Features:
+* sort generated hwdb files alphabetically when we import them, so that git
+ diffs remain minimal (in particular: the OUI databases we import are not
+ sorted, and not stable)
+
+* set SystemCallArchitectures=native on all our services
+
+* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for
+ the sd-journal logging socket, and, if the timeout is set to 0, sets
+ O_NONBLOCK on it. That way people can control if and when to block for
+ logging.
+
+* tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e.
+ PIDs not managed by the service manager)
+
* journald: when we recv a log datagram via the native or syslog transports,
search for the PID in the active stream connections, and let's make sure to
always process the datagrams before the streams. Then, cache client metadata
quickly exiting processes which log as long as they had their own stream
connection...
+* hostnamed: populate form factor data from a new hwdb database, so that old
+ yogas can be recognized as "convertible" too, even if they predate the DMI
+ "convertible" form factor
+
* Maybe add a small tool invoked early at boot, that adds in or resizes
partitions automatically, to be used when the media used is actually larger
than the image written onto it is.
* set ProtectSystem=strict for all our usual services.
+* fix PrivateNetwork= so that we fall back gracefully on kernels lacking
+ namespacing support (similar for the other namespacing options)
+
* maybe add gpt-partition-based user management: each user gets his own
LUKS-encrypted GPT partition with a new GPT type. A small nss module
enumerates users via udev partition enumeration. UIDs are assigned in a fixed
* switch to ProtectSystem=strict for all our long-running services where that's possible
-* If RootDirectory= is used, mount /proc, /sys, /dev into it, if not mounted yet
-
* Permit masking specific netlink APIs with RestrictAddressFamily=
* nspawn: start UID allocation loop from hash of container name
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
-* Add RootImage= for mounting a disk image or file as root directory
-
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
* journalctl: make sure -f ends when the container indicated by -M terminates