diff options
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2105.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index 2b0a265cd9860..e0b4a6b2ef3f9 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -699,6 +699,17 @@ environment.systemPackages = [ </listitem> <listitem> <para> + The <package>kbdKeymaps</package> package was removed since dvp and neo + are now included in <package>kbd</package>. + + If you want to use the Programmer Dvorak Keyboard Layout, you have to use + <literal>dvorak-programmer</literal> in <option>console.keyMap</option> + now instead of <literal>dvp</literal>. + In <option>services.xserver.xkbVariant</option> it's still <literal>dvp</literal>. + </para> + </listitem> + <listitem> + <para> The <package>babeld</package> service is now being run as an unprivileged user. To achieve that the module configures <literal>skip-kernel-setup true</literal> and takes care of setting forwarding and rp_filter sysctls by itself as well as for each interface in <varname>services.babeld.interfaces</varname>. @@ -893,6 +904,23 @@ environment.systemPackages = [ </para> </listitem> <listitem> + <para> + The <literal>security.apparmor</literal> module, + for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> + Mandatory Access Control system, + has been substantialy improved along with related tools, + so that module maintainers can now more easily write AppArmor profiles for NixOS. + The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>, + replacing the previous <literal>profiles</literal> option + to provide a way to disable a profile + and to select whether to confine in enforce mode (default) + or in complain mode (see <literal>journalctl -b --grep apparmor</literal>). + Security-minded users may also want to enable <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>, + at the cost of having some of their processes killed + when updating to a NixOS version introducing new AppArmor profiles. + </para> + </listitem> + <listitem> <para> The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default. </para> |