Features:
+* let's log the "tainted" string at boot
+
+* Add NetworkNamespacePath= to specify a path to a network namespace
+
+* Add StandardInputData= and StandardInputText= for putting together data to
+ pass to a service through stdin
+
+* Add StandardInputPath=, StandardOutputPath=, StandardErrorPath= to connect a
+ service to a specific file. Be smart, and if the specified path refers to an
+ AF_UNIX socket, connect() to it.
+
+* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks
+ introduced) as the RTC epoch, instead of the mtime of NEWS.
+
+* Introduce GCMode= as unit file property or so, for tweaking the GC
+ logic. Specifically, there should be a way to tell systemd to collect
+ individual units even on failure. Then, make systemd-run --wait use this, so
+ that failed transient units in that case don't stick around.
+
+* add a way to lock down cgroup migration: a boolean, which when set for a unit
+ makes sure the processes in it can never migrate out of it
+
+* complain if a unit starts up and there are already processes in its cgroup
+
+* blog about fd store and restartable services
+
+* document Environment=SYSTEMD_LOG_LEVEL=debug drop-in in debugging document
+
+* add a way to remove fds from the fdstore by name, and make logind use it
+
+* in the long run: permit a system with /etc/machine-id linked to /dev/null, to
+ make it lose its identity, i.e. be anonymous. For this we'd have to patch
+ through the whole tree to make all code deal with the case where no machine
+ ID is available.
+
+* optionally, collect cgroup resource data, and store it in per-unit RRD files,
+ suitable for processing with rrdtool. Add bus API to access this data, and
+ possibly implement a CPULoad property based on it.
+
+* In journalctl add a way how "-o verbose" and suchlike can be tweaked to show
+ only a specific set of properties
+
+* beef up pam_systemd to take unit file settings such as cgroups properties as
+ parameters
+
+* export UID ranges nspawns's --private-user and DynamicUser= uses in
+ the systemd.pc pkg-config file, the same way we already expose the system
+ user boundary there
+
+* a new "systemd-analyze security" tool outputting a checklist of security
+ features a service does and does not implement
+
+* Whenever we check a UID against the system UID range, also check for the
+ dynamic UID range
+
+* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage
+ the quota of a the user indicated in User= via unit file settings, like the
+ other resource management concepts. Would mix nicely with DynamicUser=1
+
+* add dissect_image_warn() as a wrapper around dissect_image() that prints
+ friendly log messages for the returned errors, so that we don't have to
+ duplicate that in nspawn, systemd-dissect and PID 1.
+
+* maybe set a new set of env vars for services, based on RuntimeDirectory=,
+ StateDirectory=, LogsDirectory=, CacheDirectory= and ConfigurationDirectory=
+ automatically. For example, there could be $RUNTIME_DIRECTORY,
+ $STATE_DIRECTORY, $LOGS_DIRECTORY=, $CACHE_DIRECTORY and
+ $CONFIGURATION_DIRECTORY or so. This could be useful to write services that
+ can adapt to varying directories for these purposes. Special care has to be
+ taken if multiple dirs are configured. Maybe avoid setting the env vars in
+ that case?
+
+* expose IO accounting data on the bus, show it in systemd-run --wait and log
+ about it in the resource log message
+
+* add "systemctl purge" for flushing out configuration, state, logs, ... of a
+ unit when it is stopped
+
+* show whether a service has out-of-date configuration in "systemctl status" by
+ using mtime data of ConfigurationDirectory=.
+
* replace all uses of fgets() + LINE_MAX by read_line()
+* set IPAddressDeny=any on all services that shouldn't do networking (possibly
+ combined with IPAddressAllow=localhost).
+
* dissect: when we discover squashfs, don't claim we had a "writable" partition
in systemd-dissect
* maybe introduce gpt auto discovery for /var/tmp?
-* fix PrivateNetwork= so that we fall back gracefully on kernels lacking
- namespacing support (similar for the other namespacing options)
-
* maybe add gpt-partition-based user management: each user gets his own
LUKS-encrypted GPT partition with a new GPT type. A small nss module
enumerates users via udev partition enumeration. UIDs are assigned in a fixed
then use that for the setting used in user@.service. It should be understood
relative to the configured default value.
-* on cgroupsv2 add DelegateControllers=, to pick the precise cgroup controllers to delegate
-
* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us
* enable LockMLOCK to take a percentage value relative to physical memory
* DeviceAllow= should also generate seccomp filters for mknod()
-* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
- RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
-
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
* journalctl: make sure -f ends when the container indicated by -M terminates
prefixed with /sys generally special.
http://lists.freedesktop.org/archives/systemd-devel/2015-June/032962.html
-* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
-
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
* introduce systemd-timesync-wait.service or so to sync on an NTP fix?
-* systemd --user should issue sd_notify() upon reaching basic.target, not on becoming idle
-
* consider showing the unit names during boot up in the status output, not just the unit descriptions
* maybe allow timer units with an empty Units= setting, so that they
* create /sbin/init symlinks from the build system
+* add a dependency on standard-conf.xml and other included files to man pages
+
* MountFlags=shared acts as MountFlags=slave right now.
* properly handle loop back mounts via fstab, especially regards to fsck/passno