mirror of
https://github.com/systemd/systemd
synced 2024-07-21 18:24:38 +00:00
update TODO
This commit is contained in:
parent
093d545658
commit
5596fd8ff7
9
TODO
9
TODO
|
@ -153,6 +153,10 @@ Features:
|
||||||
dont), of sd-stub and data supplied by user. Then measure sbat too in
|
dont), of sd-stub and data supplied by user. Then measure sbat too in
|
||||||
sd-stub, explicitly.
|
sd-stub, explicitly.
|
||||||
|
|
||||||
|
* figure out what to do about credentials sealed to PCRs in kexec + soft-reboot
|
||||||
|
scenarios. Maybe insist sealing is done additionally against some keypair in
|
||||||
|
the TPM to which access is updated on each boot, for the next, or so?
|
||||||
|
|
||||||
* open up creds for uses in generators, and document clearly that encrypted
|
* open up creds for uses in generators, and document clearly that encrypted
|
||||||
creds are only supported if strictly tpm bound, but not when using the host
|
creds are only supported if strictly tpm bound, but not when using the host
|
||||||
secret (as that is only avilable if /var/ is around.
|
secret (as that is only avilable if /var/ is around.
|
||||||
|
@ -162,6 +166,11 @@ Features:
|
||||||
idea, and specifically works around the fact the autofs ignores busy by mount
|
idea, and specifically works around the fact the autofs ignores busy by mount
|
||||||
namespaces)
|
namespaces)
|
||||||
|
|
||||||
|
* refuse using the switch-root operation without /etc/initrd-release. Now
|
||||||
|
that we have a concept of userspace reboot, we can clearly say: switch-root
|
||||||
|
is for transitioning from initrd to host (or initrd to next initrd), while
|
||||||
|
userspace reboot is for switching host to next version of the host.
|
||||||
|
|
||||||
* mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
|
* mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
|
||||||
uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.
|
uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue