Bugfixes:
+* systemctl status *.path shows all logs, not only the ones since the unit is
+ active
+
* check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar
* swap units that are activated by one name but shown in the kernel under another are semi-broken
Features:
-* handle named vs controller hierarchies correctly in cg_pid_get_path()
-
-* add nspawn@.service
+* libsystemd-bus:
+ - default policy (allow uid == 0 and our own uid)
+ - enforce alignment of pointers passed in
+ - negotiation for attach attributes
+ - verify that the PID doesn't change for existing busses
+ - when kdbus doesn't take our message without memfds, try again with memfds
+ - kdbus: generate correct bloom filter for matches
+ - implement translator service
+ - port systemd to new library
+ - implement busname unit type in systemd
+ - move to gvariant
+ - minimal locking around the memfd cache
+ - keep the connection fds around as long as the bus is open
+ - merge busctl into systemctl or so?
+ - synthesize sd_bus_message objects from kernel messages
+
+* in the final killing spree, detect processes from the root directory, and
+ complain loudly if they have argv[0][0] == '@' set.
+ https://bugzilla.redhat.com/show_bug.cgi?id=961044
+
+* read the kernel's console "debug" keyword like we read "quiet" and adjust:
+ systemd.log_level=debug and maybe systemd.log_target=kmsg
+
+* add an option to nspawn that uses seccomp to make socket(AF_NETLINK,
+ SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that
+ makes the audit userspace to think auditing is not available in the
+ kernel.
+
+* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on
+ https://bugzilla.redhat.com/show_bug.cgi?id=952634
+
+* maybe add a warning to the unit file parses whern the acces mode of unit files is non-sensical.
* investigate endianess issues of UUID vs. GUID
* cgtop: make cgtop useful in a container
-* make sure cg_pid_get_path() works properly for co-mounted controllers
-
* test/:
- add 'set -e' to scripts in test/
- make stuff in test/ work with separate output dir
* systemctl: maybe add "systemctl add-wants" or so...
-* man: add a link to socket activation blog from systemd.socket(5)
-
* man: add more examples to man pages
* man: maybe sort directives in man pages, and take sections from --help and apply them to man too
* use "log level" rather than "log priority" everywhere
-* ensure sd_journal_seek_monotonic actually works properly.
-
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
- pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree
- logind: GetSessionByPID() should accept 0 as PID value
- we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case
- - add configuration/switches to use
- freeze (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git) and
- standby (https://bugs.freedesktop.org/show_bug.cgi?id=57793) as suspend modes
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
* cryptsetup:
- - cryptsetup-generator: warn if the password files are world-readable
- cryptsetup-generator: allow specification of passwords in crypttab itself
- move cryptsetup key caching into kernel keyctl?
https://bugs.freedesktop.org/show_bug.cgi?id=54982
+ - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
* move debug shell to tty6 and make sure this doesn't break the gettys on tty6
* change Requires=basic.target to RequisiteOverride=basic.target
-* support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
-
* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr
* move passno parsing to fstab generator
* ExecOnFailure=/usr/bin/foo
-* ConditionSecurity= should learn about IMA and SMACK
-
* udev:
- remove src/udev/udev-builtin-firmware.c (CONFIG_FW_LOADER_USER_HELPER=n)
- move to LGPL
- plot per-process IO utilization
- group processes based on service association (cgroups)
- document initcall_debug
- - put bootcharts in the journal
- kernel cmdline "bootchart" option for simplicity?
External:
* /usr/bin/service should actually show the new command line
-* fedora: suggest auto-restart on failure, but not on sucess and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=
+* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=
* fedora: F20: go timer units all the way, leave cron.daily for cron
* neither pkexec nor sudo initialize environ[] from the PAM environment?
+* fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it
+
Regularly:
* look for close() vs. close_nointr() vs. close_nointr_nofail()
~ianmdlvl / elogind.git / blobdiff