1 files changed, 24 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index b3e51877c9..ff2dd9abbf 100644
--- a/NEWS
+++ b/NEWS
@@ -53,7 +53,9 @@ CHANGES WITH 230 in spe:
 
         * The unified cgroup hierarchy added in Linux 4.5 is now supported.
           Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
-          enable.
+          enable. Also, support for the "io" cgroup controller in the unified
+          hierarchy has been added, so that the "memory", "pids" and "io" are
+          now the controllers that are supported on the unified hierarchy.
 
           WARNING: it is not possible to use previous systemd versions with
           systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
@@ -142,6 +144,19 @@ CHANGES WITH 230 in spe:
           deployable. The systemd-nspaw@.service template unit file has been
           changed to use this functionality by default.
 
+        * systemd-nspawn gained a new --network-zone= switch, that allows
+          creating ad-hoc virtual Ethernet links between multiple containers,
+          that only exist as long as at least one container referencing them is
+          running. This allows easy connecting of multiple containers with a
+          common link that implements an Ethernet broadcast domain. Each of
+          these network "zones" may be named relatively freely by the user, and
+          may be referenced by any number of containers, but each container may
+          only reference one of these "zones". On the lower level, this is
+          implemented by an automatically managed bridge network interface for
+          each zone, that is created when the first container referencing its
+          zone is created and removed when the last one referencing its zone
+          terminates.
+
         * The default start timeout may now be configured on the kernel command
           line via systemd.default_timeout_start_sec=. It was already
           configurable via the DefaultTimeoutStartSec= option in
@@ -157,6 +172,14 @@ CHANGES WITH 230 in spe:
           value is understood as UNIX nice value. If not prefixed like this it
           is understood as raw RLIMIT_NICE limit.
 
+        * Note that the effect of the PrivateDevices= unit file setting changed
+          slightly with this release: the per-device /dev file system will be
+          mounted read-only from this version on, and will have "noexec"
+          set. This (minor) change of behaviour might cause some (exceptional)
+          legacy software to break, when PrivateDevices=yes is set for its
+          service. Please leave PrivateDevices= off if you run into problems
+          with this.
+
         Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford,
         Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao
         Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Colin Guthrie, Daniel