mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
update TODO
This commit is contained in:
parent
195d181ca4
commit
f08e143c01
28
TODO
28
TODO
|
@ -81,18 +81,19 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* systemd-dissect: show GPT disk UUID in output
|
||||||
|
|
||||||
|
* Enable RestricFileSystems= for all our long-running services (similar:
|
||||||
|
RestrictNetworkInterfaces=)
|
||||||
|
|
||||||
|
* Add systemd-analyze security checks for RestrictFileSystems= and
|
||||||
|
RestrictNetworkInterfaces=
|
||||||
|
|
||||||
* cryptsetup/homed: implement TOTP authentication backed by TPM2 and its
|
* cryptsetup/homed: implement TOTP authentication backed by TPM2 and its
|
||||||
internal clock.
|
internal clock.
|
||||||
|
|
||||||
* resolved: listen on 127.0.0.54 in addition to 127.0.0.53 and operate in proxy
|
|
||||||
mode there unconditionally.
|
|
||||||
|
|
||||||
* nspawn: optionally set up nftables/iptables routes that forward UDP/TCP
|
* nspawn: optionally set up nftables/iptables routes that forward UDP/TCP
|
||||||
traffic on port 53 to resolved stub.
|
traffic on port 53 to resolved stub 127.0.0.54
|
||||||
|
|
||||||
* extend src/basic/filesystems.[ch] so that it can be used to translate any fs
|
|
||||||
magic into a string. Then use that to replace fstype_magic_to_name() in homed
|
|
||||||
sources, and similar code.
|
|
||||||
|
|
||||||
* man: rework os-release(5), and clearly separate our extension-release.d/ and
|
* man: rework os-release(5), and clearly separate our extension-release.d/ and
|
||||||
initrd-release parts, i.e. list explicitly which fields are about what.
|
initrd-release parts, i.e. list explicitly which fields are about what.
|
||||||
|
@ -329,9 +330,6 @@ Features:
|
||||||
* cryptsetup: optionally, when run during boot-up and password is never
|
* cryptsetup: optionally, when run during boot-up and password is never
|
||||||
entered, and we are on battery power (or so), power off machine again
|
entered, and we are on battery power (or so), power off machine again
|
||||||
|
|
||||||
* cryptsetup: when FIDO2/PKCS#11/TPM2 token/chip didn't show up after some
|
|
||||||
time, abort the attempt, fallback to asking for pw
|
|
||||||
|
|
||||||
* cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
|
* cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
|
||||||
allow plymouth to abort the waiting and enter pw instead
|
allow plymouth to abort the waiting and enter pw instead
|
||||||
|
|
||||||
|
@ -388,8 +386,6 @@ Features:
|
||||||
|
|
||||||
* pid1: support new clone3() fork-into-cgroup feature
|
* pid1: support new clone3() fork-into-cgroup feature
|
||||||
|
|
||||||
* pid1: support new cgroup.kill to terminate all processes in a cgroup
|
|
||||||
|
|
||||||
* pid1: also remove PID files of a service when the service starts, not just
|
* pid1: also remove PID files of a service when the service starts, not just
|
||||||
when it exits
|
when it exits
|
||||||
|
|
||||||
|
@ -431,9 +427,6 @@ Features:
|
||||||
for "hibernate" partitions, that are exactly like swap partitions but only
|
for "hibernate" partitions, that are exactly like swap partitions but only
|
||||||
activated right before hibernation and thus never used for regular swapping.
|
activated right before hibernation and thus never used for regular swapping.
|
||||||
|
|
||||||
* by default, in systemd --user service bump the OOMAdjust to 100, as privs
|
|
||||||
allow so that systemd survives
|
|
||||||
|
|
||||||
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
|
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
|
||||||
with matches, then activate app through that passing socket over
|
with matches, then activate app through that passing socket over
|
||||||
|
|
||||||
|
@ -1459,9 +1452,6 @@ Features:
|
||||||
- optionally automatically add FORWARD rules to iptables whenever nspawn is
|
- optionally automatically add FORWARD rules to iptables whenever nspawn is
|
||||||
running, remove them when shut down.
|
running, remove them when shut down.
|
||||||
|
|
||||||
* nspawn: make --bind= work sanely with --private-users when uid mapping mounts
|
|
||||||
are used.
|
|
||||||
|
|
||||||
* nspawn: add support for sysext extensions, too. i.e. a new --extension=
|
* nspawn: add support for sysext extensions, too. i.e. a new --extension=
|
||||||
switch that takes one or more arguments, and applies the extensions already
|
switch that takes one or more arguments, and applies the extensions already
|
||||||
during startup.
|
during startup.
|
||||||
|
|
Loading…
Reference in a new issue