From: Christian Brauner Date: Mon, 30 Mar 2026 11:51:07 +0000 (+0200) Subject: TODO: fix typos and restore dropped item X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7e54cc88d02fe964626000eacce12749588c8d2c;p=thirdparty%2Fsystemd.git TODO: fix typos and restore dropped item - Fix "d-nspawn" → "systemd-nspawn" (prefix was incorrectly stripped when merging into the nspawn grouped section) - Fix "LSFMMBPF" → "LSM BPF" (the original informal abbreviations "lsmbpf"/"lsmpbf" were incorrectly "corrected") - Restore the dropped "portabled: similar" reference by folding it into the ConcurrencyHardMax=/ConcurrencySoftMax= item Signed-off-by: Christian Brauner --- diff --git a/TODO.md b/TODO.md index a293c792f89..0cd44bd57d9 100644 --- a/TODO.md +++ b/TODO.md @@ -421,7 +421,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later included in the user/group record credentials - allow dynamic modifications of ConcurrencyHardMax= and ConcurrencySoftMax= - via DBus (and with that also by daemon-reload) + via DBus (and with that also by daemon-reload). Similar for portabled. - also include packaging metadata (á la https://systemd.io/PACKAGE_METADATA_FOR_EXECUTABLE_FILES/) in our UEFI PE @@ -1774,7 +1774,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later - Reduce the number of sockets that are currently in use and just rely on one or two sockets. - map foreign UID range through 1:1 - - d-nspawn should get the same SSH key support that vmspawn now has. + - systemd-nspawn should get the same SSH key support that vmspawn now has. - oci: add support for "importctl import-oci" which implements the "OCI layout" spec (i.e. acquiring via local fs access), as opposed to the current @@ -2327,14 +2327,14 @@ SPDX-License-Identifier: LGPL-2.1-or-later - sysext: measure all activated sysext into a TPM PCR -- system LSFMMBPF policy that enforces that block device backed mounts may only +- system BPF LSM policy that enforces that block device backed mounts may only be established on top of dm-crypt or dm-verity devices, or an allowlist of file systems (which should probably include vfat, for compat with the ESP) -- system LSFMMBPF policy that prohibits creating files owned by "nobody" +- system BPF LSM policy that prohibits creating files owned by "nobody" system-wide -- system LSFMMBPF policy that prohibits creating or opening device nodes outside +- system BPF LSM policy that prohibits creating or opening device nodes outside of devtmpfs/tmpfs, except if they are the pseudo-devices /dev/null, /dev/zero, /dev/urandom and so on.