system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

update TODO

Browse source
This commit is contained in:
Lennart Poettering 2023-04-26 21:23:42 +02:00
parent fec81dedfd
commit f351e951d3
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
TODO
View file

@ -129,6 +129,13 @@ Deprecations and removals:
Features: Features:
* mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.
* mount the root fs with MS_NOSUID by default, and then mount /usr/ without
both so that suid executables can only be placed there. Do this already in
the initrd. If /usr/ is not split out create a bind mount automatically.
* rework journalctl -M to be based on a machined method that generates a mount * rework journalctl -M to be based on a machined method that generates a mount
fd of the relevant journal dirs in the container with uidmapping applied to fd of the relevant journal dirs in the container with uidmapping applied to
allow the host to read it, while making everything read-only. allow the host to read it, while making everything read-only.