Features:
-* check ID_RENAMING= property from PID1's .device logic, and don't consider
- devices that are being renamed.
+* clean up sleep.c:
+ - Use CLOCK_BOOTTIME_ALARM for waking up s2h instead of RTC ioctls
+ - Parse sleep.conf only once, and parse its whole contents so that we don't
+ have to parse it again and again in s2h
+ - Make sure resume= and resume_offset= on the kernel cmdline always take
+ precedence
+
+* maybe add a seccomp-based high-level filter that blocks creation of suid/sgid
+ files.
* make MAINPID= message reception checks even stricter: if service uses User=,
then check sending UID and ignore message if it doesn't match the user or
* maybe implicitly attach monotonic+realtime timestamps to outgoing messages in
log.c and sd-journal-send
-* chown() tty a service is attached to after the service goes down
-
* optionally: turn on cgroup delegation for per-session scope units
* introduce per-unit (i.e. per-slice, per-service) journal log size limits.
* support projid-based quota in machinectl for containers
-* Add NetworkNamespacePath= to specify a path to a network namespace
-
* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks
introduced) as the RTC epoch, instead of the mtime of NEWS.
* optionally, also require WATCHDOG=1 notifications during service start-up and shutdown
-* resolved: when routing queries, make sure only look for the *longest* suffix...
-
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
service instances processing the listening socket, and open this up
for ReusePort=
-* socket units: support creating sockets in different namespace,
- opening it up for JoinsNamespaceOf=. This would require to fork off
- a tiny process that joins the namespace and creates/binds the socket
- and passes this back to PID1 via SCM_RIGHTS. This also could be used
- to allow Chown/chgrp on sockets without requiring NSS in PID 1.
-
* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
$UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
should SIGSTOP all unit processes in a loop until all processes of
* load .d/*.conf dropins for device units
-* allow implementation of InaccessibleDirectories=/ plus
- ReadOnlyDirectories=... for whitelisting files for a service.
-
* sd-bus:
- EBADSLT handling
- GetAllProperties() on a non-existing object does not result in a failure currently
- honor language efi variables for default language selection (if there are any?)
- honor timezone efi variables for default timezone selection (if there are any?)
- change bootctl to be backed by systemd-bootd to control temporary and persistent default boot goal plus efi variables
+* bootctl
+ - verify that the files boot entries point to exist
+ - recognize the case when not booted on EFI
+ - specify paths for boot entries
* maybe do not install getty@tty1.service symlink in /etc but in /usr?
- follow PropertiesChanged state more closely, to deal with quick logouts and
relogins
-* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
-
* journal:
- consider introducing implicit _TTY= + _PPID= + _EUID= + _EGID= + _FSUID= + _FSGID= fields
- import and delete pstore filesystem content at startup