Features:
-* add wrapper for mount() that uses O_PATH on the destination and than mounts
- to /proc/self/fd/xxx so that we basically have a mount() with O_NOFOLLOW like
- behaviour. (in case of bind mounts do it on both source and target)
+* cryptsetup: optionally, when run during boot-up and password is never
+ entered, and we are on AC power (or so), power off machine again
+
+* when configuring loopback netif, and it fails due to EPERM, eat up error if
+ it happens to be set up alright already.
+
+* at boot: check if battery above some threshold, if not power off again after explanation
+
+* userdb: add field for ambient caps, so that a user can have CAP_WAKE_ALARM
+ for example. And add code that resets ambient caps for all services by
+ default.
+
+* homed: try to unmount in regular intervals when home dir was busy when we
+ tried because idle.
+
+* sd-bus: when connecting to some dbus server socker, set originating AF_UNIX
+ socket name in abstract namespace to include "description" string, and pick
+ it up from there in sd_bus_creds logic. i.e. we can use the socket peer
+ address as conduit for some minimal connection metainfo, and use it to
+ restore the "description" logic that kdbus used to have.
+
+* teach LoadCredential= the ability to load all files from a specified dir as
+ individual creds
+
+* systemd-analyze netif that explains predictable interface (or networkctl)
+
+* port selinux code from mallinfo() to mallinfo2() once added to glibc
+
+* Add service setting to run a service within the specified VRF. i.e. do the
+ equivalent of "ip vrf exec".
+
+* export action of device object on sd-device, so that monitor becomes useful
* add root=tmpfs that mounts a tmpfs to /sysroot (to be used in combination
with usr=…, for a similar effect as systemd.volatile=yes but without the
to read the repart data from /usr before the root partition exists. Add
usr=gpt-auto that automatically finds a /usr partition.
+* change SwitchRoot() implementation in PID 1 to use pivot_root(".", "."), as
+ documented in the pivot_root(2) man page, so that we can drop the /oldroot
+ temporary dir.
+
+* special case some calls of chase_symlinks() to use openat2() internally, so
+ that the kernel does what we otherwise do.
+
* homed: keep an fd to the homedir open at all times, to keep the fs pinned
- (autofs and such) while user is loged in.
+ (autofs and such) while user is logged in.
* nss-systemd: also synthesize shadow records for users/groups
mounting a subdir of the root fs as actual root. This can be used as
fstype-agnostic version of btrfs' rootflags=subvol=foobar.
-* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
-
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
* build short web pages out of each catalog entry, build them along with man
* make us use dynamically fewer deps for containers in general purpose distros:
o turn into dlopen() deps:
- - libidn2 (always)
- elfutils (always)
- p11-kit-trust (always)
- kmod-libs (only when called from PID 1)
- when that's done: kill khash.c
- when that's done: kill gnutls support in resolved
-* kill zenata, all hail weblate?
-
* when we resize disks (homed?) always round up to 4K sectors, not 512K
* add growvol and makevol options for /etc/crypttab, similar to
parameters
* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
- the quota of a the user indicated in User= via unit file settings, like the
+ the quota of the user indicated in User= via unit file settings, like the
other resource management concepts. Would mix nicely with DynamicUser=1. Or
alternatively, do this with projids, so that we can also cover services
running as root. Quota should probably cover all the special dirs such as
yogas can be recognized as "convertible" too, even if they predate the DMI
"convertible" form factor
-* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing
- after all. Be strict however, only support the equivalent of nspawn's
- --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such
- as MAINPID.
-
* Add ExecMonitor= setting. May be used multiple times. Forks off a process in
the service cgroup, which is supposed to monitor the service, and when it
exits the service is considered failed by its monitor.
* systemctl: if some operation fails, show log output?
-* systemctl edit: use equivalent of cat() to insert existing config as a comment, prepended with #.
- Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc.
-
* exponential backoff in timesyncd when we cannot reach a server
* timesyncd: add ugly bus calls to set NTP servers per-interface, for usage by NM
service instances processing the listening socket, and open this up
for ReusePort=
-* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
- $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
- should SIGSTOP all unit processes in a loop until all processes of
- it are fully stopped. This can later be used for app management by
- desktop UIs such as gnome-shell to freeze apps that are not visible
- on screen, not unlike how job control works on the shell
-
* cgroups:
- implement per-slice CPUFairScheduling=1 switch
- introduce high-level settings for RT budget, swappiness