- how to make changes to sysctl and sysfs attributes
- remote access
- how to pass throw-away units to systemd, or dynamically change properties of existing units
- - testing with Harald's awesome test kit
- auto-restart
- how to develop against journal browsing APIs
- the journal HTTP iface
Features:
+* define a generic "report" varlink interface, which services can implement to
+ provide health/statistics data about themselves. then define a dir somewhere
+ in /run/ where components can bind such sockets. Then make journald, logind,
+ and pid1 itself implement this and expose various stats on things there. Then
+ issue parallel calls to these interfaces from the systemd-report tool,
+ combine into one json document, and include measurment logs and tpm
+ quote. tpm quote should proctect the json doc via the nonce field
+ studd. Allow shipping this off elsewhere for analyze.
+
+* sd-varlink: maybe add flag(s) to mark methods accepti/require "more" calls in
+ introspection structures already now, even if IDL doesn't know a construct to
+ advertise this. But do enforce it when validating incoming method calls, so
+ that we definitely have the data around and valid. For now, generate an IDL
+ comment based on this info.
+
+* The bind(AF_UNSPEC) construct (for resetting sockets to their initial state)
+ should be blocked in many cases because it punches holes in many sandboxes.
+
* find a nice way to opt-in into auto-masking SIGCHLD on first
sd_event_add_child(), and then get rid of many more explicit sigprocmask()
calls.
* measure some string via pcrphase whenever we end up booting into emergency
mode.
+* similar, measure some string via pcrphase whenver we resume from hibernate
+
* homed: add a basic form of secrets management to homed, that stores
secrets in $HOME somewhere, is protected by the accounts own authentication
mechanisms. Should implement something PKCS#11-like that can be used to
projects / thirdparty / systemd.git / commitdiff
