diff options
author | Guillaume Girol <symphorien@users.noreply.github.com> | 2021-01-10 21:51:37 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-10 21:51:37 +0000 |
commit | 0fbc0976db5b5f36d60d3fdc5c641987cc85096f (patch) | |
tree | c9c54f24fec3ff1ebd7fe217e0d9c378b86e7a61 /nixos/doc | |
parent | d085417683cedabb1eaf420ca0eb128ecfb3a175 (diff) | |
parent | 3a17a9b05eec0189d82ebb84f327f386727474cd (diff) |
Merge pull request #106082 from rnhmjoj/uwsgi
nixos/uwsgi: run with capabilities instead of root
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2103.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 6d1a581114b3..6ef522e9fcef 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -187,6 +187,30 @@ </listitem> <listitem> <para> + The uWSGI server is now built with POSIX capabilities. As a consequence, + root is no longer required in emperor mode and the service defaults to + running as the unprivileged <literal>uwsgi</literal> user. Any additional + capability can be added via the new option + <xref linkend="opt-services.uwsgi.capabilities"/>. + The previous behaviour can be restored by setting: +<programlisting> + <xref linkend="opt-services.uwsgi.user"/> = "root"; + <xref linkend="opt-services.uwsgi.group"/> = "root"; + <xref linkend="opt-services.uwsgi.instance"/> = + { + uid = "uwsgi"; + gid = "uwsgi"; + }; +</programlisting> + </para> + <para> + Another incompatibility from the previous release is that vassals running under a + different user or group need to use <literal>immediate-{uid,gid}</literal> + instead of the usual <literal>uid,gid</literal> options. + </para> + </listitem> + <listitem> + <para> <package>btc1</package> has been abandoned upstream, and removed. </para> </listitem> |