doc/release-notes: mention security.wrappers changes

This commit is contained in:
rnhmjoj 2021-09-12 20:53:44 +02:00
parent 65e83b0e23
commit 27b0c53d23
No known key found for this signature in database
GPG Key ID: BFBAF4C975F76450
2 changed files with 12 additions and 0 deletions

View File

@ -244,6 +244,16 @@
<section xml:id="sec-release-21.11-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
The <literal>security.wrappers</literal> option now requires
to always specify an owner, group and whether the
setuid/setgid bit should be set. This is motivated by the fact
that before NixOS 21.11, specifying either setuid or setgid
but not owner/group resulted in wrappers owned by
nobody/nogroup, which is unsafe.
</para>
</listitem>
<listitem>
<para>
The <literal>paperless</literal> module and package have been

View File

@ -75,6 +75,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
- The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set.
This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe.
- The `paperless` module and package have been removed. All users should migrate to the
successor `paperless-ng` instead. The Paperless project [has been