Features:
+* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
+
+* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
+
+* ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave)
+
+* ProtectDevices= should also take iopl/ioperm/pciaccess away
+
+* ProtectKeyRing= to take keyring calls away
+
+* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
+
+* nspawn: make /proc/sys/net writable?
+
+* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
+
* journalctl: make sure -f ends when the container indicated by -M terminates
+* expose the "privileged" flag of ExecCommand on the bus, and open it up to
+ transient units
+
* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the
kernel doesn't support linkat() that replaces existing files, currently)
* transient units: don't bother with actually setting unit properties, we
reload the unit file anyway
-* make sure resolved can be restarted without losing pushed-in dns config
-
-* fix https://github.com/systemd/systemd/pull/2890, this shouldn't be exported
- like this.
-
* journald: sigbus API via a signal-handler safe function that people may call
from the SIGBUS handler
* optionally, also require WATCHDOG=1 notifications during service start-up and shutdown
-* resolved: maybe, after all, implement local listening for DNS packets on port
- 127.0.0.53:53.
+* resolved: when routing queries, make sure only look for the *longest* suffix...
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
-* install: include generator dirs in unit file search paths
-
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
* implement a per-service firewall based on net_cls
-* Port various tools to make use of verbs.[ch], where applicable
+* Port various tools to make use of verbs.[ch], where applicable: busctl,
+ bootctl, coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl
* hostnamectl: show root image uuid
* systemctl: if some operation fails, show log output?
-* systemctl edit:
-- allow creation of units from scratch
-- use equvalent of cat() to insert existing config as a comment, prepended with #.
+* systemctl edit: use equvalent of cat() to insert existing config as a comment, prepended with #.
Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc.
* exponential backoff in timesyncd when we cannot reach a server
- resolved should optionally register additional per-interface LLMNR
names, so that for the container case we can establish the same name
(maybe "host") for referencing the server, everywhere.
- - enable DNSSEC by default
- allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
+ - hook up resolved with machined-based address resolution
* refcounting in sd-resolve is borked
* be more careful what we export on the bus as (usec_t) 0 and (usec_t) -1
-* unify dispatch table in systemctl_main() and friends
-
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs