TODO: note cgroup.kill and memfd_secret

author Luca Boccassi <luca.boccassi@microsoft.com>

Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)

committer Luca Boccassi <luca.boccassi@microsoft.com>

Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)
author Luca Boccassi <luca.boccassi@microsoft.com>
Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)
committer Luca Boccassi <luca.boccassi@microsoft.com>
Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)
diff --git a/TODO b/TODO

index 7c5002e6b04d3f42400db1e214a6650202521d44..249f4a225705bbcd94a062a89fac6258ee46da7e 100644 (file)
--- a/TODO
+++ b/TODO
@@ -262,6 +262,8 @@ Features:
  
  * pid1: support new clone3() fork-into-cgroup feature
  
+* pid1: support new cgroup.kill to terminate all processes in a cgroup
+
  * pid1: also remove PID files of a service when the service starts, not just
    when it exits
  
@@ -425,6 +427,7 @@ Features:
  * paranoia: whenever we process passwords, call mlock() on the memory
    first. i.e. look for all places we use free_and_erasep() and
    augment them with mlock(). Also use MADV_DONTDUMP.
+  Alternatively (preferably?) use memfd_secret().
  
  * Move RestrictAddressFamily= to the new cgroup create socket
author	Luca Boccassi <luca.boccassi@microsoft.com>
	Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)
committer	Luca Boccassi <luca.boccassi@microsoft.com>
	Mon, 12 Jul 2021 21:47:59 +0000 (22:47 +0100)