system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-08 20:15:55 +00:00
Code Issues Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Lennart Poettering 2023-09-22 22:47:45 +02:00
parent 8525de1365
commit 3d1831b94b
1 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
TODO
View File

@ -148,6 +148,24 @@ Features:
hostname pattern and has a ProxyCommand set that allows connecting to any
local VM/container that way without any networking configured.
* Varlinkification of the following command line tools, to open them up to
other programs via IPC:
- bootctl
- journalctl (allowing journal read access via IPC)
- coredumpcl
- systemd-bless-boot
- systemd-measure
- systemd-creds (allowing clients to encrypt credentials locally)
- systemd-cryptenroll (to allow UIs to enroll FIDO2 keys and such)
- systemd-dissect
- systemd-sysext
- systemd-sysupdate
- systemd-analyze
- kernel-install
* Varlink: add glue code to allow varlink clients to be authenticated via
Polkit by passing client pidfd over.
* in the service manager, pick up ERRNO= + BUSERROR= + VARLINKERROR= error
identifiers, and store them along with the exit status of a server and report
via "systemctl status".
@ -159,32 +177,15 @@ Features:
* automatically mount one virtiofs during early boot phase to /run/host/,
similar to how we do that for nspawn, based on some clear tag.
* make systemd-pcrextend accessible via varlink so that clients can measure
things reasonably freely, and get a proper entry in the TPM event log we
maintain, correctly synchronized
* add some service that makes an atomic snapshot of PCR state and event log up
to that point available, possibly even with quote by the TPM.
* encode type1 entries in some UKI section to add additional entries to the
menu.
* extend the various CLI tools we have that output JSON already to also read
their command to execute from JSON in varlink format, so that you can fork
them off and talk to them fully via varlink.
* add a "varlinkctl" tool that allows interacting with varlink services from
the shell. In particular add a "--exec=" switch, which allows specifying a
binary to invoke to which to talk via stdin/stdout
* make tools that speak varlink over stdin/stdout trivially sockect
activatable. i.e. once bootctl, kernel-install, systemd-measure and similar
speak varlink make them available via a .socket unit with Accept=yes, so that
they can be talked to via IPC out-of-process
* beef up .service units that are socket activated with Accept=yes with options
AllowPeerUser= + AllowPeerGroup= to allow trivially simple access control
when invoked via socket as IPC services
* Add ACL-based access management to .socket units. i.e. add AllowPeerUser= +
AllowPeerGroup= that installs additional user/group ACL entries on AF_UNIX
sockets.
* systemd-tpm2-setup should probably have a factory reset logic, i.e. when some
kernel command line option is set we reset the TPM (equivalent of tpm2_clear
@ -929,8 +930,6 @@ Features:
2. systemd-gpt-auto-generator should auto-mount /var if it finds it on disk
3. mount.x-initrd mount option in fstab should be implied for /var
* implement varlink introspection
* make persistent restarts easier by adding a new setting OpenPersistentFile=
or so, which allows opening one or more files that is "persistent" across
service restarts, hot reboot, cold reboots (depending on configuration): the