X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=1427ef0faf4b49c97dfa1db8a7000143d13f2448;hb=1e589ed2649ad6ed31406c281fd4178fb396288a;hp=d8de3b4a2347fb715e022a2e26408644bb5e637f;hpb=f9753b0c792054ce7ea3c6fa2221d5f1d0b79b3c;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index d8de3b4a234..1427ef0faf4 100644 --- a/TODO +++ b/TODO @@ -24,15 +24,60 @@ Janitorial Clean-ups: Features: +* there should be path_hash_ops and we should use it in tmpfiles' hashmap object to deal with identical but differently spelt paths + +* rework pid watching logic, allow any number of units watch the same pid + +* be stricter with fds we receive for the fdstore: close them asynchronously + +* be stricter with pid file and notify pids: don't allow them to be outside of cgroup, except if sender is privileged + +* calenderspec: add support for week numbers and day numbers within a + year. This would allow us to define "bi-weekly" triggers safely. + +* add support for recursive bpf firewalling as supported by the newest kernel + +* add bpf-based implementation of devices cgroup controller logic for compat with cgroupsv2 as supported by newest kernel + +* introduce sd_id128_get_boot_app_specific() which is like + sd_id128_get_machine_app_specific(). After all on long-running systems both + IDs have similar properties. + +* emulate properties of the root cgroup on controllers that don't support such + properties natively on cpu/io/memory, the way we already do it for + "pids". Also, add the same logic to cgtop. + +* set TasksAccounting=1 on the root slice if we are running on the root cgroup, + and similar for the others, as soon as we emulate them properly. After all, + Linux keeps these system-wide stats anyway, and it costs nothing to expose + them. + +* sd-bus: add vtable flag, that may be used to request client creds implicitly + and asynchronously before dispatching the operation + +* implement transient socket unit. + +* make systemd-run create transient path and socket unit. + +* make use of ethtool veth peer info in machined, for automatically finding out + host-side interface pointing to the container. + +* add some special mode to LogsDirectory=/StateDirectory=… that allows + declaring these directories without necessarily pulling in deps for them, or + creating them when starting up. That way, we could declare that + systemd-journald writes to /var/log/journal, which could be useful when we + doing disk usage calculations and so on. + +* taint systemd if there are fewer than 65536 users assigned to the system. + +* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars + * add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for the runtime dir as we maintain for the fdstore: i.e. keep it around as long as the unit is running or has a job queued. -* hook up sd-bus' creds stuff with SO_PEERGROUPS - -* add async version of sd_bus_add_match and make use of that - -* let's log the "tainted" string at boot +* support projid-based quota in machinectl for containers, and then drop + implicit btrfs loopback magic in machined * Add NetworkNamespacePath= to specify a path to a network namespace @@ -42,8 +87,6 @@ Features: * add a way to lock down cgroup migration: a boolean, which when set for a unit makes sure the processes in it can never migrate out of it -* complain if a unit starts up and there are already processes in its cgroup - * blog about fd store and restartable services * document Environment=SYSTEMD_LOG_LEVEL=debug drop-in in debugging document @@ -51,8 +94,6 @@ Features: * rework ExecOutput and ExecInput enums so that EXEC_OUTPUT_NULL loses its magic meaning and is no longer upgraded to something else if set explicitly. -* add a way to remove fds from the fdstore by name, and make logind use it - * in the long run: permit a system with /etc/machine-id linked to /dev/null, to make it lose its identity, i.e. be anonymous. For this we'd have to patch through the whole tree to make all code deal with the case where no machine @@ -62,25 +103,27 @@ Features: suitable for processing with rrdtool. Add bus API to access this data, and possibly implement a CPULoad property based on it. -* In journalctl add a way how "-o verbose" and suchlike can be tweaked to show - only a specific set of properties - * beef up pam_systemd to take unit file settings such as cgroups properties as parameters -* export UID ranges nspawns's --private-user and DynamicUser= uses in - the systemd.pc pkg-config file, the same way we already expose the system - user boundary there - * a new "systemd-analyze security" tool outputting a checklist of security features a service does and does not implement -* Whenever we check a UID against the system UID range, also check for the - dynamic UID range - * maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage the quota of a the user indicated in User= via unit file settings, like the - other resource management concepts. Would mix nicely with DynamicUser=1 + other resource management concepts. Would mix nicely with DynamicUser=1. Or + alternatively, do this with projids, so that we can also cover services + running as root. Quota should probably cover all the special dirs such as + StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it + is set, plus the whole disk space any image configured with RootImage=. + +* Introduce "exit" as an EmergencyAction value, and allow to configure a + per-unit success/failure exit code to configure. This would be useful for + running commands inside of services inside of containers, which could then + propagate their failure state all the way up. + +* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant + disks to see if the UID is already in use. * add dissect_image_warn() as a wrapper around dissect_image() that prints friendly log messages for the returned errors, so that we don't have to @@ -99,18 +142,9 @@ Features: taken if multiple dirs are configured. Maybe avoid setting the env vars in that case? -* introduce SuccessAction= that permits shutting down the system when a service - succeeds. This is useful to replace "ExecPost=/usr/bin/systemctl poweroff" and - similar constructs, which are frequently used. This is particularly nice for - implementation of a systemd.run= kernel command line option that runs some - command and immediately shuts down. - * expose IO accounting data on the bus, show it in systemd-run --wait and log about it in the resource log message -* rework unbase64 code to drop whitespace automatically, so that we don't have - to drop it first. - * add "systemctl purge" for flushing out configuration, state, logs, ... of a unit when it is stopped @@ -128,10 +162,6 @@ Features: ReadWritePaths=:/var/lib/foobar -* sort generated hwdb files alphabetically when we import them, so that git - diffs remain minimal (in particular: the OUI databases we import are not - sorted, and not stable) - * maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for the sd-journal logging socket, and, if the timeout is set to 0, sets O_NONBLOCK on it. That way people can control if and when to block for @@ -166,9 +196,6 @@ Features: "systemd-gdb" for attaching to the start-up of any system service in its natural habitat. -* replace all canonicalize_file_name() invocations by chase_symlinks(), in - particulr those where a rootdir is relevant. - * maybe introduce gpt auto discovery for /var/tmp? * maybe add gpt-partition-based user management: each user gets his own @@ -191,17 +218,10 @@ Features: partition, that is mounted to / and is writable, and where the actual root's /usr is mounted into. -* machined: add apis to query /etc/machine-info data of a container - -* .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly - * gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plus maybe a configuration file * drop nss-myhostname in favour of nss-resolve? -* drop internal dlopen() based nss-dns fallback in nss-resolve, and rely on the - external nsswitch.conf based one - * add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and then use that for the setting used in user@.service. It should be understood relative to the configured default value. @@ -212,8 +232,6 @@ Features: * Permit masking specific netlink APIs with RestrictAddressFamily= -* nspawn: start UID allocation loop from hash of container name - * nspawn: support that /proc, /sys/, /dev are pre-mounted * define gpt header bits to select volatility mode @@ -251,8 +269,6 @@ Features: a user/group for a service only has to exist on the host for the right mapping to work. -* allow attaching additional journald log fields to cgroups - * add bus API for creating unit files in /etc, reusing the code for transient units * add bus API to remove unit files from /etc @@ -288,8 +304,6 @@ Features: the specified range and generates sane error messages for incorrect specifications. -* do something about "/control" subcgroups in the unified cgroup hierarchy - * when we detect that there are waiting jobs but no running jobs, do something * push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy) @@ -329,7 +343,7 @@ Features: * Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API * Port various tools to make use of verbs.[ch], where applicable: busctl, - coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl + coredumpctl, hostnamectl, localectl, timedatectl * hostnamectl: show root image uuid @@ -419,8 +433,6 @@ Features: * figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit -* mount_cgroup_controllers(): symlinks need to get the label applied - * For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services they run added to the initial transaction and thus confuse Type=idle. @@ -498,14 +510,12 @@ Features: - see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself - see if we can drop more message validation on the sending side - add API to clone sd_bus_message objects - - make AddMatch calls on dbus1 transports async? - longer term: priority inheritance - dbus spec updates: - NameLost/NameAcquired obsolete - GVariant - path escaping - update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now - - test bloom filter generation indexes * sd-event - allow multiple signal handlers per signal? @@ -555,8 +565,6 @@ Features: * shutdown logging: store to EFI var, and store to USB stick? -* think about window-manager-run-as-user-service problem: exit 0 → activate shutdown.target; exit != 0 → restart service - * merge unit_kill_common() and unit_kill_context() * introduce ExecCondition= in services @@ -642,7 +650,6 @@ Features: - journald: when we drop syslog messages because the syslog socket is full, make sure to write how many messages are lost as first thing to syslog when it works again. - - journald: make sure ratelimit is actually really per-service with the new cgroup changes - change systemd-journal-flush into a service that stays around during boot, and causes the journal to be moved back to /run on shutdown, so that we do not keep /var busy. This needs to happen synchronously, @@ -671,18 +678,21 @@ Features: - add journalctl -H that talks via ssh to a remote peer and passes through binary logs data - add a version of --merge which also merges /var/log/journal/remote - - log accumulated resource usage after each service invocation - journalctl: -m should access container journals directly by enumerating them via machined, and also watch containers coming and going. Benefit: nspawn --ephemeral would start working nicely with the journal. - assign MESSAGE_ID to log messages about failed services +* add a test if all entries in the catalog are properly formatted. + (Adding dashes in a catalog entry currently results in the catalog entry + being silently skipped. journalctl --update-catalog must warn about this, + and we should also have a unit test to check that all our message are OK.) + * document: - document that deps in [Unit] sections ignore Alias= fields in [Install] units of other units, unless those units are disabled - man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets - document that service reload may be implemented as service reexec - - document in wiki how to map ical recurrence events to systemd timer unit calendar specifications - add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr. - document systemd-journal-flush.service properly - documentation: recommend to connect the timer units of a service to the service via Also= in [Install] @@ -700,7 +710,6 @@ Features: - add new command to systemctl: "systemctl system-reexec" which reexecs as many daemons as virtually possible - systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards? - systemctl: "Journal has been rotated since unit was started." message is misleading - - better error message if you run systemctl without systemd running - systemctl status output should include list of triggering units and their status * unit install: @@ -740,11 +749,8 @@ Features: https://github.com/systemd/systemd/pull/272#issuecomment-113153176 - should optionally support receiving WATCHDOG=1 messages from its payload PID 1... - - should send out sd_notify("WATCHDOG=1") messages - optionally automatically add FORWARD rules to iptables whenever nspawn is running, remove them when shut down. - - Improve error message when --bind= is used on a non-existing source - directory - maybe make copying of /etc/resolv.conf optional, and skip it if --read-only is used @@ -831,7 +837,6 @@ Features: * write blog stories about: - hwdb: what belongs into it, lsusb - enabling dbus services - - status update - how to make changes to sysctl and sysfs attributes - remote access - how to pass throw-away units to systemd, or dynamically change properties of existing units @@ -986,8 +991,6 @@ Regularly: * check for strerror(r) instead of strerror(-r) -* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel - * pahole * set_put(), hashmap_put() return values check. i.e. == 0 does not free()!