Bugfixes:
-* killing nspawn with ]]] results in:
- machine-f20.scope stopping timed out. Killing.
- Stopped Container f20.
- Unit machine-f20.scope entered failed state.
- and it cannot be started again
-
* enabling an instance unit creates a pointless link, and
the unit will be started with getty@getty.service:
$ systemctl enable getty@.service
* properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point.
-* When we detect invalid UTF-8, we cannot use it in an error message:
- log...("Path is not UTF-8 clean, ignoring assignment: %s", rvalue);
-
* shorten the message to sane length:
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details.
External:
-* ps should gain colums for slice
-
* Fedora: when installing fedora with yum --installroot /var/run is a directory, not a symlink
https://bugzilla.redhat.com/show_bug.cgi?id=975864
Features:
-* hookup nspawn and PrivateNetwork=yes with "ip netns"
+* machined: provide calls GetMachineByAddress() on the manager interface to get the machine for a local IP address, and GetAddress() on the Machine interface to get the Address for a machine. Implement via forking off child process which quickly joins the cotnainer and passes data to parent. Show this in "machinectl status", and use it to implement NSS module to provide automatic name resolution for containers.
+
+* add generator that pulls in systemd-network from containers when CAP_NET_ADMIN is set, more than the loopback device is defined, even when it is otherwise off
+
+* logind: avoid suspending on SW_LID if SW_DOCK is set
+
+* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size().
+
+* man: move .link, .network and .netdev documentation into their own
+ man pages maybe called "systemd.link(5)", "systemd.network(5)" and
+ "systemd.netdev(5)" or so.
+
+* "busctl status" works only as root on dbus1, since we cannot read
+ /proc/$PID/exe
+
+* systemctl (and possibly related tools): support a new switch that
+ allows enumerating units in local containers recursively. "systemctl
+ list-units -R" or so should not only lists on the host, but also the
+ services in all containers in a pretty way, to give an overview of
+ the entire system. Also, maybe add "systemctl list-machines" which
+ works like "machinectl list" but includes information about the
+ health status of each registered machine. For that we should
+ probably implement something that encodes the system health status
+ in a single enum state, i.e. something like a system-wide state
+ starting → running → failed → stopping, that is based on the current
+ job queue and a check for failed services. Maybe then change
+ "systemctl status" without args to output this state along with a
+ selection of other data, such as the uptime or so.
+
+* Add a seccomp-based filter for socket() calls to limit services to
+ specific address families (for example: AF_UNIX), inspired by
+ Android's sandboxing
+
+* implement Distribute= in socket units to allow running multiple
+ service instances processing the listening socket, and open this up
+ for ReusePort=
+
+* add a timelimit to generator invocation
* socket units: support creating sockets in different namespace,
opening it up for JoinsNamespaceOf=. This would require to fork off
and passes this back to PID1 via SCM_RIGHTS. This also could be used
to allow Chown/chgrp on sockets without requiring NSS in PID 1.
-* sd-resolve:
- - make sure event loop integration works similar to event loop integration in other libs
- - maybe drop _free() call, introduce _unref() instead
- - maybe simplify function calls that take a sd_resolve_query object, to not also require the matching sd_resolve?
- - maybe drop the "n_proc" parameter to sd_resolve_new()?
- - change all functions to return "int" and negative errno errors
-
* New service property: maximum CPU and wallclock runtime for a service
* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
desktop UIs such as gnome-shell to freeze apps that are not visible
on screen, not unlike how job control works on the shell
-* machinectl bash completion is missing
-* busctl bash and zsh completions are outdated
-
-* Introduce PrivateDevices=yes/no which works like PrivateTmp= but for /dev setting up a tmpfs for it that only includes /dev/null, /dev/zero, /dev/random, /dev/urandom, but nothing else.
-
-* libsystemd-journal returns the object created as first param in sd_journal_new(), sd_bus_new() and suchlike as last...
+* completions:
+ - busctl zsh completion is outdated
+ - systemd-nspawn -Z/-L/-q is missing for zsh
+ - systemd-nspawn completion is missing for bash
+ - manager property enumeration was broken when systemd moved to /usr/lib/
* cgroups:
- implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory?)
- add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt
- ensure scope units may be started only a single time
-* code cleanup
- - we probably should replace the left-over uses of strv_append() and replace them by strv_push() or strv_extend()
-
* Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk?
* when we detect low battery and no AC on boot, show pretty splash and refuse boot
-* move libasyncns into systemd as libsystemd-asyncns
-
* machined, localed: when we try to kill an empty cgroup, generate an ESRCH error over the bus
* libsystemd-journal, libsystemd-login, libudev: add calls to easily attach these objects to sd-event event loops
* Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk?
-* socket-proxyd:Use a nonblocking alternative to getaddrinfo
+* socket-proxyd: Use sd-resolve to resolve the server address
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
-* Add a new Distribute=$NUMBER key to socket units that makes use of SO_REUSEPORT to distribute network traffic on $NUMBER instances
-
* move config_parse_path_strv() out of conf-parser.c
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs
error. Currently, we just ignore it and read the unit from the search
path anyway.
-* When a Type=forking service fails and needed another service, that
- service is not cleaned up again when it has StopWhenUnneeded=yes
- http://lists.freedesktop.org/archives/systemd-devel/2013-July/012141.html
-
* refuse boot if /etc/os-release is missing or /etc/machine-id cannot be set up
* given that logind now lets PID 1 do all nasty work, we can
- GVariant
- "const" properties (posted)
- port exit-on-idle logic to byebye ioctl
- - bus proxy: override unique id sender for messages from driver to match the well-known name
- - bus driver: GetNameOwner() for "org.freedesktop.DBus" should return "org.freedesktop.DBus"
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- - bus proxy should fake seclabel when connecting to kdbus
- - sd_bus_message_set_no_reply() → sd_bus_message_set_expect_reply() and similar for no_auto_start
- allow updating attach flags during runtime
- pid1: peek into activating message when activating a service
- - when service activation failed, drop one message from the activator queue
+ - test bloom filter generation indexes
+ - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list
+ - port to sd-resolve for connecting to TCP dbus servers
+ - constructors for bus messages should probably not be OK with a NULL bus pointer
* sd-event
- allow multiple signal handlers per signal?
complain loudly if they have argv[0][0] == '@' set.
https://bugzilla.redhat.com/show_bug.cgi?id=961044
-* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on
- https://bugzilla.redhat.com/show_bug.cgi?id=952634
-
-* maybe add a warning to the unit file parses where the access mode of unit files is nonsensical.
-
* investigate endianness issues of UUID vs. GUID
* dbus: when a unit failed to load (i.e. is in UNIT_ERROR state), we
* when isolating, try to figure out a way how we implicitly can order
all units we stop before the isolating unit...
-* add ConditionArchitecture= or so
-
* teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off})
-* Support SO_REUSEPORT with socket activation:
- - Let systemd maintain a pool of servers.
- - Use for seamless upgrades, by running the new server before stopping the
- old.
-
* after all byte-wise realloc() is slow, even on glibc, so i guess we
need manual exponential loops after all
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
-* dev-setup.c: when running in a container, create a tiny stub udev
- database with the systemd tag set for all network interfaces found,
- so that libudev reports them as present, and systemd's .device units
- will be activated.
-
* merge unit_kill_common() and unit_kill_context()
* introduce ExecCondition= in services
- logind: wakelock/opportunistic suspend support
- Add pretty name for seats in logind
- logind: allow showing logout dialog from system?
- - logind: non-local X11 server handling
- logind: add equivalent to sd_pid_get_owner_uid() to the D-Bus API
- - pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree
- we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case
- when logging out, remove user-owned sysv and posix IPC objects
- session scopes/user unit: add RequiresMountsFor for the home directory of the user
- document in wiki how to map ical recurrence events to systemd timer unit calendar specifications
- add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr.
- document systemd-journal-flush.service properly
- - man: remove .include documentation, and instead push people to use .d/*.conf
- documentation: recommend to connect the timer units of a service to the service via Also= in [Install]
- man: document the very specific env the shutdown drop-in tools live in
- man: extend runlevel(8) to mention that runlevels suck, and are dead. Maybe add runlevel(7) with a note about that too
* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab isn't
* nspawn:
- - nspawn: consider changing users for -u with su, so that NSS resolving works correctly
- - nspawn: implement personality changes a la linux32(8)
+ - nspawn: consider changing users for -u with /usr/bin/getent, so that NSS resolving works correctly
- nspawn: --read-only is not applied recursively to submounts
- - nspawn: make use of device cgroup controller by default
- bind mount read-only the cgroup tree higher than nspawn
- - nspawn: investigate whether we can support the same as LXC's
- lxc.network.type=phys mode, and pass through entire network
- interfaces to the container
- - nspawn: maybe explicitly reset loginuid?
- - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
+ - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters
- refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
- - add an option to nspawn that uses seccomp to make socket(AF_NETLINK,
- SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that
- makes the audit userspace to think auditing is not available in the
- kernel.
- support taking a btrfs snapshot at startup and dropping it afterwards
+ - maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"
+ - allow booting disk images with a GPT signature using the bootloaderspec partition uuids
* cryptsetup:
- cryptsetup-generator: allow specification of passwords in crypttab itself
* explore multiple service instances per listening socket idea
-* shutdown: don't read-only mount anything when running in container
-
* MountFlags=shared acts as MountFlags=slave right now.
* ReadOnlyDirectories= is not applied recursively to submounts
* rename "userspace" to "core-os"
-* syscall filter:
- - syscall filter: add knowledge about compat syscalls
- - syscall filter: don't enforce no new privs?
- - syscall filter: option to return EPERM rather than SIGSYS?
- - syscall filter: port to libseccomp
- - system-wide seccomp filter
+* syscall filter: optionally don't enforce no new privs?
* load-fragment: when loading a unit file via a chain of symlinks
verify that it isn't masked via any of the names traversed.
- move to LGPL
- kill scsi_id
- add trigger --subsystem-match=usb/usb_device device
+ - reimport udev db after MOVE events for devices without dev_t
* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting
* dot output for --test showing the 'initial transaction'
-* port over to LISTEN_FDS/LISTEN_PID:
- - postfix, saslauthd
- - apache/samba
- - libvirtd (/var/run/libvirt/libvirt-sock-ro)
- - bluetoothd (/var/run/sdp! @/org/bluez/audio!)
- - distccd
-
* fingerprint.target, wireless.target, gps.target, netdevice.target
* io priority during initialization
- Make sure ID_PATH is always exported and complete for
network devices where possible, so we can safely rely
on Path= matching
- - Check if Driver= is broken, or just my driver (bcma)
* sd-rtnl:
- - improve container support, and add support for entering containers when reading
+ - add support for exiting containers without reading them fully first
- add support for more attribute types
* networkd:
- add more keys to [Route] and [Address] sections
- add support for more DHCPv4 options (and, longer term, other kinds of dynamic config)
- - allow opting out of receiving DNS servers over DHCPv4
- add proper initrd support (in particular generate .network/.link files based on /proc/cmdline)
+ - add reduced [Link] support to .network files
External:
~ianmdlvl / elogind.git / blobdiff