* When lz4 gets an API for lz4 command output, make use of it to
compress coredumps in a way compatible with /usr/bin/lz4.
-Release 219 preparations:
+Features:
-* rework journald sigbus stuff to use mutex
+* nspawn: emulate /dev/kmsg using CUSE and turn off the syslog syscall
+ with seccomp. That should provide us with a useful log buffer that
+ systemd can log to during early boot, and disconnect container logs
+ from the kernel's logs.
-* create importd daemon, move "systemd-import" tool into machinectl
+* networkd/udev: implement SR_IOV configuration in .link files:
+ http://lists.freedesktop.org/archives/systemd-devel/2015-January/027451.html
-Features:
+* When RLIMIT_NPROC is set from a unit file it currently always is set
+ for root, not for the user set in User=, which makes it
+ useless. After fixing this, set RLIMIT_NPROC for
+ systemd-journal-xyz, and all other of our services that run under
+ their own user ids, and use User= (but only in a world where userns
+ is ubiquitous since otherwise we cannot invoke those daemons on the
+ host AND in a container anymore). Also, if LimitNPROC= is used
+ without User= we should warn and refuse operation.
+
+* logind: maybe allow configuration of the StopTimeout for session scopes
+
+* Set NoNewPriviliges= on all of our own services, where that makes sense
+
+* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
+
+* rework journald sigbus stuff to use mutex
* import-dkr: support tarsum checksum verification, if it becomes reality one day...
* core/cgroup: support net_cls modules, and support automatically allocating class ids, then add support for making firewall changes depending on it, to implement a per-service firewall
-* bus-proxy: reload policy when PID 1 reports a reload
-
-* the dbus1 connection user id is actually the euid, not the uid, and creds should return that
-
* introduce systemd-nspawn-ephemeral@.service, and hook it into "machinectl start" with a new --ephemeral switch
-* logind,machined: add generic catch-all polkit verbs for most priviliged operations, similar to systemd itself
+* logind,machined: add generic catch-all polkit verbs for most privileged operations, similar to systemd itself
* "machinectl status" should also show internal logs of the container in question
-* nspawn: don't change superblock mount options from nspawn for cgroup hierarchies
-
* "machinectl list-images" should show os-release data, as well as machine-info data (including deployment level)
* nspawn: when start a container "foobar" look for its configuration in a file "foobar.nspawn" in /etc/systemd/nspawn/ as well as next to the actualy directory or image to boot
* Port various tools to make use of verbs.[ch], where applicable
-* Check all invocations of access() and consider turning them into laccess()
-
* "machinectl history"
* "machinectl diff"
* sd-bus:
- GetAllProperties() on a non-existing object does not result in a failure currently
- kdbus: process fd=-1 for incoming msgs
- - make dsrt happy, and change userspace header for kdbus to yyyyuta{tv}v
- port to sd-resolve for connecting to TCP dbus servers
- kdbus: maybe add controlling tty metadata fields
- see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself
* tmpfiles:
- apply "x" on "D" too (see patch from William Douglas)
+ - replace F with f+.
+ - instead of ignoring unknown fields, reject them.
* for services: do not set $HOME in services unless requested
~ianmdlvl / elogind.git / blobdiff