mirror of
https://github.com/systemd/systemd
synced 2024-10-04 15:21:01 +00:00
update TODO
This commit is contained in:
Lennart Poettering
parent
7eeedcfcb1
commit
027301b434
45
TODO
45
TODO
|
|
@ -79,6 +79,51 @@ Janitorial Clean-ups:
|
|||
|
||||
Features:
|
||||
|
||||
* homed/userdb: maybe define a "companion" dir for home directories where apps
|
||||
can safely put privileged stuff in. Would not be writable by the user, but
|
||||
still conceptually belong to the user. Would be included in user's quota if
|
||||
possible, even if files are not owned by UID of user. Usecase: container
|
||||
images that owned by arbitrary UIDs, and are owned/managed by the users, but
|
||||
are not directly belonging to the user's UID. Goal: we shouldn't place more
|
||||
privileged dirs inside of unprivileged dirs, and thus containers really
|
||||
should not be placed inside of traditional UNIX home dirs (which are owned by
|
||||
users themselves) but somewher else, that is separate, but still close
|
||||
by. Inform user code about path to this companion dir via env var, so that
|
||||
container managers find it. the ~/.identity file is also a candidate for a
|
||||
file to move there, since it is managed by privileged code (i.e. homed) and
|
||||
not unprivileged code.
|
||||
|
||||
* given that /etc/ssh/ssh_config.d/ is a thing now, ship a drop-in for that
|
||||
that hooks up userbdctl ssh-key stuff.
|
||||
|
||||
* allow embedding a signature blob for PCR hashes into separate section in
|
||||
unified kernel binaries. This section should be picked up by sd-stub, and
|
||||
passed in a file to the booted kernel (via initrd cpio, as usual). Usecase:
|
||||
this way we can implement disk encryption policies that bind to specific
|
||||
kernel PCR state, without breaking things on every kernel update. As long as
|
||||
the kernel includes the PCR signature blob we should be good, as disk
|
||||
encryption can then pass the signature to the TPM to unlock their secrets.
|
||||
Why do this via a separate PE section? That's because the PCR state depends
|
||||
on the measured kernel/initrd of course, thus we cannot put the signature
|
||||
into the kernel/initrd itself, because that would require a time machine.
|
||||
Hence we have to find a separate place. A simple solution is a PE section
|
||||
of its own, because then it is next to the kernel and initrd which after all
|
||||
are stored in PE sections of their own too. Building a unified kernel would
|
||||
thus mean, calculating PCR values for the raw kernel image, and raw initrd
|
||||
image, then signing those PCR values with a vendor key, and then combining
|
||||
sd-stub, raw kernel image, raw initrd, and PCR signature into a unified
|
||||
kernel image.
|
||||
|
||||
* a new tool "systemd-trust" or so, that can calculate PCR hashes offline, and
|
||||
optionally sign them. for that we should extend our syntax for specifying pcr
|
||||
policies (e.g. the string like "4+7+9") so that it can also include explicit
|
||||
hash values, i.e.
|
||||
4=sha256:0ef149998289474e4bb31813edda6ad7f3c991b2d8dec6e8fe4db7a1f039f2d1+7=sha256:87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7+9=sha256:0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
|
||||
and file names to calculate hashes from, i.e.
|
||||
4=file:/boot/vmlinuz+7=file:/boot/initrd/+9=file:/etc/fstab"
|
||||
The systemd-trust tool should then be able to resolve any "underspecifed"
|
||||
form into the form with explicit hash values.
|
||||
|
||||
* maybe add support for binding and connecting AF_UNIX sockets in the file
|
||||
system outside of the 108ch limit. When connecting, open O_PATH fd to socket
|
||||
inode first, then connect to /proc/self/fd/XYZ. When binding, create symlink
|
||||
|
|
|
|||
Loading…
Reference in a new issue