update TODO

diff --git a/TODO b/TODO
index 9ca2736b2a88ead4764ae8d6ad897a9b68f2b865..9b949e93f7a84204cd79dc0524595b394cbc5770 100644 (file)
--- a/TODO
+++ b/TODO
@@ -72,6 +72,12 @@ Features:
 
 * RemoveKeyRing= to remove all keyring entries of the specified user
 
+* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill
+  on PID 1 with the relevant signals, and makes relevant files in /sys and
+  /proc (such as the sysrq stuff) unavailable
+
+* DeviceAllow= should also generate seccomp filters for mknod()
+
 * Add DataDirectory=, CacheDirectory= and LogDirectory= to match
   RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.