X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=88b42ba0ae107532b178423e4fdfbe987034624c;hb=965d824031bafe019409b881e3a30c43e221a1c9;hp=d83627974ed509a87aa79904fb74a1fa68c981bc;hpb=5dca7739e862eae50a162b0cc7f8613f7fd33c81;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index d83627974ed..88b42ba0ae1 100644 --- a/TODO +++ b/TODO @@ -24,11 +24,27 @@ Janitorial Clean-ups: Features: +* expose IO accounting data on the bus, show it in systemd-run --wait and log + about it in the resource log message + +* add "systemctl purge" for flushing out configuration, state, logs, ... of a + unit when it is stopped + +* show whether a service has out-of-date configuration in "systemctl status" by + using mtime data of ConfigurationDirectory=. + +* Properly chmod() RuntimeDirectory=, StateDirectory=, LogsDirectory= and + CacheDirectory= when we start up and the directory isn't properly owned. In + particular to make DynamicUser= work + +* replace all uses of fgets() + LINE_MAX by read_line() + +* set IPAddressDeny=any on all services that shouldn't do networking (possibly + combined with IPAddressAllow=localhost). + * dissect: when we discover squashfs, don't claim we had a "writable" partition in systemd-dissect -* set LockPersonality= on all our services - * Add AddUser= setting to unit files, similar to DynamicUser=1 which however creates a static, persistent user rather than a dynamic, transient user. We can leverage code from sysusers.d for this. @@ -42,8 +58,6 @@ Features: diffs remain minimal (in particular: the OUI databases we import are not sorted, and not stable) -* set SystemCallArchitectures=native on all our services - * maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for the sd-journal logging socket, and, if the timeout is set to 0, sets O_NONBLOCK on it. That way people can control if and when to block for @@ -52,13 +66,6 @@ Features: * tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e. PIDs not managed by the service manager) -* journald: when we recv a log datagram via the native or syslog transports, - search for the PID in the active stream connections, and let's make sure to - always process the datagrams before the streams. Then, cache client metadata - per stream in the stream object. This way we can somewhat fix the race with - quickly exiting processes which log as long as they had their own stream - connection... - * hostnamed: populate form factor data from a new hwdb database, so that old yogas can be recognized as "convertible" too, even if they predate the DMI "convertible" form factor @@ -99,8 +106,6 @@ Features: * maybe introduce gpt auto discovery for /var/tmp? -* set ProtectSystem=strict for all our usual services. - * fix PrivateNetwork= so that we fall back gracefully on kernels lacking namespacing support (similar for the other namespacing options) @@ -145,8 +150,6 @@ Features: * enable LockMLOCK to take a percentage value relative to physical memory -* switch to ProtectSystem=strict for all our long-running services where that's possible - * Permit masking specific netlink APIs with RestrictAddressFamily= * nspawn: start UID allocation loop from hash of container name @@ -471,8 +474,6 @@ Features: * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases... -* cgtop: make cgtop useful in a container - * test/: - add 'set -e' to scripts in test/ - make stuff in test/ work with separate output dir @@ -722,8 +723,6 @@ Features: * cryptsetup: - cryptsetup-generator: allow specification of passwords in crypttab itself - - move cryptsetup key caching into kernel keyctl? - https://bugs.freedesktop.org/show_bug.cgi?id=54982 - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator * hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it @@ -743,8 +742,6 @@ Features: - add trigger --subsystem-match=usb/usb_device device - reimport udev db after MOVE events for devices without dev_t -* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting - * There's currently no way to cancel fsck (used to be possible via C-c or c on the console) * add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/ @@ -803,10 +800,7 @@ Features: * dot output for --test showing the 'initial transaction' -* fingerprint.target, wireless.target, gps.target, netdevice.target - * pid1: - - .timer units should optionally support CLOCK_BOOTTIME in addition to CLOCK_MONOTONIC - When logging about multiple units (stopping BoundTo units, conflicts, etc.), log both units as UNIT=, so that journalctl -u triggers on both. - generate better errors when people try to set transient properties @@ -842,12 +836,9 @@ Features: - load-fragment: when loading a unit file via a chain of symlinks verify that it is not masked via any of the names traversed. - introduce Type=pid-file - - ExecOnFailure=/usr/bin/foo - introduce mix of BindTo and Requisite - add a concept of RemainAfterExit= to scope units - - Set NoNewPrivileges= on all of our own services, where that makes sense - Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely - - consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= * udev-link-config: - Make sure ID_PATH is always exported and complete for @@ -889,7 +880,6 @@ Features: * dhcp: - figure out how much we can increase Maximum Message Size - - support RFC4702 (pass FQDN) * dhcp6: - add functions to set previously stored IPv6 addresses on startup and get @@ -921,8 +911,6 @@ External: * drop accountsservice's StandardOutput=syslog and Type=dbus fields -* dbus: in fedora, make /var/lib/dbus/machine-id a symlink to /etc/machine-id - * /usr/bin/service should actually show the new command line * fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=