From 1717a939bee8c26f815d93247edc3af4e0f330ca Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 18 Jul 2024 11:40:10 +0200
Subject: [PATCH] update TODO

---
 TODO | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/TODO b/TODO
index 443b9a554bf..54ebb69d644 100644
--- a/TODO
+++ b/TODO
@@ -130,6 +130,23 @@ Deprecations and removals:
 
 Features:
 
+* homed: allow login via username + realm on getty/login prompt. Then rewrite
+  the user name in the PAM stack
+
+* homed/userdb: add "aliases" field to user record, which can alternatively be
+  used for logging in. Rewrite user name in the PAM stack once acquired.
+
+* confext/sysext: instead of mounting the overlayfs directly on /etc/ + /usr/,
+  insert an intermediary bind mount on itself there. This has the benefit that
+  services where mount propagation from the root fs is off, an still have
+  confext/sysext propagated in.
+
+* marry pcrlock + signed pcr policies for FDE/credentials by letting each
+  unlock "half" of the volume key, so that the combination of both must be
+  XOR'ed to get the actual volume key
+
+* support F_DUDFD_QUERY for comparing fds in same_fd (requires kernel 6.10)
+
 * generic interface for varlink for setting log level and stuff that all our daemons can implement
 
 * use pty ioctl to get peer wherever possible (TIOCGPTPEER)
-- 
2.47.3