Features:
+* systemd-nspawn should get the same SSH key support that vmspawn now has.
+
* insert the new pidfs inode number as a third field into PidRef, so that
PidRef are reasonably serializable without having to pass around fds.
* add a new ExecStart= flag that inserts the configured user's shell as first
word in the command line. (maybe use character '.'). Usecase: tool such as
- uid0 can use that to spawn the target user's default shell.
+ run0 can use that to spawn the target user's default shell.
* varlink: figure out how to do docs for our varlink interfaces. Idea: install
interface files augmented with docs in /usr/share/ somewhere. And have
* use udev rule networkd ownership property to take ownership of network
interfaces nspawn creates
+* mountfsd/nsresourced
+ - userdb: maybe allow callers to map one uid to their own uid
+ - bpflsm: allow writes if resulting UID on disk would be userns' owner UID
+ - make encrypted DDIs work (password…)
+ - add API for creating a new file system from scratch (together with some
+ dm-integrity/HMAC key). Should probably work using systemd-repart (access
+ via varlink).
+ - add api to make an existing file "trusted" via dm-integry/HMAC key
+ - port: portabled
+ - port: tmpfiles, sysusers and similar
+ - lets see if we can make runtime bind mounts into unpriv nspawn work
+
* add a kernel cmdline switch (and cred?) for marking a system to be
"headless", in which case we never open /dev/console for reading, only for
writing. This would then mean: systemd-firstboot would process creds but not
policy from currently booted kernel/event log, to close gap for first boot
for pre-built images
-* add a new systemd-project@.service that is very similar to user@.service but
- uses DynamicUser=1 and no PAMName= to invoke an unprivileged somewhat
- light-weight service manager. Use HOME=/var/lib/systemd/projects/%i as home
- dir. Similar for $XDG_RUNTIME_DIR. Start project@%i.target. Use LogField= to
- add a field identifying the project.
-
* in sd-boot and sd-stub measure the SMBIOS vendor strings to some PCR (at
least some subset of them that look like systemd stuff), because apparently
some firmware does not, but systemd honours it. avoid duplicate measurement
* make us use dynamically fewer deps for containers in general purpose distros:
o turn into dlopen() deps:
- - kmod-libs (only when called from PID 1)
- libblkid (only in RootImage= handling in PID 1, but not elsewhere)
- libpam (only when called from PID 1)
- - bzip2 (always — gzip should probably stay static dep the way it is,
- since it's so basic and our defaults)
* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
Apparently kernel performance is much better with fewer larger seccomp
- fingerprint authentication, pattern authentication, …
- make sure "classic" user records can also be managed by homed
- make size of $XDG_RUNTIME_DIR configurable in user record
- - query password from kernel keyring first
- - update even if record is "absent"
- move acct mgmt stuff from pam_systemd_home to pam_systemd?
- when "homectl --pkcs11-token-uri=" is used, synthesize ssh-authorized-keys records for all keys we have private keys on the stick for
- make slice for users configurable (requires logind rework)
- allow Name= to be specified repeatedly in the [Match] section. Maybe also
support Name=foo*|bar*|baz ?
- whenever uplink info changes, make DHCP server send out FORCERENEW
- - figure out spelling: NamespaceId vs. NamespaceNSID
* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us
projects / thirdparty / systemd.git / blobdiff