timedate: treat 'activating' or 'inactivating' NTP client status as 'active'

[thirdparty/systemd.git] / TODO

diff --git a/TODO b/TODO
index c3801f7f0677a43100bedf831f587ea48c28e7c7..77a84472336f1297ef9153836750bd68f7de37f4 100644 (file)
--- a/TODO
+++ b/TODO
@@ -6,6 +6,8 @@ Bugfixes:
   manager or system manager can be always set. It would be better to reject
   them when parsing config.
 
   manager or system manager can be always set. It would be better to reject
   them when parsing config.
 

+* Clarify what IPAddress* matches (source, destination, both?)
+

 External:
 
 * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
 External:
 
 * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.


@@ -21,22 +23,45 @@ Janitorial Clean-ups:
 
 Features:
 
 
 Features:
 

+* make MAINPID= message reception checks even stricter: if service uses User=,
+  then check sending UID and ignore message if it doesn't match the user or
+  root.
+
+* maybe trigger a uevent "change" on a device if "systemctl reload xyz.device"
+  is issued.
+
+* when importing an fs tree with machined, optionally apply userns-rec-chown
+
+* when importing an fs tree with machined, complain if image is not an OS
+
+* Maybe introduce a helper safe_exec() or so, which is to execve() which
+  safe_fork() is to fork(). And then make revert the RLIMIT_NOFILE soft limit
+  to 1K implicitly, unless explicitly opted-out.
+
+* rework seccomp/nnp logic that that even if User= is used in combination with
+  a seccomp option we don't have to set NNP. For that, change uid first whil
+  keeping CAP_SYS_ADMIN, then apply seccomp, the drop cap.
+
+* add a concept for automatically loading per-unit secrets off disk and
+  inserting them into the kernel keyring. Maybe SecretsDirectory= similar to
+  ConfigurationDirectory=.
+
+* when no locale is configured, default to UEFI's PlatformLang variable
+

 * When logind.conf contains HandleLidSwitch=suspend-then-hibernate and we can't
   hibernate because the swap partition isn't large enough, still suspend
 
 * When logind.conf contains HandleLidSwitch=suspend-then-hibernate and we can't
   hibernate because the swap partition isn't large enough, still suspend
 

-* Now that C.UTF-8 is standardized in glibc, default to it if locale.conf
-  doesn't set anything otherwise
-

 * bootctl: implement Type #2 boot loader entry discovery
 
 * bootctl,sd-boot: actually honour the "architecture" key
 
 * bootctl: implement Type #2 boot loader entry discovery
 
 * bootctl,sd-boot: actually honour the "architecture" key
 

-* consider splitting out all temporary file creation APIs (we have so many in
-  fileio.h and elsewhere!) into a new util file of its own.
+* when a socket unit is spawned with an AF_UNIX path in /var/run, complain and
+  patch it to use /run instead

 
 

-* set memory.oom.group in cgroupsv2 for all leaf cgroups
+* set memory.oom.group in cgroup v2 for all leaf cgroups (kernel v4.19+)

 
 

-* drop umask() calls and suchlike from our generators, pid1 should set things up correctly anyway
+* add a new syscall group "@esoteric" for more esoteric stuff such as bpf() and
+  usefaultd() and make systemd-analyze check for it.

 
 * paranoia: whenever we process passwords, call mlock() on the memory
   first. i.e. look for all places we use string_erase()/string_free_erase() and
 
 * paranoia: whenever we process passwords, call mlock() on the memory
   first. i.e. look for all places we use string_erase()/string_free_erase() and


@@ -82,6 +107,29 @@ Features:
 
 * bootspec.c: also enumerate EFI unified kernel images.
 
 
 * bootspec.c: also enumerate EFI unified kernel images.
 

+* maybe set a special xattr on cgroups that have delegate=yes set, to make it
+  easy to mark cut points
+
+* introduce an option (or replacement) for "systemctl show" that outputs all
+  properties as JSON, similar to busctl's new JSON output. In contrast to that
+  it should skip the variant type string though.
+
+* augment CODE_FILE=, CODE_LINE= with something like CODE_BASE= or so which
+  contains some identifier for the project, which allows us to include
+  clickable links to source files generating these log messages. The identifier
+  could be some abberviated URL prefix or so (taking inspiration from Go
+  imports). For example, for systemd we could use
+  CODE_BASE=github.com/systemd/systemd/blob/98b0b1123cc or so which is
+  sufficient to build a link by prefixing "http://" and suffixing the
+  CODE_FILE.
+
+* when outputting log data with journalctl and the log data includes references
+  to configuration files (CONFIG_FILE=), create a clickable link for it.
+
+* Augment MESSAGE_ID with MESSAGE_BASE, in a similar fashion so that we can
+  make clickable links from log messages carrying a MESSAGE_ID, that lead to
+  some explanatory text online.
+

 * maybe extend .path units to expose fanotify() per-mount change events
 
 * Add a "systemctl list-units --by-slice" mode or so, which rearranges the
 * maybe extend .path units to expose fanotify() per-mount change events
 
 * Add a "systemctl list-units --by-slice" mode or so, which rearranges the


@@ -107,13 +155,6 @@ Features:
 
 * nspawn: greater control over selinux label?
 
 
 * nspawn: greater control over selinux label?
 

-* cgroups: figure out if we can somehow communicate in a cleaner way whether a
-  systemd instance not running in the cgroup root shall or shall not manage the
-  attributes of its top-level cgroup. Currently it assumes it manages all, but
-  then might get EPERM due to permission porblems/userns, which is OK, but this
-  should be revisited to make clearer and also work if the payload systemd runs
-  with full privs and without userns.
-

 * hibernate/s2h: make this robust and safe to enable in Fedora by default.
   Specifically:
 
 * hibernate/s2h: make this robust and safe to enable in Fedora by default.
   Specifically:
 


@@ -219,14 +260,13 @@ Features:
 
 * taint systemd if there are fewer than 65536 users assigned (userns) to the system.
 
 
 * taint systemd if there are fewer than 65536 users assigned (userns) to the system.
 

-* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars
+* deprecate RootDirectoryStartOnly= in favour of a new ExecStart= prefix char

 
 * add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for
   the runtime dir as we maintain for the fdstore: i.e. keep it around as long
   as the unit is running or has a job queued.
 
 
 * add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for
   the runtime dir as we maintain for the fdstore: i.e. keep it around as long
   as the unit is running or has a job queued.
 

-* support projid-based quota in machinectl for containers, and then drop
-  implicit btrfs loopback magic in machined
+* support projid-based quota in machinectl for containers

 
 * Add NetworkNamespacePath= to specify a path to a network namespace
 
 
 * Add NetworkNamespacePath= to specify a path to a network namespace
 


@@ -255,9 +295,6 @@ Features:
 * beef up pam_systemd to take unit file settings such as cgroups properties as
   parameters
 
 * beef up pam_systemd to take unit file settings such as cgroups properties as
   parameters
 

-* a new "systemd-analyze security" tool outputting a checklist of security
-  features a service does and does not implement
-

 * maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
   the quota of a the user indicated in User= via unit file settings, like the
   other resource management concepts. Would mix nicely with DynamicUser=1. Or
 * maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
   the quota of a the user indicated in User= via unit file settings, like the
   other resource management concepts. Would mix nicely with DynamicUser=1. Or


@@ -266,11 +303,6 @@ Features:
   StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
   is set, plus the whole disk space any image configured with RootImage=.
 
   StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
   is set, plus the whole disk space any image configured with RootImage=.
 

-* Introduce "exit" as an EmergencyAction value, and allow to configure a
-  per-unit success/failure exit code to configure. This would be useful for
-  running commands inside of services inside of containers, which could then
-  propagate their failure state all the way up.
-

 * In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
   disks to see if the UID is already in use.
 
 * In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
   disks to see if the UID is already in use.
 


@@ -287,7 +319,7 @@ Features:
 * show whether a service has out-of-date configuration in "systemctl status" by
   using mtime data of ConfigurationDirectory=.
 
 * show whether a service has out-of-date configuration in "systemctl status" by
   using mtime data of ConfigurationDirectory=.
 

-* replace all uses of fgets() + LINE_MAX by read_line()
+* replace all remaining uses of fgets() + LINE_MAX by read_line()

 
 * Add AddUser= setting to unit files, similar to DynamicUser=1 which however
   creates a static, persistent user rather than a dynamic, transient user. We
 
 * Add AddUser= setting to unit files, similar to DynamicUser=1 which however
   creates a static, persistent user rather than a dynamic, transient user. We


@@ -453,9 +485,6 @@ Features:
   state.
   http://lists.freedesktop.org/archives/systemd-devel/2015-April/030229.html
 
   state.
   http://lists.freedesktop.org/archives/systemd-devel/2015-April/030229.html
 

-* Maybe add support for the equivalent of "ethtool advertise" to .link files?
-  http://lists.freedesktop.org/archives/systemd-devel/2015-April/030112.html
-

 * The udev blkid built-in should expose a property that reflects
   whether media was sensed in USB CF/SD card readers. This should then
   be used to control SYSTEMD_READY=1/0 so that USB card readers aren't
 * The udev blkid built-in should expose a property that reflects
   whether media was sensed in USB CF/SD card readers. This should then
   be used to control SYSTEMD_READY=1/0 so that USB card readers aren't


@@ -581,7 +610,6 @@ Features:
 
 * cgroups:
   - implement per-slice CPUFairScheduling=1 switch
 
 * cgroups:
   - implement per-slice CPUFairScheduling=1 switch

-  - handle jointly mounted controllers correctly

   - introduce high-level settings for RT budget, swappiness
   - how to reset dynamically changed unit cgroup attributes sanely?
   - when reloading configuration, apply new cgroup configuration
   - introduce high-level settings for RT budget, swappiness
   - how to reset dynamically changed unit cgroup attributes sanely?
   - when reloading configuration, apply new cgroup configuration


@@ -645,8 +673,6 @@ Features:
 
 * add a pam module that on password changes updates any LUKS slot where the password matches
 
 
 * add a pam module that on password changes updates any LUKS slot where the password matches
 

-* maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases...
-

 * test/:
   - add unit tests for config_parse_device_allow()
 
 * test/:
   - add unit tests for config_parse_device_allow()
 


@@ -852,8 +878,6 @@ Features:
     PID 1...
   - optionally automatically add FORWARD rules to iptables whenever nspawn is
     running, remove them when shut down.
     PID 1...
   - optionally automatically add FORWARD rules to iptables whenever nspawn is
     running, remove them when shut down.

-  - maybe make copying of /etc/resolv.conf optional, and skip it if --read-only
-    is used

 
 * dissect
   - refuse mounting over a mount point
 
 * dissect
   - refuse mounting over a mount point


@@ -873,9 +897,6 @@ Features:
   - "machinectl commit" that takes a writable snapshot of a tree, invokes a
     shell in it, and marks it read-only after use
 
   - "machinectl commit" that takes a writable snapshot of a tree, invokes a
     shell in it, and marks it read-only after use
 

-* importd:
-  - generate a nice warning if mkfs.btrfs is missing
-

 * cryptsetup:
   - cryptsetup-generator: allow specification of passwords in crypttab itself
   - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
 * cryptsetup:
   - cryptsetup-generator: allow specification of passwords in crypttab itself
   - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator