From 758b75ae6d16679bcf76b0b1991443947d8a8051 Mon Sep 17 00:00:00 2001
From: Tibbs <Tibbs@fedoraproject.org/w>
Date: Jul 17 2016 07:42:16 +0000
Subject: Removed "F21 and later" notice.


---

diff --git a/Packaging:Systemd.mw b/Packaging:Systemd.mw
index f1bbcf7..e23ad79 100644
--- a/Packaging:Systemd.mw
+++ b/Packaging:Systemd.mw
@@ -306,8 +306,6 @@ The former will tell systemd to restart the daemon as soon as it fails regardles
 
 == Private devices and networking ==
 
-{{admon/warning|Fedora 21 and later only|The options mentioned in this section should only be used on Fedora 21 and newer.}}
-
 If you package a long-running system service, please consider enabling systemd's <code>PrivateDevices=</code> and <code>PrivateNetwork=</code> settings for it, in order to improve security and minimize the attack surface.
 
 When <code>PrivateDevices=yes</code> is set in the [Service] section of a systemd service unit file, the processes run for the service will run in a private file system namespace where /dev is replaced by a minimal version that only includes the device nodes /dev/null, /dev/zero, /dev/full, /dev/urandom, /dev/random, /dev/tty as well as the submounts /dev/shm, /dev/pts, /dev/mqueue, /dev/hugepages, and the /dev/stdout, /dev/stderr, /dev/stdin symlinks. No device nodes for physical devices will be included, however. Furthermore, the CAP_MKNOD capability is removed. Finally, the "devices" cgroup controller is used to ensure that no access to device nodes except the listed ones is possible. This is an efficient way to take away physical device access for services, thus minimizing the attack surface.