Features:
-* machined: provide calls GetMachineByAddress() on the manager interface to get the machine for a local IP address, and GetAddress() on the Machine interface to get the Address for a machine. Implement via forking off child process which quickly joins the cotnainer and passes data to parent. Show this in "machinectl status", and use it to implement NSS module to provide automatic name resolution for containers.
+* add bus api to query unit file's X fields.
-* add generator that pulls in systemd-network from containers when CAP_NET_ADMIN is set, more than the loopback device is defined, even when it is otherwise off
+* consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup=
-* logind: avoid suspending on SW_LID if SW_DOCK is set
+* sd-event: define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ...
-* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size().
+* maybe add DefaultTimerAccuracySec= as global config option to set AccuracySec='s default value in .timer units
+
+* mount /sys/fs/cgroup read-only (but leave the subdirs writable)
+
+* gpt-auto-generator:
+ - Support LUKS for root devices
+ - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap?
+ - Make /home automount rather than mount?
+
+* improve journalctl performance by loading journal files
+ lazily. Encode just enough information in the file name, so that we
+ don't have to open it to know that it is not interesting for us, for
+ the most common operations.
+
+* support transient mount units
+
+* Imply DevicePolicy=closed and CapabilityBoundingSet=~CAP_SYS_MKNOD when PrivateDevices= is used
+
+* add an "input" group to udev logic and add all input devices to it
+
+* libsystemd-login: implement getpeer_unit(), get_peer_slice(), ...
-* man: move .link, .network and .netdev documentation into their own
- man pages maybe called "systemd.link(5)", "systemd.network(5)" and
- "systemd.netdev(5)" or so.
+* machined: provide calls GetMachineByAddress() on the manager
+ interface to get the machine for a local IP address, and
+ GetAddress() on the Machine interface to get the Address for a
+ machine. Implement via forking off child process which quickly joins
+ the cotnainer and passes data to parent. Show this in "machinectl
+ status", and use it to implement NSS module to provide automatic
+ name resolution for containers.
+
+* add generator that pulls in systemd-network from containers when
+ CAP_NET_ADMIN is set, more than the loopback device is defined, even
+ when it is otherwise off
+
+* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size().
* "busctl status" works only as root on dbus1, since we cannot read
/proc/$PID/exe
allows enumerating units in local containers recursively. "systemctl
list-units -R" or so should not only lists on the host, but also the
services in all containers in a pretty way, to give an overview of
- the entire system. Also, maybe add "systemctl list-machines" which
- works like "machinectl list" but includes information about the
- health status of each registered machine. For that we should
- probably implement something that encodes the system health status
- in a single enum state, i.e. something like a system-wide state
- starting → running → failed → stopping, that is based on the current
- job queue and a check for failed services. Maybe then change
- "systemctl status" without args to output this state along with a
- selection of other data, such as the uptime or so.
-
-* Add a seccomp-based filter for socket() calls to limit services to
- specific address families (for example: AF_UNIX), inspired by
- Android's sandboxing
+ the entire system.
* implement Distribute= in socket units to allow running multiple
service instances processing the listening socket, and open this up
for ReusePort=
-* add a timelimit to generator invocation
-
* socket units: support creating sockets in different namespace,
opening it up for JoinsNamespaceOf=. This would require to fork off
a tiny process that joins the namespace and creates/binds the socket
* completions:
- busctl zsh completion is outdated
- systemd-nspawn -Z/-L/-q is missing for zsh
- - systemd-nspawn completion is missing for bash
- manager property enumeration was broken when systemd moved to /usr/lib/
* cgroups:
- - implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory?)
- implement per-slice CPUFairScheduling=1 switch
- handle jointly mounted controllers correctly
- introduce high-level settings for RT budget, swappiness
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
-* move config_parse_path_strv() out of conf-parser.c
-
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs
* If we try to find a unit via a dangling symlink, generate a clean
Maybe take a BSD lock at the disk device node and teach udev to
check for that and suppress event handling.
-* something pulls in pcre as shared object dependency into our daemons such as hostnamed.
-
* allow implementation of InaccessibleDirectories=/ plus
ReadOnlyDirectories=... for whitelisting files for a service.
- NameLost/NameAcquired obsolete
- GVariant
- "const" properties (posted)
+ - path escaping
- port exit-on-idle logic to byebye ioctl
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- allow updating attach flags during runtime
- introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list
- port to sd-resolve for connecting to TCP dbus servers
- constructors for bus messages should probably not be OK with a NULL bus pointer
+ - .busname units should not use get_user_creds()/get_cgroup_creds() but instead do NSS only in temporarily forked off child
* sd-event
- allow multiple signal handlers per signal?
- logind: allow showing logout dialog from system?
- logind: add equivalent to sd_pid_get_owner_uid() to the D-Bus API
- we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case
- - when logging out, remove user-owned sysv and posix IPC objects
- session scopes/user unit: add RequiresMountsFor for the home directory of the user
- add Suspend() bus calls which take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quickly.
- if pam_systemd is invoked by su from a process that is outside of a
mode, it will never touch the RTC if the no reliable time source is active or the
user did not request anything like it.
-* if booted in "quiet" mode, and an error happens, turn on status
- output again, so that the emergency mode isn't totally
- surprising. Also, terminate plymouth.
-
* libunwind support for coredump pattern hook, and includes this in
the message for coredumps. After all, libunwind is now capable to
unwind coredumps since a few weeks ago. This probably requires that
* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab isn't
* nspawn:
- - nspawn: consider changing users for -u with /usr/bin/getent, so that NSS resolving works correctly
- nspawn: --read-only is not applied recursively to submounts
- bind mount read-only the cgroup tree higher than nspawn
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters
- refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
- support taking a btrfs snapshot at startup and dropping it afterwards
- maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"
- - allow booting disk images with a GPT signature using the bootloaderspec partition uuids
+ - generate predictable mac addresses for the netdev we create (host0), maybe based on guest's machine
+ name and machine-id of host (?)
* cryptsetup:
- cryptsetup-generator: allow specification of passwords in crypttab itself
* rename "userspace" to "core-os"
-* syscall filter: optionally don't enforce no new privs?
-
* load-fragment: when loading a unit file via a chain of symlinks
verify that it isn't masked via any of the names traversed.
- add support for more attribute types
* networkd:
+ - make sure RTM_NEWLINK messages match both the ifname and kind when setting the ifindex of a netdev
- add more keys to [Route] and [Address] sections
- add support for more DHCPv4 options (and, longer term, other kinds of dynamic config)
- add proper initrd support (in particular generate .network/.link files based on /proc/cmdline)
- add reduced [Link] support to .network files
+ - add IPv4LL tests (inspire by DHCP)
+ - add Scope= parsing option for [Network]
+ - change LL address generation and make it predictable like get_mac() (link-config.c)
+ - have smooth transition from LL to routable address, without disconnecting clients.
External:
~ianmdlvl / elogind.git / blobdiff