[thirdparty/systemd.git] / TODO

Bugfixes:
* there is nothing to warn about here :)
  $ systemctl stop systemd-udevd.service systemd-udevd-kernel.socket systemd-udevd-control.socket
  Warning: Stopping systemd-udevd.service, but it can still be activated by:
  systemd-udevd-control.socket
  systemd-udevd-kernel.socket

* check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar

* swap units that are activated by one name but shown in the kernel under another are semi-broken

* make anaconda write timeout=0 for encrypted devices

* Dangling symlinks of .automount unit files in .wants/ directories, set up
  automount points even when the original .automount file did not exist
  anymore. Only the .mount unit was still around.

* make polkit checks async

* properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point.

* we pull src/core/manager.h into src/shared/src/shared/path-lookup.c which is the wrong direction
   rename enum "ManagerRunningAs" to "SystemdRunningAs" and move it to shared/

F18:

* https://bugzilla.gnome.org/show_bug.cgi?id=680689

* Retest multi-seat

* selinux: merge systemd selinux access controls (dwalsh)

Features:

* instantiated target units

* support *static* (/run) hibernate inhibitors. All rpm -i actions should completely prevent any
  sort of hibernate action until the next reboot. If the kernel or any other base tool is replaced
  by rpm, the resume path might fail, the for resume needed kernel might even be uninstalled, and
  the whole situation leads directly to data loss.

* move debug shell to tty6 and make sure this doesn't break the gettys on tty6

* move cryptsetup key caching into kernel keyctl?

* make nspawn work without terminal

* hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it

* after deserializing sockets in socket.c we should reapply sockopts and things

* does vasprintf advance the struct vaargs? http://pastie.org/pastes/4712773/text

* do shutdown audit/utmp msgs inside of PID 1, get rid of systemd-update-utmp-runlevel

* make timer units go away after they elapsed

* http://lists.freedesktop.org/archives/systemd-devel/2012-September/006502.html

* don't use writev() in tmpfiles for sake of compat with sysfs?

* come up with a nice way to write queue/read_ahead_kb for a block device without interfering with readahead

* journald: add kernel cmdline option to disable ratelimiting for debug purposes

* Add a way to reference the machine/boot ID from ExecStart= and similar command lines

* move PID 1 segfaults to /var/lib/systemd/coredump?

* Document word splitting syntax for ExecStart= and friends

* when writing journal entries order field items by their address to improve speed on rotating media

* create /sbin/init symlinks from the build system

* Query Paul Moore about relabelling socket fds while they are open

* move keymaps to /usr/lib/... rather than /usr/lib/udev/...

* journald: check whether it is OK if the client can still modify delivered journal entries

* json: use jensson

* json: properly serialize multiple fields with the same name per entry

* journal live copy, based on libneon (client) and libmicrohttpd

* document in wiki json serialization

* system-wide seccomp filter

* securityfs: don't mount in container

* slave/shared remount root fs in container might clash with CAP_SYS_MOUNTS

* ability to pass fds into systemd

* system.conf should have controls for cgroups

* bind mount read-only the cgroup tree higher than than nspawn

* currently system services appear not to generate core dumps...

* wall messages for shutdown should move to logind

* allow writing multiple conditions in unit files on one line

* cleanup ellipsation for log output in journalctl and systemctl status: have a sane way to disable ellipsation, and disable it by default when invoked in less/more

* enforce limits on fds openened by socket units

* explore multiple service instances per listening socket idea

* testing tool for socket activation: some binary that listens on a socket and passes it on using the usual socket activation protocol to some server.

* maybe make systemd-detect-virt suid? or use fscaps?

* shutdown: don't read-only mount anything when running in container

* nspawn: --read-only is not applied recursively to submounts

* MountFlags=shared acts as MountFlags=slave right now.

* ReadOnlyDirectories= is not applied recursively to submounts

* drop PID 1 reloading, only do reexecing (difficult: Reload()
  currently is properly synchronous, Reexec() is weird, because we
  can't delay the response properly until we are back, so instead of
  being properly synchronous we just keep open the fd and close it
  when done. That means clients don't get a succesful method reply,
  but much rather a disconnect on success.

* document that service reload may be implemented as service reexec

* remember which condition failed for services, not just the fact that something failed

* use opterr = 0 for all getopt tools

* properly handle loop back mounts via fstab, especially regards to fsck/passno

* allow services with no ExecStart= but with an ExecStop=

* add proper journal support to "systemctl --user status ..."

* add _SYSTEMD_USER_UNIT= field to journal entries

* dracut-shutdown needs to be ordered before unmounting /boot

* initialize the hostname from the fs label of /, if /etc/hostname does not exist?

* install README to /etc/rc.d/init.d (if support for that is enabled) helping people who use "ls" there to figure out which services exist.

* logind: ignore inactive login screens when checking whether power key should be handled

* rename "userspace" to "core-os"

* systemctl: "Journal has been rotated since unit was started." message is misleading

* syscall filter: add knowledge about compat syscalls

* syscall filter: don't enforce no new privs?

* syscall filter: option to return EPERM rather than SIGSYS?

* syscall filter: port to libseccomp

* logind: wakelock/opportunistic suspend support

* systemd-analyze post-boot is broken for initrd

* man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets

* .device aliases need to be implemented with the "following" logic, probably.

* refuse taking lower-case variable names in sd_journal_send() and friends.

* load-fragment: when loading a unit file via a chain of symlinks
  verify that it isn't masked via any of the names traversed.

* journald: we currently rotate only after MaxUse+MaxFilesize has been reached.

* Document:
        - PID 1 D-Bus API

* introduce Type=pid-file

* systemctl list-unit-files appears to be broken for symlinked units in /usr/lib

* maybe allow services with ExecStop= set, but no ExecStart=?

* efi: implement /forcefsck as uefi variables thus not requiring file system altering to trigger a file system check

* efi: honour language efi variables for default language selection

* efi: honour timezone efi variables for default timezone selection

* efi: automatically mount EFI partition to /boot if no such entry exists in /etc/fstab and /boot is empty
  gummiboot exports the EFI system partion (ESP) device:
  /sys/firmware/efi/vars/LoaderDeviceIdentifier-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f/data
  Acpi(PNP0A03,0)/Pci(1F|2)/?/HD(Part1,Sig1FCBC57F-4BFC-4C2B-91A3-9C84FBCD9AF1)
  '/' is the separator for the device path list
  HD(Part1,Sig1FCBC57F-4BFC-4C2B-91A3-9C84FBCD9AF1) contains the GPT UUID of the ESP

* read the bootloader performance data (raw TSC) in systemd-analyze
  /sys/firmware/efi/vars/LoaderTicksExec-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f/data
  19066159288
  /sys/firmware/efi/vars/LoaderTicksInit-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f/data
  17442940316
  /sys/firmware/efi/vars/LoaderTicksStartMenu-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f/data
  (only set if the menu was active)

* change Requires=basic.target to RequisiteOverride=basic.target

* support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator

* systemctl: when stopping a service which has triggres and warning about it actually check the TriggeredBy= deps fields

* journal: hook up with EFI firmware log

* nspawn: make use of device cgroup contrller by default

* drop accountsservice's StandardOutput=syslog and Type=dbus fields

* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr

* readahead: when bumping /sys readahead variable save mtime and compare later to detect changes

* (attempt to) make Debianites happy:
        - implement .d/ auto includes for unit files
        - add syntax to reset ExecStart= lists (and similar)

* move passno parsing to fstab generator

* improve !/proc/*/loginuid situation: make /proc/*/loginuid less dependent on CONFIG_AUDIT,
  or use the users cgroup information when /proc/*/loginuid is not available.

* pam_systemd: try to get old session id from cgroup, if audit sessionid cannot be determined

* pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree

* maybe introduce ~/.config/locale.conf and apply it within PAM

* readahead: make use of EXT4_IOC_MOVE_EXT, as used by http://e4rat.sourceforge.net/

* automount: implement expire

* logind: auto-suspend, auto-shutdown:
        IdleAction=(none|suspend|opportunistic|hibernate|poweroff)
        IdleActionDelay=...
        SessionIdleMode=(explicit|ignore|login)
        ForceShutdown=(yes|no)

* services which create their own subcgroups break cgroup-empty notification (needs to be fixed in the kernel)

* don't delete /tmp/systemd-namespace-* before a process is gone down

* vconsole: implement setterm -store -foreground xxx --background zzz

* ExecOnFailure=/usr/bin/foo

* fedora: make sshd and pam_loginuid work in nspawn containers

* fix utmp for console logins in containers

* Add pretty name for seats in logind

* ConditionSecurity= should learn about IMA

* Auke: merge Auke's bootchart

* udev: move to LGPL

* udev systemd unify:
  - strpcpy(), strpcpyl(), strscpy(), strscpyl()
  - utf8 validator code
  - now() vs. now_usec()

* udev: remove network interface renaming, sleep and retry logic, we do
        no support renaming of interfaces in the conflicting kernel
        namespace

* udev: find a way to tell udev to not cancel firmware requests when running in initramfs

* udev: scsi_id -> sg3_utils -> kill scsi_id

* udev: add trigger --subsystem-match=usb/usb_device device

* allow configuration of console width/height in vconsole.conf

* cleanup syslog 'priority' vs. 'level' wording

* dbus upstream still refers to dbus.target and shouldn't

* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting

* support container_ttys=

* introduce mix of BindTo and Requisite

* journalctl: show multiline log messages sanely, expand tabs, and show all valid utf8 messages

* add DeleteSocketsOnStop=yes|no option to socket units

* journal: store euid in journal if it differs from uid

* There's currently no way to cancel fsck (used to be possible via C-c or c on the console)

* journal: sanely deal with entries which are larger than the individual file size, but where the componets would fit

* add command to systemctl to plot dependency graph as tree (see rhbz 795365)

* add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/

* default unix qlen is too small (10). bump sysctl? add sockopt?

* Possibly, detect whether SysV init scripts can do reloading by looking for "echo Usage:" lines

* figure out whether we should leave dbus around during shutdown

* dbus: in fedora, make the machine a symlink to /etc/machine-id

* dbus: move dbus to early boot

* journald: reuse XZ context

* logind: add equivalent to sd_pid_get_owner_uid() to the D-Bus API

* journal: API for looking for retrieving "all values of this field"

* journal: deal nicely with byte-by-byte copied files, especially regards header

* journal: local deserializer of export mode, http server

* journal: message catalog

* document the exit codes when services fail before they are exec()ed

* systemctl journal command

* journalctl: --cursor support

* save coredump in Windows/Mozilla minidump format

* support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting)

* clean up session cgroups that remain after logout (think sshd), but eventually run empty

* support "systemctl stop foobar@.service" to stop all units matching a certain template

* logind: allow showing logout dialog from system

* document that %% can be used to write % in a string that is specifier extended

* when an instanced service exits, remove its parent cgroup too if possible.

* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max

* be able to specify a forced restart of service A where service B depends on, in case B
  needs to be auto-respawned?

* Something is wrong with symlink handling of "autovt@.service" in "systemctl list-unit-files"

* when a bus name of a service disappears from the bus make sure to queue further activation requests

* something like ConditionExec= or ExecStartPre= without failure state

* tmpfiles: apply "x" on "D" too (see patch from William Douglas)

* don't set $HOME in services unless requested

* hide PAM/TCPWrap options in fragment parser when compile time disabled

* when we automatically restart a service, ensure we restart its rdeps, too.

* allow Type=simple with PIDFile=
  https://bugzilla.redhat.com/show_bug.cgi?id=723942

* move PAM code into its own binary

* warn if the user stops a service but not its associated socket

* logind: spawn user@..service on login

* logind: non-local X11 server handling

* implement Register= switch in .socket units to enable registration
  in Avahi, RPC and other socket registration services.

* make sure systemd-ask-password-wall does not shutdown systemd-ask-password-console too early

* readahead: use BTRFS_IOC_DEFRAG_RANGE instead of BTRFS_IOC_DEFRAG ioctl, with START_IO

* readahead: check whether a btrfs volume includes ssd by checking mount flag "ssd"

* support sd_notify() style notification when reload begins (RELOADING=1), reload is finished (READY=1), and add ReloadSignal= then to use in combination

* support sd_notify() style notification when shutting down, to make auto-exit bus services work (STOPPING=1)

* verify that the AF_UNIX sockets of a service in the fs still exist
  when we start a service in order to avoid confusion when a user
  assumes starting a service is enough to make it accessible

* Make it possible to set the keymap independently from the font on
  the kernel cmdline. Right now setting one resets also the other.

* move nss-myhostname into systemd

* and a dbus call to generate target from current state

* drop /.readahead on bigger upgrades with yum

* add support for /bin/mount -s

* GC unreferenced jobs (such as .device jobs)

* write blog stories about:
  - enabling dbus services
  - status update
  - how to make changes to sysctl and sysfs attributes
  - remote access
  - how to pass throw-away units to systemd, or dynamically change properties of existing units
  - how to integrate cgconfig and suchlike with systemd
  - resource control in systemd
  - inhibiting
  - testing with Harald's awesome test kit
  - restart

* allow port=0 in .socket units

* move readahead files into /var, look for them with .path units

* teach dbus to activate all services it finds in /etc/systemd/services/org-*.service

* support systemd.mask= on the kernel command line.

* when key file cannot be found, read it from kbd in cryptsetup

* reuse mkdtemp namespace dirs in /tmp?

* recreate systemd's D-Bus private socket file on SIGUSR2

* Support --test based on current system state

* investigate whether the gnome pty helper should be moved into systemd, to provide cgroup support.

* maybe introduce ExecRestartPre=

* configurable jitter for timer events

* timer events with system resume

* timer events on calendar time:
        maybe use this time syntax? http://ohse.de/uwe/uschedule/uschedule.html

* dot output for --test showing the 'initial transaction'

* calendar time support in timer, iCalendar semantics for the timer stuff (RFC2445)
    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=99ee5315dac6211e972fa3f23bcc9a0343ff58c4

* implicitly import "defaults" settings file into all types

* writable cgroups dbus properties for live changes

* read config fragments for all units from /lib/systemd/system/foobar.service.d/ to override/extend specific settings

* port over to LISTEN_FDS/LISTEN_PID:
   - rpcbind (/var/run/rpcbind.sock!) HAVEPATCH
   - cups     HAVEPATCH
   - postfix, saslauthd
   - apache/samba
   - libvirtd (/var/run/libvirt/libvirt-sock-ro)
   - bluetoothd (/var/run/sdp! @/org/bluez/audio!)
   - distccd

* fingerprint.target, wireless.target, gps.target, netdevice.target

* io priority during initialization

* systemctl list-jobs - show dependencies

* add systemctl switch to dump transaction without executing it

* drop cap bounding set in readahead and other services

External:

* dbus:
   - dbus --user
   - natively watch for dbus-*.service symlinks (PENDING)
   - allow specification of socket mode/umask when allocating DBusServer
   - allow disabling of fd passing when connecting a AF_UNIX connection
   - allow disabling of UID passing for AUTH EXTERNAL
   - always pass cred data along each message

* fix alsa mixer restore to not print error when no config is stored

* gnome-shell python script/glxinfo/is-accelerated must die

* make cryptsetup lower --iter-time

* patch kernel for xattr support in /dev, /proc/, /sys and /sys/fs/cgroup?

* NTP: the kernel's 11-minutes-mode syncs the system time to the RTC, but only
  in an ~30 minutes window. It does not adjust larger differences. Find a way
  to tell the kernel, to always do a full time sync when the RTC is in UTC and
  we are in 11-minutes-mode. When we trust the system time to NTP we also want
  the RTC to sync up.

* kernel: add device_type = "fb", "fbcon" to class "graphics"

Regularly:

* look for close() vs. close_nointr() vs. close_nointr_nofail()

* check for strerror(r) instead of strerror(-r)

* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel

* %m in printf() instead of strerror(errno);

* pahole

* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()!

* use secure_getenv() instead of getenv() where appropriate

Scheduled for removal (or fixing):

* xxxOverridable dependencies