From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Wed, 2 Jun 2021 18:13:05 +0000 (+0100)
Subject: TODO: mention the new Landlock LSM as a way to implement sandboxing for systemd ... 
X-Git-Tag: v249-rc1~109^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88511a3712bcf8c1922ef21abc9e18798e61a80e;p=thirdparty%2Fsystemd.git

TODO: mention the new Landlock LSM as a way to implement sandboxing for systemd --user
---

diff --git a/TODO b/TODO
index 5e91ddffd59..0b6733aa354 100644
--- a/TODO
+++ b/TODO
@@ -858,6 +858,9 @@ Features:
   on PID 1 with the relevant signals, and makes relevant files in /sys and
   /proc (such as the sysrq stuff) unavailable
 
+* Support ReadWritePaths/ReadOnlyPaths/InaccessiblePaths in systemd --user instances
+  via the new unprivileged Landlock LSM (https://landlock.io)
+
 * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
 
 * journalctl: make sure -f ends when the container indicated by -M terminates