X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=88b42ba0ae107532b178423e4fdfbe987034624c;hb=965d824031bafe019409b881e3a30c43e221a1c9;hp=89e08749035efa5bb066b74bdfec4661a52bbbdb;hpb=ce5cbd8679605f3c9220d09c3a184e77bde15e2e;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index 89e08749035..88b42ba0ae1 100644 --- a/TODO +++ b/TODO @@ -24,16 +24,90 @@ Janitorial Clean-ups: Features: +* expose IO accounting data on the bus, show it in systemd-run --wait and log + about it in the resource log message + +* add "systemctl purge" for flushing out configuration, state, logs, ... of a + unit when it is stopped + +* show whether a service has out-of-date configuration in "systemctl status" by + using mtime data of ConfigurationDirectory=. + +* Properly chmod() RuntimeDirectory=, StateDirectory=, LogsDirectory= and + CacheDirectory= when we start up and the directory isn't properly owned. In + particular to make DynamicUser= work + +* replace all uses of fgets() + LINE_MAX by read_line() + +* set IPAddressDeny=any on all services that shouldn't do networking (possibly + combined with IPAddressAllow=localhost). + +* dissect: when we discover squashfs, don't claim we had a "writable" partition + in systemd-dissect + +* Add AddUser= setting to unit files, similar to DynamicUser=1 which however + creates a static, persistent user rather than a dynamic, transient user. We + can leverage code from sysusers.d for this. + +* add some optional flag to ReadWritePaths= and friends, that has the effect + that we create the dir in question when the service is started. Example: + + ReadWritePaths=:/var/lib/foobar + +* sort generated hwdb files alphabetically when we import them, so that git + diffs remain minimal (in particular: the OUI databases we import are not + sorted, and not stable) + +* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for + the sd-journal logging socket, and, if the timeout is set to 0, sets + O_NONBLOCK on it. That way people can control if and when to block for + logging. + +* tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e. + PIDs not managed by the service manager) + +* hostnamed: populate form factor data from a new hwdb database, so that old + yogas can be recognized as "convertible" too, even if they predate the DMI + "convertible" form factor + +* Maybe add a small tool invoked early at boot, that adds in or resizes + partitions automatically, to be used when the media used is actually larger + than the image written onto it is. + +* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing + after all. Be strict however, only support the equivalent of nspawn's + --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such + as MAINPID. + +* change the dependency Set* objects in Unit structures to become Hashmap*, and + then store a bit mask who created a specific dependency: the source unit via + fragment configuration, the destination unit via fragment configuration, or + the source unit via udev rules (in case of .device units), or any combination + thereof. This information can then be used to flush out old udev-created + dependencies when the udev properties change, and eventually to implement a + "systemctl refresh" operation for reloading the configuration of individual + units without reloading the whole set. + * Add ExecMonitor= setting. May be used multiple times. Forks off a process in the service cgroup, which is supposed to monitor the service, and when it exits the service is considered failed by its monitor. +* track the per-service PAM process properly (i.e. as an additional control + process), so that it may be queried on the bus and everything. + +* add a new "debug" job mode, that is propagated to unit_start() and for + services results in two things: we raise SIGSTOP right before invoking + execve() and turn off watchdog support. Then, use that to implement + "systemd-gdb" for attaching to the start-up of any system service in its + natural habitat. + * replace all canonicalize_file_name() invocations by chase_symlinks(), in particulr those where a rootdir is relevant. * maybe introduce gpt auto discovery for /var/tmp? -* set ProtectSystem=strict for all our usual services. +* fix PrivateNetwork= so that we fall back gracefully on kernels lacking + namespacing support (similar for the other namespacing options) * maybe add gpt-partition-based user management: each user gets his own LUKS-encrypted GPT partition with a new GPT type. A small nss module @@ -55,8 +129,6 @@ Features: partition, that is mounted to / and is writable, and where the actual root's /usr is mounted into. -* add dm-verity boots, and in nspawn (libcryptsetup knows this, should be relatively straight-forward) - * machined: add apis to query /etc/machine-info data of a container * .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly @@ -78,10 +150,6 @@ Features: * enable LockMLOCK to take a percentage value relative to physical memory -* switch to ProtectSystem=strict for all our long-running services where that's possible - -* If RootDirectory= is used, mount /proc, /sys, /dev into it, if not mounted yet - * Permit masking specific netlink APIs with RestrictAddressFamily= * nspawn: start UID allocation loop from hash of container name @@ -111,8 +179,6 @@ Features: * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. -* Add RootImage= for mounting a disk image or file as root directory - * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates @@ -295,7 +361,6 @@ Features: * support empty /etc boots nicely: - nspawn/gpt-generator: introduce new gpt partition type for /usr - - fstab-generator: support systemd.volatile=yes|no|state on the kernel cmdline, too, similar to nspawn's --volatile= * generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them. @@ -311,7 +376,6 @@ Features: * add bus api to query unit file's X fields. * gpt-auto-generator: - - Support LUKS for root devices - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap? - Make /home automount rather than mount? @@ -379,25 +443,18 @@ Features: * sd-bus: - EBADSLT handling - GetAllProperties() on a non-existing object does not result in a failure currently - - kdbus: process fd=-1 for incoming msgs - port to sd-resolve for connecting to TCP dbus servers - - kdbus: maybe add controlling tty metadata fields - see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself - - when kdbus does not take our message without memfds, try again with memfds - see if we can drop more message validation on the sending side - add API to clone sd_bus_message objects - make AddMatch calls on dbus1 transports async? - - kdbus: matches against source or destination pids for an "strace -p"-like feel. Problem: The PID info needs to be available in userspace too... - longer term: priority inheritance - dbus spec updates: - - kdbus mapping - NameLost/NameAcquired obsolete - GVariant - path escaping - update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now - test bloom filter generation indexes - - kdbus: introduce a concept of "send-only" connections - - kdbus: add counter for refused unicast messages that is passed out via the RECV ioctl. SImilar to the counter for dropped multicast messages we already have. * sd-event - allow multiple signal handlers per signal? @@ -417,8 +474,6 @@ Features: * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases... -* cgtop: make cgtop useful in a container - * test/: - add 'set -e' to scripts in test/ - make stuff in test/ work with separate output dir @@ -668,8 +723,6 @@ Features: * cryptsetup: - cryptsetup-generator: allow specification of passwords in crypttab itself - - move cryptsetup key caching into kernel keyctl? - https://bugs.freedesktop.org/show_bug.cgi?id=54982 - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator * hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it @@ -689,8 +742,6 @@ Features: - add trigger --subsystem-match=usb/usb_device device - reimport udev db after MOVE events for devices without dev_t -* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting - * There's currently no way to cancel fsck (used to be possible via C-c or c on the console) * add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/ @@ -749,10 +800,7 @@ Features: * dot output for --test showing the 'initial transaction' -* fingerprint.target, wireless.target, gps.target, netdevice.target - * pid1: - - .timer units should optionally support CLOCK_BOOTTIME in addition to CLOCK_MONOTONIC - When logging about multiple units (stopping BoundTo units, conflicts, etc.), log both units as UNIT=, so that journalctl -u triggers on both. - generate better errors when people try to set transient properties @@ -788,12 +836,9 @@ Features: - load-fragment: when loading a unit file via a chain of symlinks verify that it is not masked via any of the names traversed. - introduce Type=pid-file - - ExecOnFailure=/usr/bin/foo - introduce mix of BindTo and Requisite - add a concept of RemainAfterExit= to scope units - - Set NoNewPrivileges= on all of our own services, where that makes sense - Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely - - consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= * udev-link-config: - Make sure ID_PATH is always exported and complete for @@ -835,7 +880,6 @@ Features: * dhcp: - figure out how much we can increase Maximum Message Size - - support RFC4702 (pass FQDN) * dhcp6: - add functions to set previously stored IPv6 addresses on startup and get @@ -867,8 +911,6 @@ External: * drop accountsservice's StandardOutput=syslog and Type=dbus fields -* dbus: in fedora, make /var/lib/dbus/machine-id a symlink to /etc/machine-id - * /usr/bin/service should actually show the new command line * fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=