manager or system manager can be always set. It would be better to reject
them when parsing config.
-* busctl prints errors to stdout:
- busctl tree org.freedesktop.systemd1 /org/freedesktop/systemd1
-
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
Features:
+* add systemd.random_seed= on the kernel cmdline, taking some hex or base64
+ encoded data. During earliest boot, credit it to entropy. This is not useful
+ for general purpose systems, but certainly for testing environments in VMs
+ and such, as it allows us to boot up instantly with fully initialized entropy
+ pool even if RNG pass-thru is not available.
+
+* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
+
+* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
+
+* build short web pages out of each catalog entry, build them along with man
+ pages, and include hyperlinks to them in the journal output
+
+* machined: add API to acquire UID range. add API to mount/dissect loopback
+ file. Both protected by PK. Then make nspawn use these APIs to run
+ unprivileged containers. i.e. push the truly privileged bits into machined,
+ so that the client side can remain entirely unprivileged, with SUID or
+ anything like that.
+
* add "throttling" to sd-event event sources: optionally, when we wake up too
often for one, let's turn it off entirely for a while. Use that for the
/proc/self/mountinfo logic.
* nspawn: support time namespaces
+* add ConditionSecurity=tpm2
+
+* Remove any support for booting without /usr pre-mounted in the initrd entirely.
+ Update INITRD_INTERFACE.md accordingly.
+
* pid1: Move to tracking of main pid/control pid of units per pidfd
* pid1: support new clone3() fork-into-cgroup feature
* pid1: also remove PID files of a service when the service starts, not just
when it exits
+* systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum,
+ mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such
+
* make "systemd-dissect" an official supported tool, i.e. move to /usr/bin/ and
provide man page. Given that we now have a tool that can generate images like
this, it's useful to have one that can dump contents of them, too.
operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles,
sysusers, systemctl, repart, journalctl, coredumpctl.
+* seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out
+
+* seccomp: don't install filters for ABIs that are masked anyway for the
+ specific service
+
+* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging.
+
* per-service credential system. Specifically: add LoadCredential= (for loading
cred from file), AcquireCredential= (for asking user for cred, via
ask-password), PassCredential= (for passing on credential systemd itself
* homed: as an extension to the directory+subvolume backend: if located on
especially marked fs, then sync down password into LUKS header of that fs,
and always verify passwords against it too. Bootstrapping is a problem
- though: if noone is logged in (or no other user even exists yet), how do you
+ though: if no one is logged in (or no other user even exists yet), how do you
unlock the volume in order to create the first user and add the first pw.
* homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
* systemd-firstboot: teach it dissector magic, so that you can point it to some
disk image and it will just set everything in it all behind the scenes.
-* systemd-firstboot: add --force mode that replaces existing configuration.
-
* We should probably replace /var/log/README, /etc/rc.d/README with symlinks
that are linked to these places instead of copied. After all they are
constant vendor data.
- duplicate address check for static IPs (like ARPCHECK in network-scripts)
- whenever uplink info changes, make DHCP server send out FORCERENEW
+* Figure out how to do unittests of networkd's state serialization
+
* dhcp:
- figure out how much we can increase Maximum Message Size