef66db12c8390af3ef6b4c /NEWS
parent: e0972037fb96f9241312bbb63e2fc454966ee2c9 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 5467166567..6378e596f6 100644
--- a/NEWS
+++ b/NEWS
@@ -5,16 +5,19 @@ CHANGES WITH 232 in spe
         * The new RemoveIPC= option can be used to remove IPC objects owned by
           the user or group of a service when that service exits.
 
+        * The new ProtectKernelModules= option can be used to disable explicit
+          load and unload operations of kernel modules by a service.
+
         * ProtectSystem= option gained a new value "strict", which causes the
           whole file system tree with the exception of /dev, /proc, and /sys,
           to be remounted read-only for a service.
 
-          The new ProtectedKernelTunables= options can be used to disable
+        * The new ProtectedKernelTunables= option can be used to disable
           modification of configuration files in /sys and /proc by a service.
           Various directories and files are remounted read-only, so access is
           restricted even if the file permissions would allow it.
 
-          The new ProtectControlGroups= option can be used to disable write
+        * The new ProtectControlGroups= option can be used to disable write
           access by a service to /sys/fs/cgroup.
 
         * Various systemd services have been hardened with
author	Djalal Harouni <tixxdz@opendz.org>	2016-10-21 13:25:23 +0200
committer	Lennart Poettering <lennart@poettering.net>	2016-10-21 13:25:23 +0200
commit	6fa441140ee6faf131c97b1aa002e060b81aaaff (patch)
tree	5871a95b00a242de74ef66db12c8390af3ef6b4c /NEWS
parent	e0972037fb96f9241312bbb63e2fc454966ee2c9 (diff)