From 97046f2fc0c5bb3d89dd1cd36658dae282e0dcf3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 11 Oct 2023 23:28:55 +0200 Subject: [PATCH] update TODO --- TODO | 38 ++++---------------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/TODO b/TODO index 1cce71d2cd..cf5012d954 100644 --- a/TODO +++ b/TODO @@ -238,11 +238,8 @@ Features: 2nd key derived from volume key of the user, with which to wrap all keys. maintain keys in kernel keyring if possible. -* use sd-event ratelimit feature optionally for .socket units to "pause" overly - busy sockets temporarily. (as a less drastic version of the trigger - ratelimit) - -* similar, add the same for journal stream clients that log too much +* use sd-event ratelimit feature optionally for journal stream clients that log + too much * systemd-mount should only consider modern file systems when mounting, similar to systemd-dissect @@ -346,13 +343,6 @@ Features: intended for a different OS. Take inspiration from how confext/sysext are matched against OS. -* use different sbat for sd-boot and sd-stub (so that people can revoke one - without the other) - -* in ukify merge sbat info from kernel (if it has any, upstream kernels so far - dont), of sd-stub and data supplied by user. Then measure sbat too in - sd-stub, explicitly. - * figure out what to do about credentials sealed to PCRs in kexec + soft-reboot scenarios. Maybe insist sealing is done additionally against some keypair in the TPM to which access is updated on each boot, for the next, or so? @@ -632,11 +622,6 @@ Features: of the activated configuration and the image that is being activated (in case verity is used, hash of the root hash). -* whenever we measure something into a TPM PCR from userspace, write a record in - TCG's "Canonical Event Log" format to some file, so that we can reason about - how PCR values we manage came to - be. https://trustedcomputinggroup.org/resource/canonical-event-log-format/ - * bootspec: permit graceful "update" from type #2 to type #1. If both a type #1 and a type #2 entry exist under otherwise the exact same name, then use the type #1 entry, and ignore the type #2 entry. This way, people can "upgrade" @@ -682,9 +667,6 @@ Features: line. Benefit: works also on non-EFI systems, and can be requested on one boot, for the next. -* figure out a sane way when building UKIs how to extract SBAT data from inner - kernel, extend it with component info, and add to outer kernel. - * systemd-sysupdate: make transport pluggable, so people can plug casync or similar behind it, instead of http. @@ -1091,8 +1073,6 @@ Features: images as OS payloads. i.e. have a generic OS image you can point to any payload you like, which is then downloaded, securely verified and run. -* improve scope units to support creation by pidfd instead of by PID - * deprecate cgroupsv1 further (print log message at boot) * systemd-dissect: add --cat switch for dumping files such as /etc/os-release @@ -1532,9 +1512,6 @@ Features: * maybe extend .path units to expose fanotify() per-mount change events -* When reloading configuration PID 1 should reset all its properties to the - original defaults before calling parse_config() - * hibernate/s2h: if swap is on weird storage and refuse if so * cgroups: use inotify to get notified when somebody else modifies cgroups @@ -1647,9 +1624,6 @@ Features: * In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant disks to see if the UID is already in use. -* expose IO accounting data on the bus, show it in systemd-run --wait and log - about it in the resource log message - * Add AddUser= setting to unit files, similar to DynamicUser=1 which however creates a static, persistent user rather than a dynamic, transient user. We can leverage code from sysusers.d for this. @@ -1831,8 +1805,8 @@ Features: - when reloading configuration, apply new cgroup configuration - when recursively showing the cgroup hierarchy, optionally also show the hierarchies of child processes -- add settings for cgroup.max.descendants and cgroup.max.depth, - maybe use them for user@.service + - add settings for cgroup.max.descendants and cgroup.max.depth, + maybe use them for user@.service * transient units: - add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt @@ -1845,8 +1819,6 @@ Features: * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it -* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs - * If we try to find a unit via a dangling symlink, generate a clean error. Currently, we just ignore it and read the unit from the search path anyway. @@ -2298,8 +2270,6 @@ Features: if the output file exists, so a repeated invocation will usually fail if something goes wrong on the way. -* systemd-repart: drop pager mode on normal operation? - * systemd-repart: by default generate minimized partition tables (i.e. tables that only cover the space actually used, excluding any free space at the end), in order to maximize dd'ability. Requires libfdisk work, see