manager or system manager can be always set. It would be better to reject
them when parsing config.
+* userdbctl: "Password OK: yes" is shown even when there are no passwords
+ or the password is locked.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
Features:
-* nss-systemd: also synthesize shadow records for users/groups
+* export action of device object on sd-device, so that monitor becomes useful
+
+* add root=tmpfs that mounts a tmpfs to /sysroot (to be used in combination
+ with usr=…, for a similar effect as systemd.volatile=yes but without the
+ "hide-out" effect). Also, add root=gpt-auto-late support or so, that is like
+ root=gpt-auto but initially mounts a tmpfs to /sysroot, and then revisits
+ later after systemd-repart ran. Usecase: let's ship images with only /usr
+ partition, then on first boot create the root partition. In this case we want
+ to read the repart data from /usr before the root partition exists. Add
+ usr=gpt-auto that automatically finds a /usr partition.
+
+* change SwitchRoot() implementation in PID 1 to use pivot_root(".", "."), as
+ documented in the pivot_root(2) man page, so that we can drop the /oldroot
+ temporary dir.
-* nspawn: move "incoming mount" directory to /run/host, move "inaccessible"
- nodes to /run/host, move notify socket (for sd_notify() between payload and
- container manager)
+* special case some calls of chase_symlinks() to use openat2() internally, so
+ that the kernel does what we otherwise do.
+
+* homed: keep an fd to the homedir open at all times, to keep the fs pinned
+ (autofs and such) while user is loged in.
+
+* nss-systemd: also synthesize shadow records for users/groups
* make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np().
mounting a subdir of the root fs as actual root. This can be used as
fstype-agnostic version of btrfs' rootflags=subvol=foobar.
-* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
-
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
* build short web pages out of each catalog entry, build them along with man
often for one, let's turn it off entirely for a while. Use that for the
/proc/self/mountinfo logic.
-* move our systemd-user PAM snippet to /usr/, which PAM appears to support
- these days
-
* nspawn: support time namespaces
* systemd-firstboot: make sure to always use chase_symlinks() before
- elfutils (always)
- p11-kit-trust (always)
- kmod-libs (only when called from PID 1)
- - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup)
- - similar: libblkid
+ - libblkid (only in RootImage= handling in PID 1, but not elsewhere)
- libpam (only when called from PID 1)
- bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are,
since they are so basic and our defaults)
* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging.
-* per-service credential system. Specifically: add LoadCredential= (for loading
- cred from file), AcquireCredential= (for asking user for cred, via
- ask-password), PassCredential= (for passing on credential systemd itself
- got). Then, place credentials in a per-service, immutable ramfs instance (so
- that it cannot be swapped out), destroy after use. Also pass via keyring
- (with graceful fallback to cover for containers). Define CredentialPath= for
- defining subdir of /run/credentials/ where to place it. Set $CREDENTIAL_PATH
- env var for services to the result. Also pass via fd passing (optionally).
+* credentials system:
+ - maybe add AcquireCredential= for querying a cred via ask-password
+ - maybe try to acquire creds via keyring?
+ - maybe try to pass creds via keyring?
+ - maybe optionally pass creds via memfd
+ - maybe add support for decrypting creds via TPM
+ - maybe add support for decrypting/importing creds via pkcs11
+ - make systemd-cryptsetup acquire pw via creds logic
+ - make PAMName= acquire pw via creds logic
+ - make macsec/wireguard code in networkd read key via creds logic
+ - make gatwayd/remote read key via creds logic
+ - add sd_notify() command for flushing out creds not needed anymore
* homed: during login resize fs automatically towards size goal. Specifically,
resize to diskSize if possible, but leave a certain amount (configured by a
- when that's done: kill khash.c
- when that's done: kill gnutls support in resolved
-* kill zenata, all hail weblate?
-
* when we resize disks (homed?) always round up to 4K sectors, not 512K
* add growvol and makevol options for /etc/crypttab, similar to
* sd-bus: add vtable flag, that may be used to request client creds implicitly
and asynchronously before dispatching the operation
+* sd-bus: parse addresses given in sd_bus_set_addresses immediately and not
+ only when used. Add unit tests.
+
* make use of ethtool veth peer info in machined, for automatically finding out
host-side interface pointing to the container.
yogas can be recognized as "convertible" too, even if they predate the DMI
"convertible" form factor
-* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing
- after all. Be strict however, only support the equivalent of nspawn's
- --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such
- as MAINPID.
-
* Add ExecMonitor= setting. May be used multiple times. Forks off a process in
the service cgroup, which is supposed to monitor the service, and when it
exits the service is considered failed by its monitor.
* add new gpt type for btrfs volumes
-* support empty /etc boots nicely:
- - nspawn/gpt-generator: introduce new gpt partition type for /usr
-
* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them.
* a way for container managers to turn off getty starting via $container_headless= or so...
service instances processing the listening socket, and open this up
for ReusePort=
-* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
- $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
- should SIGSTOP all unit processes in a loop until all processes of
- it are fully stopped. This can later be used for app management by
- desktop UIs such as gnome-shell to freeze apps that are not visible
- on screen, not unlike how job control works on the shell
-
* cgroups:
- implement per-slice CPUFairScheduling=1 switch
- introduce high-level settings for RT budget, swappiness
projects / thirdparty / systemd.git / blobdiff