system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

update TODO

Browse source
This commit is contained in:
Lennart Poettering 2021-11-26 14:49:19 +01:00
parent 195d181ca4
commit f08e143c01
1 changed files with 9 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
TODO
View file

@ -81,18 +81,19 @@ Janitorial Clean-ups:
Features: Features:
* systemd-dissect: show GPT disk UUID in output
* Enable RestricFileSystems= for all our long-running services (similar:
RestrictNetworkInterfaces=)
* Add systemd-analyze security checks for RestrictFileSystems= and
RestrictNetworkInterfaces=
* cryptsetup/homed: implement TOTP authentication backed by TPM2 and its * cryptsetup/homed: implement TOTP authentication backed by TPM2 and its
internal clock. internal clock.
* resolved: listen on 127.0.0.54 in addition to 127.0.0.53 and operate in proxy
mode there unconditionally.
* nspawn: optionally set up nftables/iptables routes that forward UDP/TCP * nspawn: optionally set up nftables/iptables routes that forward UDP/TCP
traffic on port 53 to resolved stub. traffic on port 53 to resolved stub 127.0.0.54
* extend src/basic/filesystems.[ch] so that it can be used to translate any fs
magic into a string. Then use that to replace fstype_magic_to_name() in homed
sources, and similar code.
* man: rework os-release(5), and clearly separate our extension-release.d/ and * man: rework os-release(5), and clearly separate our extension-release.d/ and
initrd-release parts, i.e. list explicitly which fields are about what. initrd-release parts, i.e. list explicitly which fields are about what.
@ -329,9 +330,6 @@ Features:
* cryptsetup: optionally, when run during boot-up and password is never * cryptsetup: optionally, when run during boot-up and password is never
entered, and we are on battery power (or so), power off machine again entered, and we are on battery power (or so), power off machine again
* cryptsetup: when FIDO2/PKCS#11/TPM2 token/chip didn't show up after some
time, abort the attempt, fallback to asking for pw
* cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and * cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
allow plymouth to abort the waiting and enter pw instead allow plymouth to abort the waiting and enter pw instead
@ -388,8 +386,6 @@ Features:
* pid1: support new clone3() fork-into-cgroup feature * pid1: support new clone3() fork-into-cgroup feature
* pid1: support new cgroup.kill to terminate all processes in a cgroup
* pid1: also remove PID files of a service when the service starts, not just * pid1: also remove PID files of a service when the service starts, not just
when it exits when it exits
@ -431,9 +427,6 @@ Features:
for "hibernate" partitions, that are exactly like swap partitions but only for "hibernate" partitions, that are exactly like swap partitions but only
activated right before hibernation and thus never used for regular swapping. activated right before hibernation and thus never used for regular swapping.
* by default, in systemd --user service bump the OOMAdjust to 100, as privs
allow so that systemd survives
* socket units: allow creating a udev monitor socket with ListenDevices= or so, * socket units: allow creating a udev monitor socket with ListenDevices= or so,
with matches, then activate app through that passing socket over with matches, then activate app through that passing socket over
@ -1459,9 +1452,6 @@ Features:
- optionally automatically add FORWARD rules to iptables whenever nspawn is - optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down. running, remove them when shut down.
* nspawn: make --bind= work sanely with --private-users when uid mapping mounts
are used.
* nspawn: add support for sysext extensions, too. i.e. a new --extension= * nspawn: add support for sysext extensions, too. i.e. a new --extension=
switch that takes one or more arguments, and applies the extensions already switch that takes one or more arguments, and applies the extensions already
during startup. during startup.