[release-notes] Systemd - remote journal, private services.

Pete Travis immanetize at fedoraproject.org
Mon Oct 6 03:56:15 UTC 2014 

commit c52c71bf6703268a5a6d2bf02a6c639fb67e42e5
Author: Pete Travis <immanetize at fedoraproject.org>
Date:   Sun Oct 5 21:55:50 2014 -0600

    Systemd - remote journal, private services.

 en-US/System_Daemons.xml |   32 ++++++++++++++++++++++++++++++--
 1 files changed, 30 insertions(+), 2 deletions(-)
---
diff --git a/en-US/System_Daemons.xml b/en-US/System_Daemons.xml
index eca68b3..a64cd82 100644
--- a/en-US/System_Daemons.xml
+++ b/en-US/System_Daemons.xml
@@ -4,9 +4,37 @@
 %BOOK_ENTITIES;
 ]>
 
-<section>
-  <title>System Daemons</title>
+<section id="systemd">
+  <title>Systemd</title>
   <para />
+  <section id="systemd-journald">
+    <title>Journald</title>
+    <itemizedlist>
+      <listitem>
+        <para>
+          <emphasis>Journal Logging</emphasis>
+        </para>
+        <para>
+          Journal messages can be forwarded to remote systems, without using a syslog daemon.  The <package>systemd-journal-remote</package> and <package>systemd-journal-upload</package> packages provide receiver and sender daemons.  Communication is done over HTTPS.
+        </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+  <section id="systemd-private">
+    <title>Isolating Services</title>
+    <para>
+      Two new security-related options are now available to limit long-running services that do not require access to physical devices or the network.
+    </para>
+    <para>
+      The <literal>PrivateDevices</literal> setting, when set to <literal>yes</literal>, provides the service with a private, minimal <filename class="devicefile">/dev</filename> that does not include physical devices. This allows long-running services to have limited access, increasing security.
+    </para>
+    <para>
+      The <literal>PrivateNetwork</literal> setting, when set to <literal>yes</literal>, provides the service with a network isolated to only a loopback interface.  This ensures that long-running services that do not require network access are cut off from the network.
+    </para>
+    <para>
+      For detailed information, refer to <ulink url="https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork" />
+    </para>
+  </section>
 
 </section>

More information about the docs-commits mailing list