mirror of
https://github.com/systemd/systemd
synced 2024-07-24 03:36:24 +00:00
update TODO
This commit is contained in:
parent
b1b16aa977
commit
97046f2fc0
36
TODO
36
TODO
|
@ -238,11 +238,8 @@ Features:
|
||||||
2nd key derived from volume key of the user, with which to wrap all
|
2nd key derived from volume key of the user, with which to wrap all
|
||||||
keys. maintain keys in kernel keyring if possible.
|
keys. maintain keys in kernel keyring if possible.
|
||||||
|
|
||||||
* use sd-event ratelimit feature optionally for .socket units to "pause" overly
|
* use sd-event ratelimit feature optionally for journal stream clients that log
|
||||||
busy sockets temporarily. (as a less drastic version of the trigger
|
too much
|
||||||
ratelimit)
|
|
||||||
|
|
||||||
* similar, add the same for journal stream clients that log too much
|
|
||||||
|
|
||||||
* systemd-mount should only consider modern file systems when mounting, similar
|
* systemd-mount should only consider modern file systems when mounting, similar
|
||||||
to systemd-dissect
|
to systemd-dissect
|
||||||
|
@ -346,13 +343,6 @@ Features:
|
||||||
intended for a different OS. Take inspiration from how confext/sysext are
|
intended for a different OS. Take inspiration from how confext/sysext are
|
||||||
matched against OS.
|
matched against OS.
|
||||||
|
|
||||||
* use different sbat for sd-boot and sd-stub (so that people can revoke one
|
|
||||||
without the other)
|
|
||||||
|
|
||||||
* in ukify merge sbat info from kernel (if it has any, upstream kernels so far
|
|
||||||
dont), of sd-stub and data supplied by user. Then measure sbat too in
|
|
||||||
sd-stub, explicitly.
|
|
||||||
|
|
||||||
* figure out what to do about credentials sealed to PCRs in kexec + soft-reboot
|
* figure out what to do about credentials sealed to PCRs in kexec + soft-reboot
|
||||||
scenarios. Maybe insist sealing is done additionally against some keypair in
|
scenarios. Maybe insist sealing is done additionally against some keypair in
|
||||||
the TPM to which access is updated on each boot, for the next, or so?
|
the TPM to which access is updated on each boot, for the next, or so?
|
||||||
|
@ -632,11 +622,6 @@ Features:
|
||||||
of the activated configuration and the image that is being activated (in case
|
of the activated configuration and the image that is being activated (in case
|
||||||
verity is used, hash of the root hash).
|
verity is used, hash of the root hash).
|
||||||
|
|
||||||
* whenever we measure something into a TPM PCR from userspace, write a record in
|
|
||||||
TCG's "Canonical Event Log" format to some file, so that we can reason about
|
|
||||||
how PCR values we manage came to
|
|
||||||
be. https://trustedcomputinggroup.org/resource/canonical-event-log-format/
|
|
||||||
|
|
||||||
* bootspec: permit graceful "update" from type #2 to type #1. If both a type #1
|
* bootspec: permit graceful "update" from type #2 to type #1. If both a type #1
|
||||||
and a type #2 entry exist under otherwise the exact same name, then use the
|
and a type #2 entry exist under otherwise the exact same name, then use the
|
||||||
type #1 entry, and ignore the type #2 entry. This way, people can "upgrade"
|
type #1 entry, and ignore the type #2 entry. This way, people can "upgrade"
|
||||||
|
@ -682,9 +667,6 @@ Features:
|
||||||
line. Benefit: works also on non-EFI systems, and can be requested on one
|
line. Benefit: works also on non-EFI systems, and can be requested on one
|
||||||
boot, for the next.
|
boot, for the next.
|
||||||
|
|
||||||
* figure out a sane way when building UKIs how to extract SBAT data from inner
|
|
||||||
kernel, extend it with component info, and add to outer kernel.
|
|
||||||
|
|
||||||
* systemd-sysupdate: make transport pluggable, so people can plug casync or
|
* systemd-sysupdate: make transport pluggable, so people can plug casync or
|
||||||
similar behind it, instead of http.
|
similar behind it, instead of http.
|
||||||
|
|
||||||
|
@ -1091,8 +1073,6 @@ Features:
|
||||||
images as OS payloads. i.e. have a generic OS image you can point to any
|
images as OS payloads. i.e. have a generic OS image you can point to any
|
||||||
payload you like, which is then downloaded, securely verified and run.
|
payload you like, which is then downloaded, securely verified and run.
|
||||||
|
|
||||||
* improve scope units to support creation by pidfd instead of by PID
|
|
||||||
|
|
||||||
* deprecate cgroupsv1 further (print log message at boot)
|
* deprecate cgroupsv1 further (print log message at boot)
|
||||||
|
|
||||||
* systemd-dissect: add --cat switch for dumping files such as /etc/os-release
|
* systemd-dissect: add --cat switch for dumping files such as /etc/os-release
|
||||||
|
@ -1532,9 +1512,6 @@ Features:
|
||||||
|
|
||||||
* maybe extend .path units to expose fanotify() per-mount change events
|
* maybe extend .path units to expose fanotify() per-mount change events
|
||||||
|
|
||||||
* When reloading configuration PID 1 should reset all its properties to the
|
|
||||||
original defaults before calling parse_config()
|
|
||||||
|
|
||||||
* hibernate/s2h: if swap is on weird storage and refuse if so
|
* hibernate/s2h: if swap is on weird storage and refuse if so
|
||||||
|
|
||||||
* cgroups: use inotify to get notified when somebody else modifies cgroups
|
* cgroups: use inotify to get notified when somebody else modifies cgroups
|
||||||
|
@ -1647,9 +1624,6 @@ Features:
|
||||||
* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
|
* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
|
||||||
disks to see if the UID is already in use.
|
disks to see if the UID is already in use.
|
||||||
|
|
||||||
* expose IO accounting data on the bus, show it in systemd-run --wait and log
|
|
||||||
about it in the resource log message
|
|
||||||
|
|
||||||
* Add AddUser= setting to unit files, similar to DynamicUser=1 which however
|
* Add AddUser= setting to unit files, similar to DynamicUser=1 which however
|
||||||
creates a static, persistent user rather than a dynamic, transient user. We
|
creates a static, persistent user rather than a dynamic, transient user. We
|
||||||
can leverage code from sysusers.d for this.
|
can leverage code from sysusers.d for this.
|
||||||
|
@ -1831,7 +1805,7 @@ Features:
|
||||||
- when reloading configuration, apply new cgroup configuration
|
- when reloading configuration, apply new cgroup configuration
|
||||||
- when recursively showing the cgroup hierarchy, optionally also show
|
- when recursively showing the cgroup hierarchy, optionally also show
|
||||||
the hierarchies of child processes
|
the hierarchies of child processes
|
||||||
- add settings for cgroup.max.descendants and cgroup.max.depth,
|
- add settings for cgroup.max.descendants and cgroup.max.depth,
|
||||||
maybe use them for user@.service
|
maybe use them for user@.service
|
||||||
|
|
||||||
* transient units:
|
* transient units:
|
||||||
|
@ -1845,8 +1819,6 @@ Features:
|
||||||
|
|
||||||
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
|
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
|
||||||
|
|
||||||
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs
|
|
||||||
|
|
||||||
* If we try to find a unit via a dangling symlink, generate a clean
|
* If we try to find a unit via a dangling symlink, generate a clean
|
||||||
error. Currently, we just ignore it and read the unit from the search
|
error. Currently, we just ignore it and read the unit from the search
|
||||||
path anyway.
|
path anyway.
|
||||||
|
@ -2298,8 +2270,6 @@ Features:
|
||||||
if the output file exists, so a repeated invocation will usually fail if
|
if the output file exists, so a repeated invocation will usually fail if
|
||||||
something goes wrong on the way.
|
something goes wrong on the way.
|
||||||
|
|
||||||
* systemd-repart: drop pager mode on normal operation?
|
|
||||||
|
|
||||||
* systemd-repart: by default generate minimized partition tables (i.e. tables
|
* systemd-repart: by default generate minimized partition tables (i.e. tables
|
||||||
that only cover the space actually used, excluding any free space at the
|
that only cover the space actually used, excluding any free space at the
|
||||||
end), in order to maximize dd'ability. Requires libfdisk work, see
|
end), in order to maximize dd'ability. Requires libfdisk work, see
|
||||||
|
|
Loading…
Reference in a new issue