X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=TODO;h=ecd36c1142db57a7852090ae480c756b8ff5f5a7;hb=a1fb61b0e826181b1bea514f8a7358081578133d;hp=9547b6e6e36ae7640d188ffcc070f74721e6f8dd;hpb=e01ff70a77e781734e1e73a2238af2e9bf7967a8;p=thirdparty%2Fsystemd.git diff --git a/TODO b/TODO index 9547b6e6e36..ecd36c1142d 100644 --- a/TODO +++ b/TODO @@ -33,16 +33,45 @@ Janitorial Clean-ups: Features: -* when using UTF8, ellipsize with "…" rather than "...", so that we can show more contents before truncating +* use phyical_memory() to allow MemoryLimit= configuration based on available system memory + +* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files + +* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc + +* ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave) + +* ProtectDevices= should also take iopl/ioperm/pciaccess away + +* ProtectKeyRing= to take keyring calls away + +* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) + +* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things + +* journalctl: make sure -f ends when the container indicated by -M terminates + +* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the + kernel doesn't support linkat() that replaces existing files, currently) + +* check if DeviceAllow= should split first, resolve specifiers later -* machinectl remove --hidden + machinectl remove --all +* transient units: don't bother with actually setting unit properties, we + reload the unit file anyway + +* make sure resolved can be restarted without losing pushed-in dns config + +* journald: sigbus API via a signal-handler safe function that people may call + from the SIGBUS handler + +* when using UTF8, ellipsize with "…" rather than "...", so that we can show more contents before truncating * move specifier expansion from service_spawn() into load-fragment.c * optionally, also require WATCHDOG=1 notifications during service start-up and shutdown * resolved: maybe, after all, implement local listening for DNS packets on port - 53. + 127.0.0.53:53. * delay activation of logind until somebody logs in, or when /dev/tty0 pulls it in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle @@ -56,11 +85,9 @@ Features: * PID1: find a way how we can reload unit file configuration for specific units only, without reloading the whole of systemd -* add an explicit parser for LimitNICE= and LimitRTPRIO= that verifies +* add an explicit parser for LimitRTPRIO= that verifies the specified range and generates sane error messages for incorrect - specifications. Also, for LimitNICE= maybe introduce a syntax such - as "+5" or "-7" in order to make the limits more readable as they - are otherwise shifted by 20. + specifications. * do something about "/control" subcgroups in the unified cgroup hierarchy @@ -68,12 +95,6 @@ Features: * push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy) -* add a new command "systemctl revert" or so, that removes all dropin - snippets in /run and /etc, and all unit files with counterparts in - /usr, and thus undoes what "systemctl set-property" and "systemctl - edit" create. Maybe even add "systemctl revert -a" to do this for - all units. - * PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when run via nspawn) * consider throwing a warning if a service declares it wants to be "Before=" a .device unit. @@ -87,9 +108,6 @@ Features: * install: include generator dirs in unit file search paths -* rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring - to unicode chars, to make things more expressive. - * fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline * docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date @@ -119,7 +137,8 @@ Features: * implement a per-service firewall based on net_cls -* Port various tools to make use of verbs.[ch], where applicable +* Port various tools to make use of verbs.[ch], where applicable: busctl, + bootctl, coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl * hostnamectl: show root image uuid @@ -139,8 +158,6 @@ Features: * as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads: http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html -* the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat! - * in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column * figure out when we can use the coarse timers @@ -152,8 +169,6 @@ Features: * firstboot: make it useful to be run immediately after yum --installroot to set up a machine. (most specifically, make --copy-root-password work even if /etc/passwd already exists -* add infrastructure to allocate dynamic/transient users and UID ranges, for use in user-namespaced containers, per-seat gdm login screens and gdm guest sessions - * maybe add support for specifier expansion in user.conf, specifically DefaultEnvironment= * introduce systemd-timesync-wait.service or so to sync on an NTP fix? @@ -240,7 +255,7 @@ Features: CAP_NET_ADMIN is set, more than the loopback device is defined, even when it is otherwise off -* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size(). +* MessageQueueMessageSize= (and suchlike) should use parse_iec_size(). * "busctl status" works only as root on dbus1, since we cannot read /proc/$PID/exe @@ -255,7 +270,7 @@ Features: and passes this back to PID1 via SCM_RIGHTS. This also could be used to allow Chown/chgrp on sockets without requiring NSS in PID 1. -* New service property: maximum CPU and wallclock runtime for a service +* New service property: maximum CPU runtime for a service * introduce bus call FreezeUnit(s, b), as well as "systemctl freeze $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls @@ -285,8 +300,6 @@ Features: * be more careful what we export on the bus as (usec_t) 0 and (usec_t) -1 -* unify dispatch table in systemctl_main() and friends - * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it * After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs @@ -377,7 +390,7 @@ Features: * systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep() -* remove any syslog support from log.c -- we probably cannot do this before split-off udev is gone for good +* remove any syslog support from log.c — we probably cannot do this before split-off udev is gone for good * shutdown logging: store to EFI var, and store to USB stick? @@ -497,8 +510,6 @@ Features: written to as FAIL, but instead show that their are being written to. - add journalctl -H that talks via ssh to a remote peer and passes through binary logs data - - change journalctl -M to acquire fd to journal directory via machined, and - then operate on that via openat() instead of absolute paths - add a version of --merge which also merges /var/log/journal/remote - log accumulated resource usage after each service invocation - journalctl: -m should access container journals directly by enumerating @@ -537,7 +548,6 @@ Features: * unit install: - "systemctl mask" should find all names by which a unit is accessible (i.e. by scanning for symlinks to it) and link them all to /dev/null - - systemctl list-unit-files should list generated files (and probably with a new state "generated" for them, or so) * timer units: - timer units should get the ability to trigger when: @@ -584,8 +594,6 @@ Features: - should send out sd_notify("WATCHDOG=1") messages - optionally automatically add FORWARD rules to iptables whenever nspawn is running, remove them when shut down. - - add a logic for cleaning up read-only, hidden container images in - /var/lib/machines that are not ancestors of any non-hidden containers - Improve error message when --bind= is used on a non-existing source directory - maybe make copying of /etc/resolv.conf optional, and skip it if --read-only @@ -629,8 +637,6 @@ Features: * initialize the hostname from the fs label of /, if /etc/hostname does not exist? -* rename "userspace" to "core-os" - * udev: - move to LGPL - kill scsi_id @@ -745,11 +751,6 @@ Features: - Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely - consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= -* systemd-python: - - figure out a simple way to wait for journal events in a way that - works with ^C - - add documentation to systemd.daemon - * udev-link-config: - Make sure ID_PATH is always exported and complete for network devices where possible, so we can safely rely