Features:
+* maybe rework get_user_creds() to query the user database if $SHELL is used
+ for root, but only then.
+
+* there should be path_hash_ops and we should use it in tmpfiles' hashmap object to deal with identical but differently spelt paths
+
+* be stricter with fds we receive for the fdstore: close them asynchronously
+
+* calenderspec: add support for week numbers and day numbers within a
+ year. This would allow us to define "bi-weekly" triggers safely.
+
+* add support for recursive bpf firewalling as supported by the newest kernel
+
+* add bpf-based implementation of devices cgroup controller logic for compat with cgroupsv2 as supported by newest kernel
+
+* introduce sd_id128_get_boot_app_specific() which is like
+ sd_id128_get_machine_app_specific(). After all on long-running systems both
+ IDs have similar properties.
+
+* emulate properties of the root cgroup on controllers that don't support such
+ properties natively on cpu/io/memory, the way we already do it for
+ "pids". Also, add the same logic to cgtop.
+
+* set TasksAccounting=1 on the root slice if we are running on the root cgroup,
+ and similar for the others, as soon as we emulate them properly. After all,
+ Linux keeps these system-wide stats anyway, and it costs nothing to expose
+ them.
+
+* sd-bus: add vtable flag, that may be used to request client creds implicitly
+ and asynchronously before dispatching the operation
+
+* implement transient socket unit.
+
+* make use of ethtool veth peer info in machined, for automatically finding out
+ host-side interface pointing to the container.
+
+* add some special mode to LogsDirectory=/StateDirectory=… that allows
+ declaring these directories without necessarily pulling in deps for them, or
+ creating them when starting up. That way, we could declare that
+ systemd-journald writes to /var/log/journal, which could be useful when we
+ doing disk usage calculations and so on.
+
+* taint systemd if there are fewer than 65536 users assigned to the system.
+
+* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars
+
* add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for
the runtime dir as we maintain for the fdstore: i.e. keep it around as long
as the unit is running or has a job queued.
-* hook up sd-bus' creds stuff with SO_PEERGROUPS
-
-* add async version of sd_bus_add_match and make use of that
-
-* let's log the "tainted" string at boot
+* support projid-based quota in machinectl for containers, and then drop
+ implicit btrfs loopback magic in machined
* Add NetworkNamespacePath= to specify a path to a network namespace
* add a way to lock down cgroup migration: a boolean, which when set for a unit
makes sure the processes in it can never migrate out of it
-* complain if a unit starts up and there are already processes in its cgroup
-
* blog about fd store and restartable services
* document Environment=SYSTEMD_LOG_LEVEL=debug drop-in in debugging document
* rework ExecOutput and ExecInput enums so that EXEC_OUTPUT_NULL loses its
magic meaning and is no longer upgraded to something else if set explicitly.
-* add a way to remove fds from the fdstore by name, and make logind use it
-
* in the long run: permit a system with /etc/machine-id linked to /dev/null, to
make it lose its identity, i.e. be anonymous. For this we'd have to patch
through the whole tree to make all code deal with the case where no machine
suitable for processing with rrdtool. Add bus API to access this data, and
possibly implement a CPULoad property based on it.
-* In journalctl add a way how "-o verbose" and suchlike can be tweaked to show
- only a specific set of properties
-
* beef up pam_systemd to take unit file settings such as cgroups properties as
parameters
-* export UID ranges nspawns's --private-user and DynamicUser= uses in
- the systemd.pc pkg-config file, the same way we already expose the system
- user boundary there
-
* a new "systemd-analyze security" tool outputting a checklist of security
features a service does and does not implement
-* Whenever we check a UID against the system UID range, also check for the
- dynamic UID range
-
* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
the quota of a the user indicated in User= via unit file settings, like the
- other resource management concepts. Would mix nicely with DynamicUser=1
+ other resource management concepts. Would mix nicely with DynamicUser=1. Or
+ alternatively, do this with projids, so that we can also cover services
+ running as root. Quota should probably cover all the special dirs such as
+ StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
+ is set, plus the whole disk space any image configured with RootImage=.
* Introduce "exit" as an EmergencyAction value, and allow to configure a
per-unit success/failure exit code to configure. This would be useful for
taken if multiple dirs are configured. Maybe avoid setting the env vars in
that case?
-* introduce SuccessAction= that permits shutting down the system when a service
- succeeds. This is useful to replace "ExecPost=/usr/bin/systemctl poweroff" and
- similar constructs, which are frequently used. This is particularly nice for
- implementation of a systemd.run= kernel command line option that runs some
- command and immediately shuts down.
-
* expose IO accounting data on the bus, show it in systemd-run --wait and log
about it in the resource log message
-* rework unbase64 code to drop whitespace automatically, so that we don't have
- to drop it first.
-
* add "systemctl purge" for flushing out configuration, state, logs, ... of a
unit when it is stopped
ReadWritePaths=:/var/lib/foobar
-* sort generated hwdb files alphabetically when we import them, so that git
- diffs remain minimal (in particular: the OUI databases we import are not
- sorted, and not stable)
-
* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for
the sd-journal logging socket, and, if the timeout is set to 0, sets
O_NONBLOCK on it. That way people can control if and when to block for
logging.
-* tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e.
- PIDs not managed by the service manager)
-
* hostnamed: populate form factor data from a new hwdb database, so that old
yogas can be recognized as "convertible" too, even if they predate the DMI
"convertible" form factor
"systemd-gdb" for attaching to the start-up of any system service in its
natural habitat.
-* replace all canonicalize_file_name() invocations by chase_symlinks(), in
- particulr those where a rootdir is relevant.
-
* maybe introduce gpt auto discovery for /var/tmp?
* maybe add gpt-partition-based user management: each user gets his own
partition, that is mounted to / and is writable, and where the actual root's
/usr is mounted into.
-* machined: add apis to query /etc/machine-info data of a container
-
-* .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly
-
* gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plus maybe a configuration file
* drop nss-myhostname in favour of nss-resolve?
-* drop internal dlopen() based nss-dns fallback in nss-resolve, and rely on the
- external nsswitch.conf based one
-
* add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and
then use that for the setting used in user@.service. It should be understood
relative to the configured default value.
* Permit masking specific netlink APIs with RestrictAddressFamily=
-* nspawn: start UID allocation loop from hash of container name
-
* nspawn: support that /proc, /sys/, /dev are pre-mounted
* define gpt header bits to select volatility mode
a user/group for a service only has to exist on the host for the right
mapping to work.
-* allow attaching additional journald log fields to cgroups
-
* add bus API for creating unit files in /etc, reusing the code for transient units
* add bus API to remove unit files from /etc
the specified range and generates sane error messages for incorrect
specifications.
-* do something about "/control" subcgroups in the unified cgroup hierarchy
-
* when we detect that there are waiting jobs but no running jobs, do something
* push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy)
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
-* mounting and unmounting mount points manually with different source
- devices will result in collected on all devices used.
- http://lists.freedesktop.org/archives/systemd-devel/2015-April/030225.html
-
* add a job mode that will fail if a transaction would mean stopping
running units. Use this in timedated to manage the NTP service
state.
* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
* Port various tools to make use of verbs.[ch], where applicable: busctl,
- coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl
+ coredumpctl, hostnamectl, localectl, timedatectl
* hostnamectl: show root image uuid
* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit
-* mount_cgroup_controllers(): symlinks need to get the label applied
-
* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services
they run added to the initial transaction and thus confuse Type=idle.
- see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself
- see if we can drop more message validation on the sending side
- add API to clone sd_bus_message objects
- - make AddMatch calls on dbus1 transports async?
- longer term: priority inheritance
- dbus spec updates:
- NameLost/NameAcquired obsolete
- GVariant
- path escaping
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- - test bloom filter generation indexes
* sd-event
- allow multiple signal handlers per signal?
* shutdown logging: store to EFI var, and store to USB stick?
-* think about window-manager-run-as-user-service problem: exit 0 → activate shutdown.target; exit != 0 → restart service
-
* merge unit_kill_common() and unit_kill_context()
* introduce ExecCondition= in services
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
-* service: watchdog logic: for testing purposes allow ping, but do not require pong
-
* journal:
- consider introducing implicit _TTY= + _PPID= + _EUID= + _EGID= + _FSUID= + _FSGID= fields
- import and delete pstore filesystem content at startup
- journald: when we drop syslog messages because the syslog socket is
full, make sure to write how many messages are lost as first thing
to syslog when it works again.
- - journald: make sure ratelimit is actually really per-service with the new cgroup changes
- change systemd-journal-flush into a service that stays around during
boot, and causes the journal to be moved back to /run on shutdown,
so that we do not keep /var busy. This needs to happen synchronously,
- add journalctl -H that talks via ssh to a remote peer and passes through
binary logs data
- add a version of --merge which also merges /var/log/journal/remote
- - log accumulated resource usage after each service invocation
- journalctl: -m should access container journals directly by enumerating
them via machined, and also watch containers coming and going.
Benefit: nspawn --ephemeral would start working nicely with the journal.
- assign MESSAGE_ID to log messages about failed services
+* add a test if all entries in the catalog are properly formatted.
+ (Adding dashes in a catalog entry currently results in the catalog entry
+ being silently skipped. journalctl --update-catalog must warn about this,
+ and we should also have a unit test to check that all our message are OK.)
+
* document:
- document that deps in [Unit] sections ignore Alias= fields in
[Install] units of other units, unless those units are disabled
- man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets
- document that service reload may be implemented as service reexec
- - document in wiki how to map ical recurrence events to systemd timer unit calendar specifications
- add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr.
- document systemd-journal-flush.service properly
- documentation: recommend to connect the timer units of a service to the service via Also= in [Install]
- add new command to systemctl: "systemctl system-reexec" which reexecs as many daemons as virtually possible
- systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards?
- systemctl: "Journal has been rotated since unit was started." message is misleading
- - better error message if you run systemctl without systemd running
- systemctl status output should include list of triggering units and their status
* unit install:
https://github.com/systemd/systemd/pull/272#issuecomment-113153176
- should optionally support receiving WATCHDOG=1 messages from its payload
PID 1...
- - should send out sd_notify("WATCHDOG=1") messages
- optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down.
- - Improve error message when --bind= is used on a non-existing source
- directory
- maybe make copying of /etc/resolv.conf optional, and skip it if --read-only
is used
* write blog stories about:
- hwdb: what belongs into it, lsusb
- enabling dbus services
- - status update
- how to make changes to sysctl and sysfs attributes
- remote access
- how to pass throw-away units to systemd, or dynamically change properties of existing units
* check for strerror(r) instead of strerror(-r)
-* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel
-
* pahole
* set_put(), hashmap_put() return values check. i.e. == 0 does not free()!