Features:
-* nss-systemd: also synthesize shadow records for users/groups
+* export action of device object on sd-device, so that monitor becomes useful
+
+* add root=tmpfs that mounts a tmpfs to /sysroot (to be used in combination
+ with usr=…, for a similar effect as systemd.volatile=yes but without the
+ "hide-out" effect). Also, add root=gpt-auto-late support or so, that is like
+ root=gpt-auto but initially mounts a tmpfs to /sysroot, and then revisits
+ later after systemd-repart ran. Usecase: let's ship images with only /usr
+ partition, then on first boot create the root partition. In this case we want
+ to read the repart data from /usr before the root partition exists. Add
+ usr=gpt-auto that automatically finds a /usr partition.
+
+* change SwitchRoot() implementation in PID 1 to use pivot_root(".", "."), as
+ documented in the pivot_root(2) man page, so that we can drop the /oldroot
+ temporary dir.
+
+* special case some calls of chase_symlinks() to use openat2() internally, so
+ that the kernel does what we otherwise do.
-* nspawn: move "incoming mount" directory to /run/host, move "inaccessible"
- nodes to /run/host, move notify socket (for sd_notify() between payload and
- container manager)
+* homed: keep an fd to the homedir open at all times, to keep the fs pinned
+ (autofs and such) while user is loged in.
+
+* nss-systemd: also synthesize shadow records for users/groups
* make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np().
mounting a subdir of the root fs as actual root. This can be used as
fstype-agnostic version of btrfs' rootflags=subvol=foobar.
-* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
-
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
* build short web pages out of each catalog entry, build them along with man
often for one, let's turn it off entirely for a while. Use that for the
/proc/self/mountinfo logic.
-* move our systemd-user PAM snippet to /usr/, which PAM appears to support
- these days
-
* nspawn: support time namespaces
* systemd-firstboot: make sure to always use chase_symlinks() before
- when that's done: kill khash.c
- when that's done: kill gnutls support in resolved
-* kill zenata, all hail weblate?
-
* when we resize disks (homed?) always round up to 4K sectors, not 512K
* add growvol and makevol options for /etc/crypttab, similar to
* sd-bus: add vtable flag, that may be used to request client creds implicitly
and asynchronously before dispatching the operation
+* sd-bus: parse addresses given in sd_bus_set_addresses immediately and not
+ only when used. Add unit tests.
+
* make use of ethtool veth peer info in machined, for automatically finding out
host-side interface pointing to the container.
yogas can be recognized as "convertible" too, even if they predate the DMI
"convertible" form factor
-* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing
- after all. Be strict however, only support the equivalent of nspawn's
- --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such
- as MAINPID.
-
* Add ExecMonitor= setting. May be used multiple times. Forks off a process in
the service cgroup, which is supposed to monitor the service, and when it
exits the service is considered failed by its monitor.
* add new gpt type for btrfs volumes
-* support empty /etc boots nicely:
- - nspawn/gpt-generator: introduce new gpt partition type for /usr
-
* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them.
* a way for container managers to turn off getty starting via $container_headless= or so...
service instances processing the listening socket, and open this up
for ReusePort=
-* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
- $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
- should SIGSTOP all unit processes in a loop until all processes of
- it are fully stopped. This can later be used for app management by
- desktop UIs such as gnome-shell to freeze apps that are not visible
- on screen, not unlike how job control works on the shell
-
* cgroups:
- implement per-slice CPUFairScheduling=1 switch
- introduce high-level settings for RT budget, swappiness