mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
update
This commit is contained in:
parent
54522e941d
commit
3efb871a3c
12
TODO
12
TODO
|
@ -33,8 +33,6 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
* resolved: maybe add a switch to disable any local caching
|
|
||||||
|
|
||||||
* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
|
* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
|
||||||
|
|
||||||
* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
|
* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
|
||||||
|
@ -47,8 +45,6 @@ Features:
|
||||||
|
|
||||||
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
|
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
|
||||||
|
|
||||||
* RestrictRealtime= which takes aware ability to create realtime processes
|
|
||||||
|
|
||||||
* nspawn: make /proc/sys/net writable?
|
* nspawn: make /proc/sys/net writable?
|
||||||
|
|
||||||
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
|
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
|
||||||
|
@ -66,8 +62,6 @@ Features:
|
||||||
* transient units: don't bother with actually setting unit properties, we
|
* transient units: don't bother with actually setting unit properties, we
|
||||||
reload the unit file anyway
|
reload the unit file anyway
|
||||||
|
|
||||||
* make sure resolved can be restarted without losing pushed-in dns config
|
|
||||||
|
|
||||||
* journald: sigbus API via a signal-handler safe function that people may call
|
* journald: sigbus API via a signal-handler safe function that people may call
|
||||||
from the SIGBUS handler
|
from the SIGBUS handler
|
||||||
|
|
||||||
|
@ -79,9 +73,6 @@ Features:
|
||||||
|
|
||||||
* resolved: when routing queries, make sure only look for the *longest* suffix...
|
* resolved: when routing queries, make sure only look for the *longest* suffix...
|
||||||
|
|
||||||
* resolved: maybe, after all, implement local listening for DNS packets on port
|
|
||||||
127.0.0.53:53.
|
|
||||||
|
|
||||||
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
|
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
|
||||||
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
|
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
|
||||||
|
|
||||||
|
@ -115,8 +106,6 @@ Features:
|
||||||
|
|
||||||
* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
|
* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
|
||||||
|
|
||||||
* install: include generator dirs in unit file search paths
|
|
||||||
|
|
||||||
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
|
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
|
||||||
|
|
||||||
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
|
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
|
||||||
|
@ -226,6 +215,7 @@ Features:
|
||||||
names, so that for the container case we can establish the same name
|
names, so that for the container case we can establish the same name
|
||||||
(maybe "host") for referencing the server, everywhere.
|
(maybe "host") for referencing the server, everywhere.
|
||||||
- allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
|
- allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
|
||||||
|
- hook up resolved with machined-based address resolution
|
||||||
|
|
||||||
* refcounting in sd-resolve is borked
|
* refcounting in sd-resolve is borked
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue