- natively watch for dbus-*.service symlinks (PENDING)
- teach dbus to activate all services it finds in /etc/systemd/services/org-*.service
-* kernel: add device_type = "fb", "fbcon" to class "graphics"
-
-* /usr/bin/service should actually show the new command line
-
* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=
* neither pkexec nor sudo initialize environ[] from the PAM environment?
- init=/bin/sh vs. "emergency" mode, vs. "rescue" mode, vs. "multi-user" mode, vs. "graphical" mode, and the debug shell
- how to create your own target
- instantiated apache, dovecot and so on
- - hooking a script into various stages of shutdown/rearly booot
+ - hooking a script into various stages of shutdown/early boot
Regularly:
string_hash_ops_free everywhere, so that destruction is implicit rather than
explicit. Similar, for other special hashmap/set/ordered_hashmap destructors.
-* generators sometimes apply C escaping and somethines specifier escaping to
+* generators sometimes apply C escaping and sometimes specifier escaping to
paths and similar strings they write out. Sometimes both. We should clean
this up, and should probably always apply both, i.e. introduce
unit_file_escape() or so, which applies both.
+* xopenat() should pin the parent dir of the inode it creates before doing its
+ thing, so that it can create, open, label somewhat atomically.
+
Deprecations and removals:
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
Update INITRD_INTERFACE.md accordingly.
-* remove cgrouspv1 support EOY 2023. As per
+* remove cgroups v1 support EOY 2023. As per
https://lists.freedesktop.org/archives/systemd-devel/2022-July/048120.html
and then rework cgroupsv2 support around fds, i.e. keep one fd per active
unit around, and always operate on that, instead of cgroup fs paths.
Features:
+* add a new ExecStart= flag that inserts the configured user's shell as first
+ word in the command line. (maybe use character '.'). Usecase: tool such as
+ uid0 can use that to spawn the target user's default shell.
+
+* varlink: figure out how to do docs for our varlink interfaces. Idea: install
+ interface files augmented with docs in /usr/share/ somewhere. And have
+ functionality in varlinkctl to merge interface info extracted from binaries
+ with interface info on disk. And store the doc strings only in the latter.
+
+* introduce mntid_t, and make it 64bit, as apparently the kernel switched to
+ 64bit mount ids
+
+* use udev rule networkd ownership property to take ownership of network
+ interfaces nspawn creates
+
+* add a kernel cmdline switch (and cred?) for marking a system to be
+ "headless", in which case we never open /dev/console for reading, only for
+ writing. This would then mean: systemd-firstboot would process creds but not
+ ask interactively, getty would not be started and so on.
+
+* extend mime database with mime types for:
+ - journal files
+ - credential files
+ - hwdb files
+ - catalog files
+
+* cryptsetup: new crypttab option to auto-grow a luks device to its backing
+ partition size. new crypttab option to reencrypt a luks device with a new
+ volume key.
+
+* we probably should have some infrastructure to acquire sysexts with
+ drivers/firmware for local hardware automatically. Idea: reuse the modalias
+ logic of the kernel for this: make the main OS image install a hwdb file
+ that matches against local modalias strings, and adds properties to relevant
+ devices listing names of sysexts needed to support the hw. Then provide some
+ tool that goes through all devices and tries to acquire/download the
+ specified images.
+
+* repart + cryptsetup: support file systems that are encrypted and use verity
+ on top. Usecase: confexts that shall be signed by the admin but also be
+ confidential. Then, add a new --make-ddi=confext-encrypted for this.
+
+* tmpfiles: add new line type for moving files from some source dir to some
+ target dir. then use that to move sysexts/confexts and stuff from initrd
+ tmpfs to /run/, so that host can pick things up.
+
+* tiny varlink service that takes a fd passed in and serves it via http. Then
+ make use of that in networkd, and expose some EFI binary of choice for
+ DHCP/HTTP base EFI boot.
+
+* bootctl: add reboot-to-disk which takes a block device name, and
+ automatically sets things up so that system reboots into that device next.
+
+* maybe: in PID1, when we detect we run in an initrd, make superblock read-only
+ early on, but provide opt-out via kernel cmdline.
+
+* systemd-pcrextend:
+ - support measuring to nvindex with PCR update semantics ("fake PCRs")
+ - add api for "allocating" such an nvindex
+ - once we have that start measuring every sysext we apply, every confext,
+ every RootImage= we apply, every nspawn and so on. All in separate fake
+ PCRs.
+
* vmspawn:
- enable hyperv extension by default (https://www.qemu.org/docs/master/system/i386/hyperv.html)
- register with machined
as mass storage devices on systems that have a USB controller that can
operate in device mode
- add NVMe authentication
- - show login details also via plymouth
* add support for activating nvme-oF devices at boot automatically via kernel
cmdline, and maybe even support a syntax such as
dir. Similar for $XDG_RUNTIME_DIR. Start project@%i.target. Use LogField= to
add a field identifying the project.
-* logind: add a new dbus call Sleep() which automatically redirects to one of
- Suspend(), Hibernate(), SuspendThenHibernate() depending on what is
- available, and also subject to some local configuration in
- logind.conf. Should default to SuspendThenHibernate() if available, and then
- fallback to Suspend() and finally Hibernate() if not. Then expose this as
- "systemctl sleep", and tell DEs to default to this.
-
* in sd-boot and sd-stub measure the SMBIOS vendor strings to some PCR (at
least some subset of them that look like systemd stuff), because apparently
some firmware does not, but systemd honours it. avoid duplicate measurement
- systemd-dissect
- systemd-sysupdate
- systemd-analyze
+ - systemd-pcrlock (to allow fwupd to relax policy)
- kernel-install
* Varlink: add glue code to allow varlink clients to be authenticated via
* measure some string via pcrphase whenever we end up booting into emergency
mode.
-* homed: add a basic form of of secrets management to homed, that stores
+* homed: add a basic form of secrets management to homed, that stores
secrets in $HOME somewhere, is protected by the accounts own authentication
mechanisms. Should implement something PKCS#11-like that can be used to
implement emulated FIDO2 in unpriv userspace on top (which should happen
* .service with invalid Sockets= starts successfully.
* landlock: lock down RuntimeDirectory= via landlock, so that services lose
- ability to write anywehere else below /run/. Similar for
+ ability to write anywhere else below /run/. Similar for
StateDirectory=. Benefit would be clear delegation via unit files: services
get the directories they get, and nothing else even if they wanted to.
file system paths to enable on start.
• make systemd-fstab-generator look for a system credential encoding root= or
usr=
- • systemd-homed: when initializing, look for a credential
- systemd.homed.register or so with JSON user records to automatically
- register if not registered yet. Use case: deploy a system, and add an
- account one can directly log into.
• in gpt-auto-generator: check partition uuids against such uuids supplied via
sd-stub credentials. That way, we can support parallel OS installations with
pre-built kernels.
file to move there, since it is managed by privileged code (i.e. homed) and
not unprivileged code.
-* given that /etc/ssh/ssh_config.d/ is a thing now, ship a drop-in for that
- that hooks up userdbctl ssh-key stuff.
-
* maybe add support for binding and connecting AF_UNIX sockets in the file
system outside of the 108ch limit. When connecting, open O_PATH fd to socket
inode first, then connect to /proc/self/fd/XYZ. When binding, create symlink
uses RootDirectory= or RootImage=. (Might also over-mount
/sys/class/dmi/id/*{uuid,serial} with /dev/null).
-* kernel-install:
- - add --all switch for rerunning kernel-install for all installed kernels
-
* doc: prep a document explaining resolved's internal objects, i.e. Query
vs. Question vs. Transaction vs. Stream and so on.
defined on the host, plus all images installed into /var/lib/machines/,
/var/lib/portable/ and so on.
- figure out what to do about system extensions (i.e. they need to imply an
- update component, since otherwise system extenion' sysupdate.d/ files would
- override the host's update files.)
+ update component, since otherwise sysupdate.d/ files would override the
+ host's update files.)
- Allow invocation with a single transfer definition, i.e. with
--definitions= pointing to a file rather than a dir.
- add ability to disable implicit decompression of downloaded artifacts,
* teach parse_timestamp() timezones like the calendar spec already knows it
-* beef up s2h to implement a battery watch loop: instead of entering
- hibernation unconditionally after coming back from resume make a decision
- based on the battery load level: if battery level is above a specific
- threshold, go to suspend again, only hibernate if below it. This means we'd
- stick to suspend usually, but fall back to hibernation only when battery runs
- empty (well, subject to our sampling interval). Related to this, check if we
- can make ACPI _BTP (i.e. /sys/class/power_supply/*/alarm) work for us too,
- i.e. see if it can wake up machines from suspend, so that we could resume
- automatically when the system is low on power and move automatically to
- hibernation mode. (see
- https://uefi.org/sites/default/files/resources/ACPI%206_2_A_Sept29.pdf
- section 10.2.2.8 and
- https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby-wake-sources
- at the end).
-
* We should probably replace /etc/rc.d/README with a symlink to doc
content. After all it is constant vendor data.
- generate better errors when people try to set transient properties
that are not supported...
https://lists.freedesktop.org/archives/systemd-devel/2015-February/028076.html
- - maybe introduce WantsMountsFor=? Use case:
- https://lists.freedesktop.org/archives/systemd-devel/2015-January/027729.html
- recreate systemd's D-Bus private socket file on SIGUSR2
- move PAM code into its own binary
- when we automatically restart a service, ensure we restart its rdeps, too.
if LimitNPROC= is used without User= we should warn and refuse
operation.
- journalctl --verify: don't show files that are currently being
- written to as FAIL, but instead show that their are being written to.
+ written to as FAIL, but instead show that they are being written to.
- add journalctl -H that talks via ssh to a remote peer and passes through
binary logs data
- add a version of --merge which also merges /var/log/journal/remote
- support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
- maybe pre-create ~/.cache as subvol so that it can have separate quota
easily?
- - add a switch to homectl (maybe called --first-boot) where it will check if
- any non-system users exist, and if not prompts interactively for basic user
- info, mimicking systemd-firstboot. Then, place this in a service that runs
- after systemd-homed, but before gdm and friends, as a simple, barebones
- fallback logic to get a regular user created on uninitialized systems.
- store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
- maybe make all *.home files owned by `systemd-home` user or so, so that we
avatar/photo or so. This data should be stored along with the user record,
but probably shouldn't be part of the record itself, since it might be
large.
+ - add "homectl unbind" command to remove local user record of an inactive
+ home dir
* add a new switch --auto-definitions=yes/no or so to systemd-repart. If
specified, synthesize a definition automatically if we can: enlarge last
them at shutdown; store them in client->ia_na
- write more test cases
- implement reconfigure support, see 5.3., 15.11. and 22.20.
- - implement support for temporary adressess (IA_TA)
+ - implement support for temporary addresses (IA_TA)
- implement dhcpv6 authentication
- investigate the usefulness of Confirm messages; i.e. are there any
situations where the link changes without any loss in carrier detection
projects / thirdparty / systemd.git / blobdiff