X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=8926c9f5eabb167571fd5f7360766ac75005fe8b;hb=f4474e004dab7e12cd28e03f1fef8a5f00b80600;hp=e499456e5917427126641708cf54cbf48a34d894;hpb=1c3232e4a4e8c0619f9a27c3d8b3bf103a5d1339;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index e499456e591..8926c9f5eab 100644 --- a/TODO +++ b/TODO @@ -4,9 +4,6 @@ Bugfixes: manager or system manager can be always set. It would be better to reject them when parsing config. -* busctl prints errors to stdout: - busctl tree org.freedesktop.systemd1 /org/freedesktop/systemd1 - External: * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros. @@ -22,6 +19,28 @@ Janitorial Clean-ups: Features: +* add --copy-from and --copy-to command to systemd-dissect which copies stuff + in and out of a disk image + +* add systemd.random_seed= on the kernel cmdline, taking some hex or base64 + encoded data. During earliest boot, credit it to entropy. This is not useful + for general purpose systems, but certainly for testing environments in VMs + and such, as it allows us to boot up instantly with fully initialized entropy + pool even if RNG pass-thru is not available. + +* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/ + +* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it + +* build short web pages out of each catalog entry, build them along with man + pages, and include hyperlinks to them in the journal output + +* machined: add API to acquire UID range. add API to mount/dissect loopback + file. Both protected by PK. Then make nspawn use these APIs to run + unprivileged containers. i.e. push the truly privileged bits into machined, + so that the client side can remain entirely unprivileged, with SUID or + anything like that. + * add "throttling" to sd-event event sources: optionally, when we wake up too often for one, let's turn it off entirely for a while. Use that for the /proc/self/mountinfo logic. @@ -31,6 +50,11 @@ Features: * nspawn: support time namespaces +* add ConditionSecurity=tpm2 + +* Remove any support for booting without /usr pre-mounted in the initrd entirely. + Update INITRD_INTERFACE.md accordingly. + * pid1: Move to tracking of main pid/control pid of units per pidfd * pid1: support new clone3() fork-into-cgroup feature @@ -38,6 +62,34 @@ Features: * pid1: also remove PID files of a service when the service starts, not just when it exits +* make us use dynamically fewer deps for containers in general purpose distros: + o turn into dlopen() deps: + - pcre2 (always) — irrelevant on Fedora, since dep by + libselinux, but should benefit Debian + - libpwquality (always) - only relevant for homed, and maybe soon + firstboot + - elfutils (always) + - p11-kit-trust (always) + - kmod-libs (only when called from PID 1) + - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup) + - similar: libblkid + - libpam (only when called from PID 1) + - bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are, + since they are so basic and our defaults) + o move into separate libsystemd-shared-iptables.so .so + - iptables-libs (only used by nspawn + networkd) + +* seccomp: when SystemCallArchitectures=native is set then don't install any + other seccomp filters for any of the other archs, in order to reduce the + number of seccomp filters we install needlessly. + +* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can. + Apparently kernel performance is much better with fewer larger seccomp + filters than with more smaller seccomp filters. + +* systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum, + mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such + * make "systemd-dissect" an official supported tool, i.e. move to /usr/bin/ and provide man page. Given that we now have a tool that can generate images like this, it's useful to have one that can dump contents of them, too. @@ -46,6 +98,13 @@ Features: operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles, sysusers, systemctl, repart, journalctl, coredumpctl. +* seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out + +* seccomp: don't install filters for ABIs that are masked anyway for the + specific service + +* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging. + * per-service credential system. Specifically: add LoadCredential= (for loading cred from file), AcquireCredential= (for asking user for cred, via ask-password), PassCredential= (for passing on credential systemd itself @@ -75,7 +134,7 @@ Features: * homed: as an extension to the directory+subvolume backend: if located on especially marked fs, then sync down password into LUKS header of that fs, and always verify passwords against it too. Bootstrapping is a problem - though: if noone is logged in (or no other user even exists yet), how do you + though: if no one is logged in (or no other user even exists yet), how do you unlock the volume in order to create the first user and add the first pw. * homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt @@ -120,7 +179,8 @@ Features: * socket units: allow creating a udev monitor socket with ListenDevices= or so, with matches, then activate app through that passing socket over -* unify on openssl: +* unify on openssl (as soon as OpenSSL 3.0 is out, and the Debian license + confusion is gone) - port sd_id128_get_machine_app_specific() over from khash - port resolved over from libgcrypt (DNSSEC code) - port journald + fsprg over from libgcrypt @@ -246,8 +306,6 @@ Features: * systemd-firstboot: teach it dissector magic, so that you can point it to some disk image and it will just set everything in it all behind the scenes. -* systemd-firstboot: add --force mode that replaces existing configuration. - * We should probably replace /var/log/README, /etc/rc.d/README with symlinks that are linked to these places instead of copied. After all they are constant vendor data. @@ -1221,6 +1279,8 @@ Features: - duplicate address check for static IPs (like ARPCHECK in network-scripts) - whenever uplink info changes, make DHCP server send out FORCERENEW +* Figure out how to do unittests of networkd's state serialization + * dhcp: - figure out how much we can increase Maximum Message Size