mirror of
https://github.com/systemd/systemd
synced 2024-07-21 18:24:38 +00:00
TODO: put journal-related stuff together
This commit is contained in:
parent
28e014fed0
commit
0134afe30d
134
TODO
134
TODO
|
@ -258,10 +258,6 @@ Features:
|
||||||
both so that suid executables can only be placed there. Do this already in
|
both so that suid executables can only be placed there. Do this already in
|
||||||
the initrd. If /usr/ is not split out create a bind mount automatically.
|
the initrd. If /usr/ is not split out create a bind mount automatically.
|
||||||
|
|
||||||
* rework journalctl -M to be based on a machined method that generates a mount
|
|
||||||
fd of the relevant journal dirs in the container with uidmapping applied to
|
|
||||||
allow the host to read it, while making everything read-only.
|
|
||||||
|
|
||||||
* fix our various hwdb lookup keys to end with ":" again. The original idea was
|
* fix our various hwdb lookup keys to end with ":" again. The original idea was
|
||||||
that hwdb patterns can match arbitrary fields with expressions like
|
that hwdb patterns can match arbitrary fields with expressions like
|
||||||
"*:foobar:*", to wildcard match both the start and the end of the string.
|
"*:foobar:*", to wildcard match both the start and the end of the string.
|
||||||
|
@ -282,10 +278,6 @@ Features:
|
||||||
|
|
||||||
* remove tomoyo support, it's obsolete and unmaintained apparently
|
* remove tomoyo support, it's obsolete and unmaintained apparently
|
||||||
|
|
||||||
* journald: add varlink service that allows subscribing to certain log events,
|
|
||||||
for example matching by message ID, or log level returns a list of journal
|
|
||||||
cursors as they happen.
|
|
||||||
|
|
||||||
* In .socket units, add ConnectStream=, ConnectDatagram=,
|
* In .socket units, add ConnectStream=, ConnectDatagram=,
|
||||||
ConnectSequentialPacket= that create a socket, and then *connect to* rather than
|
ConnectSequentialPacket= that create a socket, and then *connect to* rather than
|
||||||
listen on some socket. Then, add a new setting WriteData= that takes some
|
listen on some socket. Then, add a new setting WriteData= that takes some
|
||||||
|
@ -315,20 +307,6 @@ Features:
|
||||||
* SIGRTMIN+18 and memory pressure handling should still be added to: hostnamed,
|
* SIGRTMIN+18 and memory pressure handling should still be added to: hostnamed,
|
||||||
localed, oomd, timedated.
|
localed, oomd, timedated.
|
||||||
|
|
||||||
* journald: also collect CLOCK_BOOTTIME timestamps per log entry. Then, derive
|
|
||||||
"corrected" CLOCK_REALTIME information on display from that and the timestamp
|
|
||||||
info of the newest entry of the specific boot (as identified by the boot
|
|
||||||
ID). This way, if a system comes up without a valid clock but acquires a
|
|
||||||
better clock later, we can "fix" older entry timestamps on display, by
|
|
||||||
calculating backwards. We cannot use CLOCK_MONOTONIC for this, since it does
|
|
||||||
not account for suspend phases. This would then also enable us to correct the
|
|
||||||
kmsg timestamping we consume (where we erroneously assume the clock was in
|
|
||||||
CLOCK_MONOTONIC, but it actually is CLOCK_BOOTTIME as per kernel).
|
|
||||||
|
|
||||||
* sd-journal puts a limit on parallel journal files to view at once. journald
|
|
||||||
should probably honour that same limit (JOURNAL_FILES_MAX) when vacuuming to
|
|
||||||
ensure we never generate more files than we can actually view.
|
|
||||||
|
|
||||||
* in order to make binding to PCR 4 realistic:
|
* in order to make binding to PCR 4 realistic:
|
||||||
- generate one keypair "U" and store it in a tpm2 nvindex.
|
- generate one keypair "U" and store it in a tpm2 nvindex.
|
||||||
- Generate another keypair "P" and store it in a second tpm2 nvindex.
|
- Generate another keypair "P" and store it in a second tpm2 nvindex.
|
||||||
|
@ -396,18 +374,6 @@ Features:
|
||||||
* homed: if for some reason the partition ended up being much smaller than
|
* homed: if for some reason the partition ended up being much smaller than
|
||||||
whole disk, recover from that, and grow it again.
|
whole disk, recover from that, and grow it again.
|
||||||
|
|
||||||
* in journald, write out a recognizable log record whenever the system clock is
|
|
||||||
changed ("stepped"), and in timesyncd whenever we acquire an NTP fix
|
|
||||||
("slewing"). Then, in journalctl for each boot time we come across, find
|
|
||||||
these records, and use the structured info they include to display
|
|
||||||
"corrected" wallclock time, as calculated from the monotonic timestamp in the
|
|
||||||
log record, adjusted by the delta declared in the structured log record.
|
|
||||||
|
|
||||||
* in journald: whenever we start a new journal file because the boot ID
|
|
||||||
changed, let's generate a recognizable log record containing info about old
|
|
||||||
and new ID. Then, when displaying log stream in journalctl look for these
|
|
||||||
records, to be able to order them.
|
|
||||||
|
|
||||||
* timesyncd: when saving/restoring clock try to take boot time into account.
|
* timesyncd: when saving/restoring clock try to take boot time into account.
|
||||||
Specifically, along with the saved clock, store the current boot ID. When
|
Specifically, along with the saved clock, store the current boot ID. When
|
||||||
starting, check if the boot id matches. If so, don't do anything (we are on
|
starting, check if the boot id matches. If so, don't do anything (we are on
|
||||||
|
@ -524,10 +490,6 @@ Features:
|
||||||
- If run on every boot, should it use the sysupdate config from the host on
|
- If run on every boot, should it use the sysupdate config from the host on
|
||||||
subsequent boots?
|
subsequent boots?
|
||||||
|
|
||||||
* hook up journald with TPMs? measure new journal records to the TPM in regular
|
|
||||||
intervals, validate the journal against current TPM state with that. (taking
|
|
||||||
inspiration from IMA log)
|
|
||||||
|
|
||||||
* provide an API (probably IPC) to apps to encrypt/decrypt
|
* provide an API (probably IPC) to apps to encrypt/decrypt
|
||||||
credentials. usecase: allow bluez bluetooth daemon to pass pairings to initrd
|
credentials. usecase: allow bluez bluetooth daemon to pass pairings to initrd
|
||||||
that way, without shelling out to our tools.
|
that way, without shelling out to our tools.
|
||||||
|
@ -783,11 +745,6 @@ Features:
|
||||||
and that determines from which overlayfs layer it originates, which image, and with
|
and that determines from which overlayfs layer it originates, which image, and with
|
||||||
what it was signed.
|
what it was signed.
|
||||||
|
|
||||||
* journald: generate recognizable log events whenever we shutdown journald
|
|
||||||
cleanly, and when we migrate run → var. This way tools can verify that a
|
|
||||||
previous boot terminated cleanly, because either of these two messages must
|
|
||||||
be safely written to disk, then.
|
|
||||||
|
|
||||||
* systemd-creds: extend encryption logic to support asymmetric
|
* systemd-creds: extend encryption logic to support asymmetric
|
||||||
encryption/authentication. Idea: add new verb "systemd-creds public-key"
|
encryption/authentication. Idea: add new verb "systemd-creds public-key"
|
||||||
which generates a priv/pub key pair on the TPM2 and stores the priv key
|
which generates a priv/pub key pair on the TPM2 and stores the priv key
|
||||||
|
@ -1038,17 +995,6 @@ Features:
|
||||||
uses RootDirectory= or RootImage=. (Might also over-mount
|
uses RootDirectory= or RootImage=. (Might also over-mount
|
||||||
/sys/class/dmi/id/*{uuid,serial} with /dev/null).
|
/sys/class/dmi/id/*{uuid,serial} with /dev/null).
|
||||||
|
|
||||||
* journalctl/timesyncd: whenever timesyncd acquires a synchronization from NTP,
|
|
||||||
create a structured log entry that contains boot ID, monotonic clock and
|
|
||||||
realtime clock (I mean, this requires no special work, as these three fields
|
|
||||||
are implicit). Then in journalctl when attempting to display the realtime
|
|
||||||
timestamp of a log entry, first search for the closest later log entry
|
|
||||||
of this kinda that has a matching boot id, and convert the monotonic clock
|
|
||||||
timestamp of the entry to the realtime clock using this info. This way we can
|
|
||||||
retroactively correct the wallclock timestamps, in particular for systems
|
|
||||||
without RTC, i.e. where initially wallclock timestamps carry rubbish, until
|
|
||||||
an NTP sync is acquired.
|
|
||||||
|
|
||||||
* kernel-install:
|
* kernel-install:
|
||||||
- add --all switch for rerunning kernel-install for all installed kernels
|
- add --all switch for rerunning kernel-install for all installed kernels
|
||||||
|
|
||||||
|
@ -1216,12 +1162,6 @@ Features:
|
||||||
* systemd-sysext: optionally, run it in initrd already, before transitioning
|
* systemd-sysext: optionally, run it in initrd already, before transitioning
|
||||||
into host, to open up possibility for services shipped like that.
|
into host, to open up possibility for services shipped like that.
|
||||||
|
|
||||||
* maybe add a tool that displays most recent journal logs as QR code to scan
|
|
||||||
off screen and run it automatically on boot failures, emergency logs and
|
|
||||||
such. Use DRM APIs directly, see
|
|
||||||
https://github.com/dvdhrm/docs/blob/master/drm-howto/modeset.c for an example
|
|
||||||
for doing that.
|
|
||||||
|
|
||||||
* introduce /dev/disk/root/* symlinks that allow referencing partitions on the
|
* introduce /dev/disk/root/* symlinks that allow referencing partitions on the
|
||||||
disk the rootfs is on in a reasonably secure way. (or maybe: add
|
disk the rootfs is on in a reasonably secure way. (or maybe: add
|
||||||
/dev/gpt-auto-{home,srv,boot,…} similar in style to /dev/gpt-auto-root as we
|
/dev/gpt-auto-{home,srv,boot,…} similar in style to /dev/gpt-auto-root as we
|
||||||
|
@ -1461,13 +1401,8 @@ Features:
|
||||||
|
|
||||||
* Move RestrictAddressFamily= to the new cgroup create socket
|
* Move RestrictAddressFamily= to the new cgroup create socket
|
||||||
|
|
||||||
* maybe implicitly attach monotonic+realtime timestamps to outgoing messages in
|
|
||||||
log.c and sd-journal-send
|
|
||||||
|
|
||||||
* optionally: turn on cgroup delegation for per-session scope units
|
* optionally: turn on cgroup delegation for per-session scope units
|
||||||
|
|
||||||
* introduce per-unit (i.e. per-slice, per-service) journal log size limits.
|
|
||||||
|
|
||||||
* sd-boot: optionally, show boot menu when previous default boot item has
|
* sd-boot: optionally, show boot menu when previous default boot item has
|
||||||
non-zero "tries done" count
|
non-zero "tries done" count
|
||||||
|
|
||||||
|
@ -2084,8 +2019,70 @@ Features:
|
||||||
time-based policy, so that the verification key can remain on host and ve
|
time-based policy, so that the verification key can remain on host and ve
|
||||||
validated via TPM.
|
validated via TPM.
|
||||||
|
|
||||||
* build short web pages out of each catalog entry, build them along with man
|
* rework journalctl -M to be based on a machined method that generates a mount
|
||||||
pages, and include hyperlinks to them in the journal output
|
fd of the relevant journal dirs in the container with uidmapping applied to
|
||||||
|
allow the host to read it, while making everything read-only.
|
||||||
|
|
||||||
|
* journald: add varlink service that allows subscribing to certain log events,
|
||||||
|
for example matching by message ID, or log level returns a list of journal
|
||||||
|
cursors as they happen.
|
||||||
|
|
||||||
|
* journald: also collect CLOCK_BOOTTIME timestamps per log entry. Then, derive
|
||||||
|
"corrected" CLOCK_REALTIME information on display from that and the timestamp
|
||||||
|
info of the newest entry of the specific boot (as identified by the boot
|
||||||
|
ID). This way, if a system comes up without a valid clock but acquires a
|
||||||
|
better clock later, we can "fix" older entry timestamps on display, by
|
||||||
|
calculating backwards. We cannot use CLOCK_MONOTONIC for this, since it does
|
||||||
|
not account for suspend phases. This would then also enable us to correct the
|
||||||
|
kmsg timestamping we consume (where we erroneously assume the clock was in
|
||||||
|
CLOCK_MONOTONIC, but it actually is CLOCK_BOOTTIME as per kernel).
|
||||||
|
|
||||||
|
* in journald, write out a recognizable log record whenever the system clock is
|
||||||
|
changed ("stepped"), and in timesyncd whenever we acquire an NTP fix
|
||||||
|
("slewing"). Then, in journalctl for each boot time we come across, find
|
||||||
|
these records, and use the structured info they include to display
|
||||||
|
"corrected" wallclock time, as calculted from the monotonic timestamp in the
|
||||||
|
log record, adjusted by the delta declared in the structured log record.
|
||||||
|
|
||||||
|
* in journald: whenever we start a new journal file because the boot ID
|
||||||
|
changed, let's generate a recognizable log record containing info about old
|
||||||
|
and new ID. Then, when displaying log stream in journalctl look for these
|
||||||
|
records, to be able to order them.
|
||||||
|
|
||||||
|
* journald: generate recognizable log events whenever we shutdown journald
|
||||||
|
cleanly, and when we migrate run → var. This way tools can verify that a
|
||||||
|
previous boot terminated cleanly, because either of these two messages must
|
||||||
|
be safely written to disk, then.
|
||||||
|
|
||||||
|
* hook up journald with TPMs? measure new journal records to the TPM in regular
|
||||||
|
intervals, validate the journal against current TPM state with that. (taking
|
||||||
|
inspiration from IMA log)
|
||||||
|
|
||||||
|
* sd-journal puts a limit on parallel journal files to view at once. journald
|
||||||
|
should probably honour that same limit (JOURNAL_FILES_MAX) when vacuuming to
|
||||||
|
ensure we never generate more files than we can actually view.
|
||||||
|
|
||||||
|
* maybe add a tool that displays most recent journal logs as QR code to scan
|
||||||
|
off screen and run it automatically on boot failures, emergency logs and
|
||||||
|
such. Use DRM APIs directly, see
|
||||||
|
https://github.com/dvdhrm/docs/blob/master/drm-howto/modeset.c for an example
|
||||||
|
for doing that.
|
||||||
|
|
||||||
|
* maybe implicitly attach monotonic+realtime timestamps to outgoing messages in
|
||||||
|
log.c and sd-journal-send
|
||||||
|
|
||||||
|
* journalctl/timesyncd: whenever timesyncd acquires a synchronization from NTP,
|
||||||
|
create a structured log entry that contains boot ID, monotonic clock and
|
||||||
|
realtime clock (I mean, this requires no special work, as these three fields
|
||||||
|
are implicit). Then in journalctl when attempting to display the realtime
|
||||||
|
timestamp of a log entry, first search for the closest later log entry
|
||||||
|
of this kinda that has a matching boot id, and convert the monotonic clock
|
||||||
|
timestamp of the entry to the realtime clock using this info. This way we can
|
||||||
|
retroactively correct the wallclock timestamps, in particular for systems
|
||||||
|
without RTC, i.e. where initially wallclock timestamps carry rubbish, until
|
||||||
|
an NTP sync is acquired.
|
||||||
|
|
||||||
|
* introduce per-unit (i.e. per-slice, per-service) journal log size limits.
|
||||||
|
|
||||||
* journald: do journal file writing out-of-process, with one writer process per
|
* journald: do journal file writing out-of-process, with one writer process per
|
||||||
client UID, so that synthetic hash table collisions can slow down a specific
|
client UID, so that synthetic hash table collisions can slow down a specific
|
||||||
|
@ -2112,6 +2109,9 @@ Features:
|
||||||
being silently skipped. journalctl --update-catalog must warn about this,
|
being silently skipped. journalctl --update-catalog must warn about this,
|
||||||
and we should also have a unit test to check that all our message are OK.)
|
and we should also have a unit test to check that all our message are OK.)
|
||||||
|
|
||||||
|
* build short web pages out of each catalog entry, build them along with man
|
||||||
|
pages, and include hyperlinks to them in the journal output
|
||||||
|
|
||||||
* homed:
|
* homed:
|
||||||
- when user tries to log into record signed by unrecognized key, automatically add key to our chain after polkit auth
|
- when user tries to log into record signed by unrecognized key, automatically add key to our chain after polkit auth
|
||||||
- rollback when resize fails mid-operation
|
- rollback when resize fails mid-operation
|
||||||
|
|
Loading…
Reference in a new issue