From 65d257a71783b8993e0d871b21a96eb836ed243b Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sun, 18 Aug 2024 02:00:00 +0200
Subject: [PATCH] =?UTF-8?q?news:=20Add=20entry=20for=20=E2=80=98setuid?=
 =?UTF-8?q?=E2=80=99=20=E2=86=92=20=E2=80=98privilege=E2=80=99=20renaming.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* etc/news.scm: Add entry.

Change-Id: I64ac2d91215a1aac89fdf3832f4c6cbdc6648538
---
 etc/news.scm | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/etc/news.scm b/etc/news.scm
index 3aaf87d4b8..866fa0d2d3 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -1,7 +1,7 @@
 ;; GNU Guix news, for use by 'guix pull'.
 ;;
 ;; Copyright © 2019-2024 Ludovic Courtès <ludo@gnu.org>
-;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;; Copyright © 2019–2021, 2024 Tobias Geerinckx-Rice <me@tobias.gr>
 ;; Copyright © 2019, 2020 Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
 ;; Copyright © 2019, 2020 Konrad Hinsen <konrad.hinsen@fastmail.net>
 ;; Copyright © 2019, 2020, 2021, 2023 Julien Lepiller <julien@lepiller.eu>
@@ -32,6 +32,31 @@
 
 (channel-news
  (version 0)
+ (entry (commit "4e58dfee6c7456d1e662f66041b8a157efe8710a")
+        (title
+         (en "More capable @code{privileged-programs} replace @code{setuid-programs}")
+         (nl "Capabelere @code{privileged-programs} vervangen @code{setuid-programs}"))
+        (body
+         (en "Where the kernel supports it, Guix System can now assign
+POSIX@tie{}@dfn{capabilities} to trusted executables.  Capabilities offer a
+more granular alternative to the traditional setuid and setgid permissions,
+which remain available.
+
+To reflect this, @code{(gnu system setuid)} has been renamed to @code{(gnu
+system privilege)}.  @code{privileged-programs} replaces @code{setuid-programs}
+as @code{operating-system} field and defaults to
+@code{%default-privileged-programs}.  The executables themselves have moved from
+@file{/run/setuid-programs} to @file{/run/privileged/bin}.")
+         (nl "Waar de kernel dit toelaat kan Guix System nu
+POSIX@tie{}@dfn{capabilities} toewijzen aan vertrouwde uitvoerbare bestanden.
+``Capabilities'' zijn een fijnmaziger alternatief voor de klassieke setuid- en
+setgid-rechten, die ook beschikbaar blijven.
+
+Om dit duidelijk te maken heet @code{(gnu system setuid)} nu @code{(gnu system
+privilege)}.  @code{privileged-programs} vervangt @code{setuid-programs} als
+veld in het @code{operating-system} en heeft @code{%default-privileged-programs}
+als standaardwaarde.  De uitvoerbare bestanden verhuizen van
+@file{/run/setuid-programs} naar @file{/run/privileged/bin}.")))
  (entry (commit "26638b8e8129aa755586d017677b4cf076bafda6")
         (title
          (en "The containerd service is separated from @code{docker-service-type}")