Update Release_Notes_4.0 alpha2

Release_Notes_4.0-alpha2.md

@@ -48,6 +48,7 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 | *deny attachment | Y | Y <sup>1</sup> | N | N | N <sup>4</sup> |
 | rootless apparmor_parser | N              | N | n/a               | N                      | N |
 | extended x index | N              | Y <sup>5</sup> | Y                | N                      | Y <sup>2</sup> |
+| fixed x dominance | N<sup>9</sup>              | N<sup>10</sup> | Y<sup>11</sup>                | N                      | N |
 | *rule extends abi | N              | N <sup>7</sup> | N                | N                      | N |
 | *all rule | Y              | Y <sup>1</sup> | N                | N                      | N |
 | improved -O rule-merge | N              | N | n/a               | N                      | N |
@@ -57,9 +58,9 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 | user ns        | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | aa-status filters | N | N | n/a | N | N |
 | aa-load | N | N | n/a | Y | N |
-| unconfined ns restriction | N              | Y <sup>8</sup> | N                | N                      | Y |
-| unconfined change_profile stacking | N              | Y <sup>8</sup> | N                | N                      | Y |
-| unconfined io_uring restriction | N              | Y <sup>8</sup> | N                | N                      | Y |
+| unconfined ns restriction | N              | Y <sup>8</sup> | n/a                | N                      | Y |
+| unconfined change_profile stacking | N              | Y <sup>8</sup> | n/a                | N                      | Y |
+| unconfined io_uring restriction | N              | Y <sup>8</sup> | n/a                | N                      | Y |
 
 
 
@@ -72,7 +73,10 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 6. Will break older policy if variable is not defined. Variable can be manually defined in older parser.
 7. AppArmor 3.x will not break but will use declared abi, instead of extending abi when a rule not in the abi is declared in policy.
 8. These features if enabled will change unconfined's behavior but can be disabled with either a grub kernel boot parameter or sysctl depending on the kernel.
-
+9. Does not allow any new rules but allows overlapping exec rules that would have been previously rejected.
+10. If overlapping rules not supported by 3.x are used policy will break on 3.x and older environments
+11. Tools will work but may not deal with overlapping rules correctly in some cases
+12. 
 in beta
 |Feature       | policy extension |breaks 3.x      |supported by utils|requires 4.x libapparmor|requires kernel support|
 |:---:           |:---:           |:---:           |:---:             |:---:                   |:---:|
@@ -88,9 +92,9 @@ AppArmor 4.1 or later
 | location specific configs | N | Y <sup>3</sup> | n/a | Y | N |
 | user conditional | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | -O rule-refactor | N              | N | n/a               | N                      | N |
-| kernel supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
-| abi supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
-| replace unconfined | N              | Y  | N                | N                      | N |
+| kernel supports conditional | Y              | Y <sup>1</sup> | N              | N                      | N |
+| abi supports conditional | Y              | Y <sup>1</sup> | N               | N                      | N |
+| replace unconfined | N              | Y  | N                | n/a                      | N |
 
 
 ## Compatibility