X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=8926c9f5eabb167571fd5f7360766ac75005fe8b;hb=f4474e004dab7e12cd28e03f1fef8a5f00b80600;hp=acb695bfe7a2e0fe24b06dfe5d394dd8abd7aa4a;hpb=2d5996c17561fb4656aaf9c4ad364ee6d39dd645;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index acb695bfe7a..8926c9f5eab 100644 --- a/TODO +++ b/TODO @@ -4,9 +4,6 @@ Bugfixes: manager or system manager can be always set. It would be better to reject them when parsing config. -* busctl prints errors to stdout: - busctl tree org.freedesktop.systemd1 /org/freedesktop/systemd1 - External: * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros. @@ -22,16 +19,92 @@ Janitorial Clean-ups: Features: +* add --copy-from and --copy-to command to systemd-dissect which copies stuff + in and out of a disk image + +* add systemd.random_seed= on the kernel cmdline, taking some hex or base64 + encoded data. During earliest boot, credit it to entropy. This is not useful + for general purpose systems, but certainly for testing environments in VMs + and such, as it allows us to boot up instantly with fully initialized entropy + pool even if RNG pass-thru is not available. + +* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/ + +* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it + +* build short web pages out of each catalog entry, build them along with man + pages, and include hyperlinks to them in the journal output + +* machined: add API to acquire UID range. add API to mount/dissect loopback + file. Both protected by PK. Then make nspawn use these APIs to run + unprivileged containers. i.e. push the truly privileged bits into machined, + so that the client side can remain entirely unprivileged, with SUID or + anything like that. + +* add "throttling" to sd-event event sources: optionally, when we wake up too + often for one, let's turn it off entirely for a while. Use that for the + /proc/self/mountinfo logic. + +* move our systemd-user PAM snippet to /usr/, which PAM appears to support + these days + * nspawn: support time namespaces +* add ConditionSecurity=tpm2 + +* Remove any support for booting without /usr pre-mounted in the initrd entirely. + Update INITRD_INTERFACE.md accordingly. + * pid1: Move to tracking of main pid/control pid of units per pidfd * pid1: support new clone3() fork-into-cgroup feature +* pid1: also remove PID files of a service when the service starts, not just + when it exits + +* make us use dynamically fewer deps for containers in general purpose distros: + o turn into dlopen() deps: + - pcre2 (always) — irrelevant on Fedora, since dep by + libselinux, but should benefit Debian + - libpwquality (always) - only relevant for homed, and maybe soon + firstboot + - elfutils (always) + - p11-kit-trust (always) + - kmod-libs (only when called from PID 1) + - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup) + - similar: libblkid + - libpam (only when called from PID 1) + - bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are, + since they are so basic and our defaults) + o move into separate libsystemd-shared-iptables.so .so + - iptables-libs (only used by nspawn + networkd) + +* seccomp: when SystemCallArchitectures=native is set then don't install any + other seccomp filters for any of the other archs, in order to reduce the + number of seccomp filters we install needlessly. + +* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can. + Apparently kernel performance is much better with fewer larger seccomp + filters than with more smaller seccomp filters. + +* systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum, + mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such + +* make "systemd-dissect" an official supported tool, i.e. move to /usr/bin/ and + provide man page. Given that we now have a tool that can generate images like + this, it's useful to have one that can dump contents of them, too. + * All tools that support --root= should also learn --image= so that they can operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles, sysusers, systemctl, repart, journalctl, coredumpctl. +* seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out + +* seccomp: don't install filters for ABIs that are masked anyway for the + specific service + +* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging. + * per-service credential system. Specifically: add LoadCredential= (for loading cred from file), AcquireCredential= (for asking user for cred, via ask-password), PassCredential= (for passing on credential systemd itself @@ -58,12 +131,10 @@ Features: * homed: add a way to "adopt" a home directory, i.e. strip foreign signatures and insert a local signature instead. -* Maybe expose path_is_encrypted() as a new ConditionPathIsEncrypted=? - * homed: as an extension to the directory+subvolume backend: if located on especially marked fs, then sync down password into LUKS header of that fs, and always verify passwords against it too. Bootstrapping is a problem - though: if noone is logged in (or no other user even exists yet), how do you + though: if no one is logged in (or no other user even exists yet), how do you unlock the volume in order to create the first user and add the first pw. * homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt @@ -108,7 +179,8 @@ Features: * socket units: allow creating a udev monitor socket with ListenDevices= or so, with matches, then activate app through that passing socket over -* unify on openssl: +* unify on openssl (as soon as OpenSSL 3.0 is out, and the Debian license + confusion is gone) - port sd_id128_get_machine_app_specific() over from khash - port resolved over from libgcrypt (DNSSEC code) - port journald + fsprg over from libgcrypt @@ -168,9 +240,6 @@ Features: * systemd-repart: allow config of partition uuid -* systemd-repart: add --make= switch for fallocating a new file of the - specified size first. - * userdb: allow username prefix searches in varlink API, allow realname and realname substr searches in varlink API @@ -237,14 +306,11 @@ Features: * systemd-firstboot: teach it dissector magic, so that you can point it to some disk image and it will just set everything in it all behind the scenes. -* systemd-firstboot: add --force mode that replaces existing configuration. - * We should probably replace /var/log/README, /etc/rc.d/README with symlinks that are linked to these places instead of copied. After all they are constant vendor data. -* maybe add kernel cmdline params: 1) to force first-boot mode + 2) to force - random seed crediting +* maybe add kernel cmdline params: to force random seed crediting * nspawn: on cgroupsv1 issue cgroup empty handler process based on host events, so that we make cgroup agent logic safe @@ -506,9 +572,6 @@ Features: * support projid-based quota in machinectl for containers -* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks - introduced) as the RTC epoch, instead of the mtime of NEWS. - * add a way to lock down cgroup migration: a boolean, which when set for a unit makes sure the processes in it can never migrate out of it @@ -1198,17 +1261,14 @@ Features: * networkd: - add more keys to [Route] and [Address] sections - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config) - - add proper initrd support (in particular generate .network/.link files based on /proc/cmdline) - add reduced [Link] support to .network files - - add Scope= parsing option for [Network] - properly handle routerless dhcp leases - work with non-Ethernet devices - - add support for more bond options - dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from? - the DHCP lease data (such as NTP/DNS) is still made available when a carrier is lost on a link. It should be removed instantly. - expose in the API the following bits: - - option 15, domain name and/or option 119, search list + - option 15, domain name - option 12, hostname and/or option 81, fqdn - option 123, 144, geolocation - option 252, configure http proxy (PAC/wpad) @@ -1217,11 +1277,9 @@ Features: - allow Name= to be specified repeatedly in the [Match] section. Maybe also support Name=foo*|bar*|baz ? - duplicate address check for static IPs (like ARPCHECK in network-scripts) - - allow DUID/IAID to be customized, see issue #394. - whenever uplink info changes, make DHCP server send out FORCERENEW -* networkd-wait-online: - - make operstates to wait for configurable? +* Figure out how to do unittests of networkd's state serialization * dhcp: - figure out how much we can increase Maximum Message Size @@ -1246,20 +1304,14 @@ External: - natively watch for dbus-*.service symlinks (PENDING) - teach dbus to activate all services it finds in /etc/systemd/services/org-*.service -* fix alsa mixer restore to not print error when no config is stored - * make cryptsetup lower --iter-time -* patch kernel for xattr support in /dev, /proc/, /sys? - * kernel: add device_type = "fb", "fbcon" to class "graphics" * /usr/bin/service should actually show the new command line * fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus= -* fedora: F20: go timer units all the way, leave cron.daily for cron - * neither pkexec nor sudo initialize environ[] from the PAM environment? * fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it