From c4f08496e73f879567a636a9f9b73729e821d174 Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Thu, 10 Aug 2023 23:48:18 +0000
Subject: [PATCH] Update Release_Notes_4.0 alpha2

---
 Release_Notes_4.0-alpha2.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Release_Notes_4.0-alpha2.md b/Release_Notes_4.0-alpha2.md
index 6010d20..e7ecdca 100644
--- a/Release_Notes_4.0-alpha2.md
+++ b/Release_Notes_4.0-alpha2.md
@@ -57,8 +57,9 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 | user ns        | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | aa-status filters | N | N | n/a | N | N |
 | aa-load | N | N | n/a | Y | N |
-
-
+| unconfined ns restriction | N              | Y <sup>8</sup> | N                | N                      | Y |
+| unconfined change_profile stacking | N              | Y <sup>8</sup> | N                | N                      | Y |
+| unconfined io_uring restriction | N              | Y <sup>8</sup> | N                | N                      | Y |
 
 
 
@@ -70,6 +71,7 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 5. If more than 12 transitions are used in a profile, AppArmor 3.x will fail
 6. Will break older policy if variable is not defined. Variable can be manually defined in older parser.
 7. AppArmor 3.x will not break but will use declared abi, instead of extending abi when a rule not in the abi is declared in policy.
+8. These features if enabled will change unconfined's behavior but can be disabled with either a grub kernel boot parameter or sysctl depending on the kernel.
 
 in beta
 |Feature       | policy extension |breaks 3.x      |supported by utils|requires 4.x libapparmor|requires kernel support|
@@ -82,14 +84,13 @@ in beta
 AppArmor 4.1 or later
 |Feature       | policy extension |breaks 3.x      |supported by utils|requires 4.x libapparmor|requires kernel support|
 |:---:           |:---:           |:---:           |:---:             |:---:                   |:---:|
-
 | multiple policy locations | N | Y <sup>3</sup> | n/a | Y | N |
 | location specific configs | N | Y <sup>3</sup> | n/a | Y | N |
 | user conditional | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | -O rule-refactor | N              | N | n/a               | N                      | N |
 | kernel supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
 | abi supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
-
+| replace unconfined | N              | Y  | N                | N                      | N |
 
 
 ## Compatibility