Features:
-* let's log the "tainted" string at boot
+* add some special mode to LogsDirectory=/StateDirectory=… that allows
+ declaring these directories without necessarily pulling in deps for them, or
+ creating them when starting up. That way, we could declare that
+ systemd-journald writes to /var/log/journal, which could be useful when we
+ doing disk usage calculations and so on.
-* Add NetworkNamespacePath= to specify a path to a network namespace
+* add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for
+ the runtime dir as we maintain for the fdstore: i.e. keep it around as long
+ as the unit is running or has a job queued.
+
+* hook up sd-bus' creds stuff with SO_PEERGROUPS
-* Add StandardInputData= and StandardInputText= for putting together data to
- pass to a service through stdin
+* add async version of sd_bus_add_match and make use of that
+
+* support projid-based quota in machinectl for containers, and then drop
+ implicit btrfs loopback magic in machined
+
+* let's log the "tainted" string at boot
-* Add StandardInputPath=, StandardOutputPath=, StandardErrorPath= to connect a
- service to a specific file. Be smart, and if the specified path refers to an
- AF_UNIX socket, connect() to it.
+* Add NetworkNamespacePath= to specify a path to a network namespace
* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks
introduced) as the RTC epoch, instead of the mtime of NEWS.
-* Introduce GCMode= as unit file property or so, for tweaking the GC
- logic. Specifically, there should be a way to tell systemd to collect
- individual units even on failure. Then, make systemd-run --wait use this, so
- that failed transient units in that case don't stick around.
-
* add a way to lock down cgroup migration: a boolean, which when set for a unit
makes sure the processes in it can never migrate out of it
-* complain if a unit starts up and there are already processes in its cgroup
-
* blog about fd store and restartable services
* document Environment=SYSTEMD_LOG_LEVEL=debug drop-in in debugging document
+* rework ExecOutput and ExecInput enums so that EXEC_OUTPUT_NULL loses its
+ magic meaning and is no longer upgraded to something else if set explicitly.
+
* add a way to remove fds from the fdstore by name, and make logind use it
* in the long run: permit a system with /etc/machine-id linked to /dev/null, to
* In journalctl add a way how "-o verbose" and suchlike can be tweaked to show
only a specific set of properties
+* beef up pam_systemd to take unit file settings such as cgroups properties as
+ parameters
+
* export UID ranges nspawns's --private-user and DynamicUser= uses in
the systemd.pc pkg-config file, the same way we already expose the system
user boundary there
+* a new "systemd-analyze security" tool outputting a checklist of security
+ features a service does and does not implement
+
* Whenever we check a UID against the system UID range, also check for the
dynamic UID range
* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
the quota of a the user indicated in User= via unit file settings, like the
- other resource management concepts. Would mix nicely with DynamicUser=1
+ other resource management concepts. Would mix nicely with DynamicUser=1. Or
+ alternatively, do this with projids, so that we can also cover services
+ running as root. Quota should probably cover all the special dirs such as
+ StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
+ is set, plus the whole disk space any image configured with RootImage=.
+
+* Introduce "exit" as an EmergencyAction value, and allow to configure a
+ per-unit success/failure exit code to configure. This would be useful for
+ running commands inside of services inside of containers, which could then
+ propagate their failure state all the way up.
+
+* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
+ disks to see if the UID is already in use.
* add dissect_image_warn() as a wrapper around dissect_image() that prints
friendly log messages for the returned errors, so that we don't have to
duplicate that in nspawn, systemd-dissect and PID 1.
+* add "systemctl wait" or so, which does what "systemd-run --wait" does, but
+ for all units. It should be both a way to pin units into memory as well as a
+ wait to retrieve their exit data.
+
* maybe set a new set of env vars for services, based on RuntimeDirectory=,
StateDirectory=, LogsDirectory=, CacheDirectory= and ConfigurationDirectory=
automatically. For example, there could be $RUNTIME_DIRECTORY,
taken if multiple dirs are configured. Maybe avoid setting the env vars in
that case?
+* introduce SuccessAction= that permits shutting down the system when a service
+ succeeds. This is useful to replace "ExecPost=/usr/bin/systemctl poweroff" and
+ similar constructs, which are frequently used. This is particularly nice for
+ implementation of a systemd.run= kernel command line option that runs some
+ command and immediately shuts down.
+
* expose IO accounting data on the bus, show it in systemd-run --wait and log
about it in the resource log message
+* rework unbase64 code to drop whitespace automatically, so that we don't have
+ to drop it first.
+
* add "systemctl purge" for flushing out configuration, state, logs, ... of a
unit when it is stopped
* replace all uses of fgets() + LINE_MAX by read_line()
-* set IPAddressDeny=any on all services that shouldn't do networking (possibly
- combined with IPAddressAllow=localhost).
-
-* dissect: when we discover squashfs, don't claim we had a "writable" partition
- in systemd-dissect
-
* Add AddUser= setting to unit files, similar to DynamicUser=1 which however
creates a static, persistent user rather than a dynamic, transient user. We
can leverage code from sysusers.d for this.
--as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such
as MAINPID.
-* change the dependency Set* objects in Unit structures to become Hashmap*, and
- then store a bit mask who created a specific dependency: the source unit via
- fragment configuration, the destination unit via fragment configuration, or
- the source unit via udev rules (in case of .device units), or any combination
- thereof. This information can then be used to flush out old udev-created
- dependencies when the udev properties change, and eventually to implement a
- "systemctl refresh" operation for reloading the configuration of individual
- units without reloading the whole set.
-
* Add ExecMonitor= setting. May be used multiple times. Forks off a process in
the service cgroup, which is supposed to monitor the service, and when it
exits the service is considered failed by its monitor.
then use that for the setting used in user@.service. It should be understood
relative to the configured default value.
-* on cgroupsv2 add DelegateControllers=, to pick the precise cgroup controllers to delegate
-
* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us
* enable LockMLOCK to take a percentage value relative to physical memory
the specified range and generates sane error messages for incorrect
specifications.
-* do something about "/control" subcgroups in the unified cgroup hierarchy
-
* when we detect that there are waiting jobs but no running jobs, do something
* push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy)
prefixed with /sys generally special.
http://lists.freedesktop.org/archives/systemd-devel/2015-June/032962.html
-* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
-
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
-* implement a per-service firewall based on net_cls
-
* Port various tools to make use of verbs.[ch], where applicable: busctl,
coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl
- document that deps in [Unit] sections ignore Alias= fields in
[Install] units of other units, unless those units are disabled
- man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets
- - document the exit codes when services fail before they are exec()ed
- document that service reload may be implemented as service reexec
- document in wiki how to map ical recurrence events to systemd timer unit calendar specifications
- add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr.