system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-08 20:15:55 +00:00
Code Issues Projects Releases Wiki Activity

TODO: consolidate nspawn items

Browse Source 
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
This commit is contained in:
Christian Brauner 2022-11-30 16:01:07 +01:00 committed by Luca Boccassi
parent 28db63445c
commit 71b77f0689
1 changed files with 28 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
TODO
View File

@ -409,12 +409,6 @@ Features:
ID from it securely. This would then allow us to bind secrets a specific
system securely.
* nspawn: maybe allow TPM passthrough, backed by swtpm, and measure --image=
hash into its PCR 11, so that nspawn instances can be TPM enabled, and
partake in measurements/remote attestation and such. swtpm would run outside
of control of container, and ideally would itself bind its encryption keys to
host TPM.
* tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
of manually hooking into SIGINT/SIGTERM
@ -827,11 +821,6 @@ Features:
multiple versions are around of the same resource, show which ones. (in other
words: show partition labels).
* systemd-nspawn: make boot assessment do something sensible in a
container. i.e send an sd_notify() from payload to container manager once
boot-up is completed successfully, and use that in nspawn for dealing with
boot counting, implemented in the partition table labels and directory names.
* maybe add a generator that reads /proc/cmdline, looks for
systemd.pull-raw-portable=, systemd-pull-raw-sysext= and similar switches
that take an URL as parameter. It then generates service units for
@ -897,9 +886,6 @@ Features:
* cryptsetup/homed: implement TOTP authentication backed by TPM2 and its
internal clock.
* nspawn: optionally set up nftables/iptables routes that forward UDP/TCP
traffic on port 53 to resolved stub 127.0.0.54
* man: rework os-release(5), and clearly separate our extension-release.d/ and
initrd-release parts, i.e. list explicitly which fields are about what.
@ -1003,10 +989,6 @@ Features:
for /home/, and similar. Similar add --image-dissect-policy= to tools that
take --image= that take the same short string.
* nspawn: maybe optionally insert .nspawn file as GPT partition into images, so
that such container images are entirely stand-alone and can be updated as
one.
* we probably should extend the root verity hash of the root fs into some PCR
on boot. (i.e. maybe add a veritytab option tpm2-measure=12 or so to measure
it into PCR 12); Similar: we probably should extend the LUKS volume key of
@ -2220,13 +2202,34 @@ Features:
PID 1...
- optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down.
* nspawn: add support for sysext extensions, too. i.e. a new --extension=
switch that takes one or more arguments, and applies the extensions already
during startup.
* when main nspawn supervisor process gets suspended due to SIGSTOP/SIGTTOU or
so, freeze the payload too.
- add support for sysext extensions, too. i.e. a new --extension= switch that
takes one or more arguments, and applies the extensions already during
startup.
- when main nspawn supervisor process gets suspended due to SIGSTOP/SIGTTOU
or so, freeze the payload too.
- support time namespaces
- on cgroupsv1 issue cgroup empty handler process based on host events, so
that we make cgroup agent logic safe
- add API to invoke binary in container, then use that as fallback in
"machinectl shell"
- make nspawn suitable for shell pipelines: instead of triggering a hangup
when input is finished, send ^D, which synthesizes an EOF. Then wait for
hangup or ^D before passing on the EOF.
- greater control over selinux label?
- support that /proc, /sys/, /dev are pre-mounted
- maybe allow TPM passthrough, backed by swtpm, and measure --image= hash
into its PCR 11, so that nspawn instances can be TPM enabled, and partake
in measurements/remote attestation and such. swtpm would run outside of
control of container, and ideally would itself bind its encryption keys to
host TPM.
- make boot assessment do something sensible in a container. i.e send an
sd_notify() from payload to container manager once boot-up is completed
successfully, and use that in nspawn for dealing with boot counting,
implemented in the partition table labels and directory names.
- optionally set up nftables/iptables routes that forward UDP/TCP traffic on
port 53 to resolved stub 127.0.0.54
- maybe optionally insert .nspawn file as GPT partition into images, so that
such container images are entirely stand-alone and can be updated as one.
* machined: add API to acquire UID range. add API to mount/dissect loopback
file. Both protected by PK. Then make nspawn use these APIs to run
@ -2234,22 +2237,6 @@ Features:
so that the client side can remain entirely unprivileged, with SUID or
anything like that.
* nspawn: support time namespaces
* nspawn: on cgroupsv1 issue cgroup empty handler process based on host events,
so that we make cgroup agent logic safe
* nspawn/machined: add API to invoke binary in container, then use that as
fallback in "machinectl shell"
* nspawn: make nspawn suitable for shell pipelines: instead of triggering a
hangup when input is finished, send ^D, which synthesizes an EOF. Then wait
for hangup or ^D before passing on the EOF.
* nspawn: greater control over selinux label?
* nspawn: support that /proc, /sys/, /dev are pre-mounted
* machined:
- add an API so that libvirt-lxc can inform us about network interfaces being
removed or added to an existing machine