systemd-journald writes to /var/log/journal, which could be useful when we
doing disk usage calculations and so on.
-* taint systemd if the overflowuid/overflowgid is not 65534
+* taint systemd if there are fewer than 65536 users assigned to the system.
* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars
* support projid-based quota in machinectl for containers, and then drop
implicit btrfs loopback magic in machined
-* let's log the "tainted" string at boot
-
* Add NetworkNamespacePath= to specify a path to a network namespace
* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks
* beef up pam_systemd to take unit file settings such as cgroups properties as
parameters
-* export UID ranges nspawns's --private-user and DynamicUser= uses in
- the systemd.pc pkg-config file, the same way we already expose the system
- user boundary there
-
* a new "systemd-analyze security" tool outputting a checklist of security
features a service does and does not implement
-* Whenever we check a UID against the system UID range, also check for the
- dynamic UID range
-
* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
the quota of a the user indicated in User= via unit file settings, like the
other resource management concepts. Would mix nicely with DynamicUser=1. Or
* expose IO accounting data on the bus, show it in systemd-run --wait and log
about it in the resource log message
-* rework unbase64 code to drop whitespace automatically, so that we don't have
- to drop it first.
-
* add "systemctl purge" for flushing out configuration, state, logs, ... of a
unit when it is stopped
partition, that is mounted to / and is writable, and where the actual root's
/usr is mounted into.
-* .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly
-
* gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plus maybe a configuration file
* drop nss-myhostname in favour of nss-resolve?
* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit
-* mount_cgroup_controllers(): symlinks need to get the label applied
-
* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services
they run added to the initial transaction and thus confuse Type=idle.
Benefit: nspawn --ephemeral would start working nicely with the journal.
- assign MESSAGE_ID to log messages about failed services
+* add a test if all entries in the catalog are properly formatted.
+ (Adding dashes in a catalog entry currently results in the catalog entry
+ being silently skipped. journalctl --update-catalog must warn about this,
+ and we should also have a unit test to check that all our message are OK.)
+
* document:
- document that deps in [Unit] sections ignore Alias= fields in
[Install] units of other units, unless those units are disabled
https://github.com/systemd/systemd/pull/272#issuecomment-113153176
- should optionally support receiving WATCHDOG=1 messages from its payload
PID 1...
- - should send out sd_notify("WATCHDOG=1") messages
- optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down.
- maybe make copying of /etc/resolv.conf optional, and skip it if --read-only