about summary refs log tree commit diff
path: root/nixos/doc
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc')
-rw-r--r--nixos/doc/manual/release-notes/rl-2105.xml28
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 2b0a265cd9860..e0b4a6b2ef3f9 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -699,6 +699,17 @@ environment.systemPackages = [
    </listitem>
    <listitem>
      <para>
+       The <package>kbdKeymaps</package> package was removed since dvp and neo
+       are now included in <package>kbd</package>.
+
+       If you want to use the Programmer Dvorak Keyboard Layout, you have to use
+       <literal>dvorak-programmer</literal> in <option>console.keyMap</option>
+       now instead of <literal>dvp</literal>.
+       In <option>services.xserver.xkbVariant</option> it's still <literal>dvp</literal>.
+    </para>
+   </listitem>
+   <listitem>
+     <para>
        The <package>babeld</package> service is now being run as an unprivileged user. To achieve that the module configures
        <literal>skip-kernel-setup true</literal> and takes care of setting forwarding and rp_filter sysctls by itself as well
        as for each interface in <varname>services.babeld.interfaces</varname>.
@@ -893,6 +904,23 @@ environment.systemPackages = [
     </para>
    </listitem>
    <listitem>
+    <para>
+     The <literal>security.apparmor</literal> module,
+     for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link>
+     Mandatory Access Control system,
+     has been substantialy improved along with related tools,
+     so that module maintainers can now more easily write AppArmor profiles for NixOS.
+     The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>,
+     replacing the previous <literal>profiles</literal> option
+     to provide a way to disable a profile
+     and to select whether to confine in enforce mode (default)
+     or in complain mode (see <literal>journalctl -b --grep apparmor</literal>).
+     Security-minded users may also want to enable <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>,
+     at the cost of having some of their processes killed
+     when updating to a NixOS version introducing new AppArmor profiles.
+    </para>
+   </listitem>
+   <listitem>
      <para>
        The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default.
      </para>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-16 02:47:35 +0000