* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
* dbus:
- - natively watch for dbus-*.service symlinks (PENDING)
- - teach dbus to activate all services it finds in /etc/systemd/services/org-*.service
+ - natively watch for dbus-*.service symlinks (PENDING)
+ - teach dbus to activate all services it finds in /etc/systemd/services/org-*.service
* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=
* link up selected blog stories from man pages and unit files Documentation= fields
-Janitorial Clean-ups:
+Janitorial Cleanups:
* machined: make remaining machine bus calls compatible with unpriv machined +
unpriv npsawn: GetAddresses(), GetSSHInfo(), GetOSRelease(), OpenPTY(),
* use CHASE_MUST_BE_DIRECTORY and CHASE_MUST_BE_REGULAR at more places (the
majority of places that currently employ chase() probably should use this)
-Deprecations and removals:
+Deprecations and Removals:
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
Update INITRD_INTERFACE.md accordingly.
possibly up to 100ms supposedly)
* instead of going directly for DefineSpace when initializing nvpcrs, check if
- they exist first. apparently DEfineSpace is broken on some tpms, and also
+ they exist first. apparently DefineSpace is broken on some tpms, and also
creates log spam if the nvindex already exists.
* on first login of a user, measure its identity to some nvpcr
not
* automatically reset specific EFI vars on factory reset (make this generic
- enough so that infrac can be used to erase shim's mok vars?)
+ enough so that infra can be used to erase shim's mok vars?)
* similar: add a plugin for factory reset logic that erases certain parts of
the ESP, but leaves others in place.
* maybe introduce a new partition that we can store debug logs and similar at
the very last moment of shutdown. idea would be to store reference to block
- device (major + minor + partition id + diskeq?) in /run somewhere, than use
+ device (major + minor + partition id + diskseq?) in /run somewhere, than use
that from systemd-shutdown, just write a raw JSON blob into the partition.
Include timestamp, boot id and such, plus kmsg. on next boot immediately
import into journal. maybe use timestamp for making clock more monotonic.
* Reset TPM2 DA bit on each successful boot
-* systemd-repart: add --installer or so, that will intractively ask for a
+* systemd-repart: add --installer or so, that will interactively ask for a
target disk, maybe ask for confirmation, and install something on disk. Then,
hook that into installer.target or so, so that it can be used to
install/replicate installs
cgroup information. This way if a service consisting of many logging
processes can take benefit of the cgroup caching.
-* system lsmbpf policy that prohibits creating files owned by "nobody"
+* system LSFMMBPF policy that prohibits creating files owned by "nobody"
system-wide
-* system lsmpbf policy that prohibits creating or opening device nodes outside
+* system LSFMMBPF policy that prohibits creating or opening device nodes outside
of devtmpfs/tmpfs, except if they are the pseudo-devices /dev/null,
/dev/zero, /dev/urandom and so on.
-* system lsmbpf policy that enforces that block device backed mounts may only
+* system LSFMMBPF policy that enforces that block device backed mounts may only
be established on top of dm-crypt or dm-verity devices, or an allowlist of
file systems (which should probably include vfat, for compat with the ESP)
* add a new specifier to unit files that figures out the DDI the unit file is
from, tracing through overlayfs, DM, loopback block device.
-* importd/importctl
+* importd/importctl:
- complete varlink interface
- download images into .v/ dirs
* introduce mntid_t, and make it 64bit, as apparently the kernel switched to
64bit mount ids
-* mountfsd/nsresourced
+* mountfsd/nsresourced:
- userdb: maybe allow callers to map one uid to their own uid
- bpflsm: allow writes if resulting UID on disk would be userns' owner UID
- make encrypted DDIs work (password…)
should probably also one you can use to get a remote attestation quote.
* Process credentials in:
- • crypttab-generator: allow defining additional crypttab-like volumes via
+ - crypttab-generator: allow defining additional crypttab-like volumes via
credentials (similar: verity-generator, integrity-generator). Use
fstab-generator logic as inspiration.
- • run-generator: allow defining additional commands to run via a credential
- • resolved: allow defining additional /etc/hosts entries via a credential (it
+ - run-generator: allow defining additional commands to run via a credential
+ - resolved: allow defining additional /etc/hosts entries via a credential (it
might make sense to then synthesize a new combined /etc/hosts file in /run
and bind mount it on /etc/hosts for other clients that want to read it.
- • repart: allow defining additional partitions via credential
- • timesyncd: pick NTP server info from credential
- • portabled: read a credential "portable.extra" or so, that takes a list of
+ - repart: allow defining additional partitions via credential
+ - timesyncd: pick NTP server info from credential
+ - portabled: read a credential "portable.extra" or so, that takes a list of
file system paths to enable on start.
- • make systemd-fstab-generator look for a system credential encoding root= or
+ - make systemd-fstab-generator look for a system credential encoding root= or
usr=
- • in gpt-auto-generator: check partition uuids against such uuids supplied via
+ - in gpt-auto-generator: check partition uuids against such uuids supplied via
sd-stub credentials. That way, we can support parallel OS installations with
pre-built kernels.
* augment CODE_FILE=, CODE_LINE= with something like CODE_BASE= or so which
contains some identifier for the project, which allows us to include
clickable links to source files generating these log messages. The identifier
- could be some abberviated URL prefix or so (taking inspiration from Go
+ could be some abbreviated URL prefix or so (taking inspiration from Go
imports). For example, for systemd we could use
CODE_BASE=github.com/systemd/systemd/blob/98b0b1123cc or so which is
sufficient to build a link by prefixing "http://" and suffixing the
* define gpt header bits to select volatility mode
-* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
+* ProtectClock= (drops CAP_SYS_TIMES, adds seccomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
* ProtectTracing= (drops CAP_SYS_PTRACE, blocks ptrace syscall, makes /sys/kernel/tracing go away)
- add API to clone sd_bus_message objects
- longer term: priority inheritance
- dbus spec updates:
- - NameLost/NameAcquired obsolete
- - path escaping
+ - NameLost/NameAcquired obsolete
+ - path escaping
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
-* sd-event
+* sd-event:
- allow multiple signal handlers per signal?
- document chaining of signal handler for SIGCHLD and child handlers
- define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ...
* EFI:
- honor language efi variables for default language selection (if there are any?)
- honor timezone efi variables for default timezone selection (if there are any?)
-* bootctl
+* bootctl:
- recognize the case when not booted on EFI
* bootctl:
- add -n as shortcut for --dry-run in tmpfiles & sysusers & possibly other places
* udev-link-config:
- - Make sure ID_PATH is always exported and complete for
- network devices where possible, so we can safely rely
- on Path= matching
+ - Make sure ID_PATH is always exported and complete for
+ network devices where possible, so we can safely rely
+ on Path= matching
* sd-rtnl:
- - add support for more attribute types
- - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places
+ - add support for more attribute types
+ - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places
* networkd:
- - add more keys to [Route] and [Address] sections
- - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config)
- - add reduced [Link] support to .network files
- - properly handle routerless dhcp leases
- - work with non-Ethernet devices
- - dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from?
- - the DHCP lease data (such as NTP/DNS) is still made available when
- a carrier is lost on a link. It should be removed instantly.
- - expose in the API the following bits:
- - option 15, domain name
- - option 12, hostname and/or option 81, fqdn
- - option 123, 144, geolocation
- - option 252, configure http proxy (PAC/wpad)
- - provide a way to define a per-network interface default metric value
- for all routes to it. possibly a second default for DHCP routes.
- - allow Name= to be specified repeatedly in the [Match] section. Maybe also
- support Name=foo*|bar*|baz ?
- - whenever uplink info changes, make DHCP server send out FORCERENEW
+ - add more keys to [Route] and [Address] sections
+ - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config)
+ - add reduced [Link] support to .network files
+ - properly handle routerless dhcp leases
+ - work with non-Ethernet devices
+ - dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from?
+ - the DHCP lease data (such as NTP/DNS) is still made available when
+ a carrier is lost on a link. It should be removed instantly.
+ - expose in the API the following bits:
+ - option 15, domain name
+ - option 12, hostname and/or option 81, fqdn
+ - option 123, 144, geolocation
+ - option 252, configure http proxy (PAC/wpad)
+ - provide a way to define a per-network interface default metric value
+ for all routes to it. possibly a second default for DHCP routes.
+ - allow Name= to be specified repeatedly in the [Match] section. Maybe also
+ support Name=foo*|bar*|baz ?
+ - whenever uplink info changes, make DHCP server send out FORCERENEW
* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us
* Figure out how to do unittests of networkd's state serialization
* dhcp:
- - figure out how much we can increase Maximum Message Size
+ - figure out how much we can increase Maximum Message Size
* dhcp6:
- - add functions to set previously stored IPv6 addresses on startup and get
- them at shutdown; store them in client->ia_na
- - write more test cases
- - implement reconfigure support, see 5.3., 15.11. and 22.20.
- - implement support for temporary addresses (IA_TA)
- - implement dhcpv6 authentication
- - investigate the usefulness of Confirm messages; i.e. are there any
- situations where the link changes without any loss in carrier detection
- or interface down
- - some servers don't do rapid commit without a filled in IA_NA, verify
- this behavior
- - RouteTable= ?
+ - add functions to set previously stored IPv6 addresses on startup and get
+ them at shutdown; store them in client->ia_na
+ - write more test cases
+ - implement reconfigure support, see 5.3., 15.11. and 22.20.
+ - implement support for temporary addresses (IA_TA)
+ - implement dhcpv6 authentication
+ - investigate the usefulness of Confirm messages; i.e. are there any
+ situations where the link changes without any loss in carrier detection
+ or interface down
+ - some servers don't do rapid commit without a filled in IA_NA, verify
+ this behavior
+ - RouteTable= ?
* shared/wall: Once more programs are taught to prefer sd-login over utmp,
switch the default wall implementation to wall_logind
projects / thirdparty / systemd.git / commitdiff
