system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-09 04:26:06 +00:00
Code Issues Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Lennart Poettering 2023-10-11 23:28:55 +02:00
parent b1b16aa977
commit 97046f2fc0
1 changed files with 4 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
TODO
View File

@ -238,11 +238,8 @@ Features:
2nd key derived from volume key of the user, with which to wrap all 2nd key derived from volume key of the user, with which to wrap all
keys. maintain keys in kernel keyring if possible. keys. maintain keys in kernel keyring if possible.
* use sd-event ratelimit feature optionally for .socket units to "pause" overly * use sd-event ratelimit feature optionally for journal stream clients that log
busy sockets temporarily. (as a less drastic version of the trigger too much
ratelimit)
* similar, add the same for journal stream clients that log too much
* systemd-mount should only consider modern file systems when mounting, similar * systemd-mount should only consider modern file systems when mounting, similar
to systemd-dissect to systemd-dissect
@ -346,13 +343,6 @@ Features:
intended for a different OS. Take inspiration from how confext/sysext are intended for a different OS. Take inspiration from how confext/sysext are
matched against OS. matched against OS.
* use different sbat for sd-boot and sd-stub (so that people can revoke one
without the other)
* in ukify merge sbat info from kernel (if it has any, upstream kernels so far
dont), of sd-stub and data supplied by user. Then measure sbat too in
sd-stub, explicitly.
* figure out what to do about credentials sealed to PCRs in kexec + soft-reboot * figure out what to do about credentials sealed to PCRs in kexec + soft-reboot
scenarios. Maybe insist sealing is done additionally against some keypair in scenarios. Maybe insist sealing is done additionally against some keypair in
the TPM to which access is updated on each boot, for the next, or so? the TPM to which access is updated on each boot, for the next, or so?
@ -632,11 +622,6 @@ Features:
of the activated configuration and the image that is being activated (in case of the activated configuration and the image that is being activated (in case
verity is used, hash of the root hash). verity is used, hash of the root hash).
* whenever we measure something into a TPM PCR from userspace, write a record in
TCG's "Canonical Event Log" format to some file, so that we can reason about
how PCR values we manage came to
be. https://trustedcomputinggroup.org/resource/canonical-event-log-format/
* bootspec: permit graceful "update" from type #2 to type #1. If both a type #1 * bootspec: permit graceful "update" from type #2 to type #1. If both a type #1
and a type #2 entry exist under otherwise the exact same name, then use the and a type #2 entry exist under otherwise the exact same name, then use the
type #1 entry, and ignore the type #2 entry. This way, people can "upgrade" type #1 entry, and ignore the type #2 entry. This way, people can "upgrade"
@ -682,9 +667,6 @@ Features:
line. Benefit: works also on non-EFI systems, and can be requested on one line. Benefit: works also on non-EFI systems, and can be requested on one
boot, for the next. boot, for the next.
* figure out a sane way when building UKIs how to extract SBAT data from inner
kernel, extend it with component info, and add to outer kernel.
* systemd-sysupdate: make transport pluggable, so people can plug casync or * systemd-sysupdate: make transport pluggable, so people can plug casync or
similar behind it, instead of http. similar behind it, instead of http.
@ -1091,8 +1073,6 @@ Features:
images as OS payloads. i.e. have a generic OS image you can point to any images as OS payloads. i.e. have a generic OS image you can point to any
payload you like, which is then downloaded, securely verified and run. payload you like, which is then downloaded, securely verified and run.
* improve scope units to support creation by pidfd instead of by PID
* deprecate cgroupsv1 further (print log message at boot) * deprecate cgroupsv1 further (print log message at boot)
* systemd-dissect: add --cat switch for dumping files such as /etc/os-release * systemd-dissect: add --cat switch for dumping files such as /etc/os-release
@ -1532,9 +1512,6 @@ Features:
* maybe extend .path units to expose fanotify() per-mount change events * maybe extend .path units to expose fanotify() per-mount change events
* When reloading configuration PID 1 should reset all its properties to the
original defaults before calling parse_config()
* hibernate/s2h: if swap is on weird storage and refuse if so * hibernate/s2h: if swap is on weird storage and refuse if so
* cgroups: use inotify to get notified when somebody else modifies cgroups * cgroups: use inotify to get notified when somebody else modifies cgroups
@ -1647,9 +1624,6 @@ Features:
* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant * In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
disks to see if the UID is already in use. disks to see if the UID is already in use.
* expose IO accounting data on the bus, show it in systemd-run --wait and log
about it in the resource log message
* Add AddUser= setting to unit files, similar to DynamicUser=1 which however * Add AddUser= setting to unit files, similar to DynamicUser=1 which however
creates a static, persistent user rather than a dynamic, transient user. We creates a static, persistent user rather than a dynamic, transient user. We
can leverage code from sysusers.d for this. can leverage code from sysusers.d for this.
@ -1831,8 +1805,8 @@ Features:
- when reloading configuration, apply new cgroup configuration - when reloading configuration, apply new cgroup configuration
- when recursively showing the cgroup hierarchy, optionally also show - when recursively showing the cgroup hierarchy, optionally also show
the hierarchies of child processes the hierarchies of child processes
- add settings for cgroup.max.descendants and cgroup.max.depth, - add settings for cgroup.max.descendants and cgroup.max.depth,
maybe use them for user@.service maybe use them for user@.service
* transient units: * transient units:
- add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt - add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt
@ -1845,8 +1819,6 @@ Features:
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs
* If we try to find a unit via a dangling symlink, generate a clean * If we try to find a unit via a dangling symlink, generate a clean
error. Currently, we just ignore it and read the unit from the search error. Currently, we just ignore it and read the unit from the search
path anyway. path anyway.
@ -2298,8 +2270,6 @@ Features:
if the output file exists, so a repeated invocation will usually fail if if the output file exists, so a repeated invocation will usually fail if
something goes wrong on the way. something goes wrong on the way.
* systemd-repart: drop pager mode on normal operation?
* systemd-repart: by default generate minimized partition tables (i.e. tables * systemd-repart: by default generate minimized partition tables (i.e. tables
that only cover the space actually used, excluding any free space at the that only cover the space actually used, excluding any free space at the
end), in order to maximize dd'ability. Requires libfdisk work, see end), in order to maximize dd'ability. Requires libfdisk work, see