Janitorial Clean-ups:
-* code cleanup: retire FOREACH_WORD_QUOTED, port to extract_first_word() loops instead
+* code cleanup: retire FOREACH_WORD_QUOTED, port to extract_first_word() loops instead.
+ For example, most conf parsing callbacks should use it.
* replace manual readdir() loops with FOREACH_DIRENT or FOREACH_DIRENT_ALL
-* Get rid of the last strerror() invocations in favour of %m and strerror_r()
-
* Rearrange tests so that the various test-xyz.c match a specific src/basic/xyz.c again
Features:
+* drop nss-myhostname in favour of nss-resolve?
+
+* drop internal dlopen() based nss-dns fallback in nss-resolve, and rely on the
+ external nsswitch.conf based one
+
+* add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and
+ then use that for the setting used in user@.service. It should be understood
+ relative to the configured default value.
+
+* on cgroupsv2 add DelegateControllers=, to pick the precise cgroup controllers to delegate
+
+* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us
+
+* enable LockMLOCK to take a percentage value relative to physical memory
+
+* switch to ProtectSystem=strict for all our long-running services where that's possible
+
+* If RootDirectory= is used, mount /proc, /sys, /dev into it, if not mounted yet
+
+* Permit masking specific netlink APIs with RestrictAddressFamily=
+
+* nspawn: start UID allocation loop from hash of container name
+
+* nspawn: support that /proc, /sys/, /dev are pre-mounted
+
+* define gpt header bits to select volatility mode
+
+* nspawn: mount loopback filesystems with "discard"
+
+* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
+
+* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
+
+* ProtectKernelModules= (drops CAP_SYS_MODULE and filters the kmod syscalls)
+
+* ProtectTracing= (drops CAP_SYS_PTRACE, blocks ptrace syscall, makes /sys/kernel/tracing go away)
+
+* ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave)
+
+* ProtectKeyRing= to take keyring calls away
+
+* RemoveKeyRing= to remove all keyring entries of the specified user
+
+* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill
+ on PID 1 with the relevant signals, and makes relevant files in /sys and
+ /proc (such as the sysrq stuff) unavailable
+
+* DeviceAllow= should also generate seccomp filters for mknod()
+
+* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
+ RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
+
+* Add BindDirectory= for allowing arbitrary, private bind mounts for services
+
+* Add RootImage= for mounting a disk image or file as root directory
+
+* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
+
+* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
+
+* journalctl: make sure -f ends when the container indicated by -M terminates
+
+* mount: automatically search for "main" partition of an image has multiple
+ partitions
+
+* expose the "privileged" flag of ExecCommand on the bus, and open it up to
+ transient units
+
+* in nss-systemd, if we run inside of RootDirectory= with PrivateUsers= set,
+ find a way to map the User=/Group= of the service to the right name. This way
+ a user/group for a service only has to exist on the host for the right
+ mapping to work.
+
+* allow attaching additional journald log fields to cgroups
+
+* add bus API for creating unit files in /etc, reusing the code for transient units
+
+* add bus API to remove unit files from /etc
+
+* add bus API to retrieve current unit file contents (i.e. implement "systemctl cat" on the bus only)
+
+* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the
+ kernel doesn't support linkat() that replaces existing files, currently)
+
+* check if DeviceAllow= should split first, resolve specifiers later
+
+* transient units: don't bother with actually setting unit properties, we
+ reload the unit file anyway
+
+* journald: sigbus API via a signal-handler safe function that people may call
+ from the SIGBUS handler
+
+* move specifier expansion from service_spawn() into load-fragment.c
+
+* optionally, also require WATCHDOG=1 notifications during service start-up and shutdown
+
+* resolved: when routing queries, make sure only look for the *longest* suffix...
+
+* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
+ in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
+
+* cache sd_event_now() result from before the first iteration...
+
+* add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction
+
* PID1: find a way how we can reload unit file configuration for
specific units only, without reloading the whole of systemd
-* add an explicit parser for LimitNICE= and LimitRTPRIO= that verifies
+* add an explicit parser for LimitRTPRIO= that verifies
the specified range and generates sane error messages for incorrect
- specifications. Also, for LimitNICE= maybe introduce a syntax such
- as "+5" or "-7" in order to make the limits more readable as they
- are otherwise shifted by 20.
+ specifications.
* do something about "/control" subcgroups in the unified cgroup hierarchy
* push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy)
-* add a new command "systemctl revert" or so, that removes all dropin
- snippets in /run and /etc, and all unit files with counterparts in
- /usr, and thus undoes what "systemctl set-property" and "systemctl
- edit" create. Maybe even add "systemctl revert -a" to do this for
- all units.
-
* PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when run via nspawn)
-* consider throwing a warning if a service declares it wants to be "Before=" a .device unit.
-
-* "systemctl edit" should know a mode to create a new unit file
-
* there's probably something wrong with having user mounts below /sys,
as we have for debugfs. for exmaple, src/core/mount.c handles mounts
prefixed with /sys generally special.
* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
-* "systemctl daemon-reload" should result in /etc/systemd/system.conf being reloaded by systemd
-
-* install: include generator dirs in unit file search paths
-
-* invent a better systemd-run scheme for naming scopes, that works with remoting
-
-* rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
- to unicode chars, to make things more expressive.
-
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
* mounting and unmounting mount points manually with different source
- devices will result in collected collected on all devices used.
+ devices will result in collected on all devices used.
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030225.html
* add a job mode that will fail if a transaction would mean stopping
* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
-* core/cgroup: support net_cls modules, and support automatically allocating class ids, then add support for making firewall changes depending on it, to implement a per-service firewall
+* implement a per-service firewall based on net_cls
-* Port various tools to make use of verbs.[ch], where applicable
+* Port various tools to make use of verbs.[ch], where applicable: busctl,
+ coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl
* hostnamectl: show root image uuid
* synchronize console access with BSD locks:
http://lists.freedesktop.org/archives/systemd-devel/2014-October/024582.html
-* as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads:
+* as soon as we have sender timestamps, revisit coalescing multiple parallel daemon reloads:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html
-* the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat!
-
* in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column
* figure out when we can use the coarse timers
* firstboot: make it useful to be run immediately after yum --installroot to set up a machine. (most specifically, make --copy-root-password work even if /etc/passwd already exists
-* add infrastructure to allocate dynamic/transient users and UID ranges, for use in user-namespaced containers, per-seat gdm login screens and gdm guest sessions
-
* maybe add support for specifier expansion in user.conf, specifically DefaultEnvironment=
* introduce systemd-timesync-wait.service or so to sync on an NTP fix?
* maybe provide an API to allow migration of foreign PIDs into existing scopes.
-* maybe support a new very "soft" reboot mode, that simply kills all processes, disassembles everything, flushes /run and sysvipc, and then reexecs systemd again
-
* man: maybe use the word "inspect" rather than "introspect"?
* systemctl: if some operation fails, show log output?
-* systemctl edit:
-- allow creation of units from scratch
-- use equvalent of cat() to insert existing config as a comment, prepended with #.
+* systemctl edit: use equvalent of cat() to insert existing config as a comment, prepended with #.
Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc.
-* exponential backoff in timesyncd and resolved when we cannot reach a server
+* exponential backoff in timesyncd when we cannot reach a server
-* timesyncd + resolved: add ugly bus calls to set NTP and DNS servers per-interface, for usage by NM
-
-* extract_many_words() should probably be used by a lot of code that
- currently uses FOREACH_WORD and friends. For example, most conf
- parsing callbacks should use it.
+* timesyncd: add ugly bus calls to set NTP servers per-interface, for usage by NM
* merge ~/.local/share and ~/.local/lib into one similar /usr/lib and /usr/share....
(throughout the codebase, not only PID1)
* resolved:
- - put networkd events and rtnl events at a higher priority, so that
- we always process them before we process client requests
- - DNSSEC
- - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)?
- - DNS
- - search paths
- mDNS/DNS-SD
+ - service registration
+ - service/domain/types browsing
- avahi compat
- DNS-SD service registration from socket units
- - edns0
- - dname: Not necessary for plain DNS as synthesized cname is handed out instead if we do not
- announce dname support. However, for DNSSEC it is necessary as the synthesized cname
- will not be signed.
- - cname on PTR (?)
- resolved should optionally register additional per-interface LLMNR
names, so that for the container case we can establish the same name
(maybe "host") for referencing the server, everywhere.
+ - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
+ - hook up resolved with machined-based address resolution
* refcounting in sd-resolve is borked
* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them.
-* timer units: actually add extra delays to timer units with high AccuracySec values, don't start them already when we are awake...
-
* a way for container managers to turn off getty starting via $container_headless= or so...
* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit
CAP_NET_ADMIN is set, more than the loopback device is defined, even
when it is otherwise off
-* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size().
-
-* "busctl status" works only as root on dbus1, since we cannot read
- /proc/$PID/exe
+* MessageQueueMessageSize= (and suchlike) should use parse_iec_size().
* implement Distribute= in socket units to allow running multiple
service instances processing the listening socket, and open this up
and passes this back to PID1 via SCM_RIGHTS. This also could be used
to allow Chown/chgrp on sockets without requiring NSS in PID 1.
-* New service property: maximum CPU and wallclock runtime for a service
-
* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
$UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
should SIGSTOP all unit processes in a loop until all processes of
* be more careful what we export on the bus as (usec_t) 0 and (usec_t) -1
-* unify dispatch table in systemctl_main() and friends
-
* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs
error. Currently, we just ignore it and read the unit from the search
path anyway.
-* refuse boot if /etc/os-release is missing or /etc/machine-id cannot be set up
+* refuse boot if /usr/lib/os-release is missing or /etc/machine-id cannot be set up
* btrfs raid assembly: some .device jobs stay stuck in the queue
-* make sure gdm does not use multi-user-x but the new default X configuration file, and then remove multi-user-x from systemd
-
* man: the documentation of Restart= currently is very misleading and suggests the tools from ExecStartPre= might get restarted.
* load .d/*.conf dropins for device units
- path escaping
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- test bloom filter generation indexes
- - bus-proxy: when passing messages from kdbus, make sure we properly
- handle the case where a large number of fds is appended that we
- cannot pass into sendmsg() of the AF_UNIX sokcet (which only accepts
- 253 messages)
- kdbus: introduce a concept of "send-only" connections
- kdbus: add counter for refused unicast messages that is passed out via the RECV ioctl. SImilar to the counter for dropped multicast messages we already have.
- generate a failure of a default event loop is executed out-of-thread
- maybe add support for inotify events
-* in the final killing spree, detect processes from the root directory, and
- complain loudly if they have argv[0][0] == '@' set.
- https://bugzilla.redhat.com/show_bug.cgi?id=961044
-
* investigate endianness issues of UUID vs. GUID
* dbus: when a unit failed to load (i.e. is in UNIT_ERROR state), we
* systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep()
-* remove any syslog support from log.c -- we probably cannot do this before split-off udev is gone for good
+* remove any syslog support from log.c — we probably cannot do this before split-off udev is gone for good
* shutdown logging: store to EFI var, and store to USB stick?
message that works, but alraedy after a short tiemout
- check if we can make journalctl by default use --follow mode inside of less if called without args?
- maybe add API to send pairs of iovecs via sd_journal_send
- - journal: when writing journal auto-rotate if time jumps backwards
- journal: add a setgid "systemd-journal" utility to invoke from libsystemd-journal, which passes fds via STDOUT and does PK access
- journactl: support negative filtering, i.e. FOOBAR!="waldo",
and !FOOBAR for events without FOOBAR.
- journal-or-kmsg is currently broken? See reverted
commit 4a01181e460686d8b4a543b1dfa7f77c9e3c5ab8.
- man: document that corrupted journal files is nothing to act on
- - systemd-journal-upload (or a new, related tool): allow pushing out
- journal messages onto the network in BSD syslog protocol,
- continuously. Default to some link-local IP mcast group, to make this
- useful as a one-stop debugging tool.
- rework journald sigbus stuff to use mutex
- Set RLIMIT_NPROC for systemd-journal-xyz, and all other of our
services that run under their own user ids, and use User= (but only
written to as FAIL, but instead show that their are being written to.
- add journalctl -H that talks via ssh to a remote peer and passes through
binary logs data
- - change journalctl -M to acquire fd to journal directory via machined, and
- then operate on that via openat() instead of absolute paths
- add a version of --merge which also merges /var/log/journal/remote
- log accumulated resource usage after each service invocation
- journalctl: -m should access container journals directly by enumerating
- systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards?
- systemctl: "Journal has been rotated since unit was started." message is misleading
- better error message if you run systemctl without systemd running
- - systemctl status output should should include list of triggering units and their status
+ - systemctl status output should include list of triggering units and their status
* unit install:
- "systemctl mask" should find all names by which a unit is accessible
(i.e. by scanning for symlinks to it) and link them all to /dev/null
- - systemctl list-unit-files should list generated files (and probably with a new state "generated" for them, or so)
* timer units:
- timer units should get the ability to trigger when:
o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET)
o DST changes
- Support 2012-02~4 as syntax for specifying the fourth to last day of the month.
- - calendarspec: support value ranges with ".." notation. Example: 2013-4..8-1
- Modulate timer frequency based on battery state
* add libsystemd-password or so to query passwords during boot using the password agent logic
* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not
* nspawn:
- - to allow "linking" of nspawn containers, extend --network-bridge= so
- that it can dynamically create bridge interfaces that are refcounted
- by the containers on them. For each group of containers to link together
- - refuses to boot containers without /etc/machine-id (OK?), and with empty
- /etc/machine-id (not OK).
- nspawn -x should support ephemeral instances of gpt images
- emulate /dev/kmsg using CUSE and turn off the syslog syscall
with seccomp. That should provide us with a useful log buffer that
- as soon as networkd has a bus interface, hook up --network-interface=,
--network-bridge= with networkd, to trigger netdev creation should an
interface be missing
- - don't copy /etc/resolv.conf from host into container unless we are in
- shared-network mode
- a nice way to boot up without machine id set, so that it is set at boot
automatically for supporting --ephemeral. Maybe hash the host machine id
together with the machine name to generate the machine id for the container
- should send out sd_notify("WATCHDOG=1") messages
- optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down.
- - add a logic for cleaning up read-only, hidden container images in
- /var/lib/machines that are not ancestors of any non-hidden containers
- Improve error message when --bind= is used on a non-existing source
directory
- maybe make copying of /etc/resolv.conf optional, and skip it if --read-only
is used
* machined:
- - "machinectl list" should probably show columns for OS version and IP
- addresses
- add an API so that libvirt-lxc can inform us about network interfaces being
removed or added to an existing machine
- "machinectl migrate" or similar to copy a container from or to a
difference host, via ssh
- - man: document how update dkr images works with machinectl
- http://lists.freedesktop.org/archives/systemd-devel/2015-February/028630.html
- introduce systemd-nspawn-ephemeral@.service, and hook it into
"machinectl start" with a new --ephemeral switch
- "machinectl status" should also show internal logs of the container in
shell in it, and marks it read-only after use
* importd:
- - dkr: support tarsum checksum verification, if it becomes reality one day...
- - dkr: convert json bits to nspawn configuration
- generate a nice warning if mkfs.btrfs is missing
* cryptsetup:
* initialize the hostname from the fs label of /, if /etc/hostname does not exist?
-* rename "userspace" to "core-os"
-
* udev:
- move to LGPL
- kill scsi_id
* coredump:
- save coredump in Windows/Mozilla minidump format
- - move PID 1 segfaults to /var/lib/systemd/coredump?
- - make the handler check /proc/$PID/rlimits for RLIMIT_CORE,
- and supress coredump if turned off. Then change RLIMIT_CORE to
- infinity by default for all services. This then allows per-service
- control of coredumping.
+ - when truncating coredumps, also log the full size that the process had, and make a metadata field so we can report truncated coredumps
* support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting)
- GC unreferenced jobs (such as .device jobs)
- move PAM code into its own binary
- when we automatically restart a service, ensure we restart its rdeps, too.
- - for services: do not set $HOME in services unless requested
- hide PAM options in fragment parser when compile time disabled
- Support --test based on current system state
- If we show an error about a unit (such as not showing up) and it has no Description string, then show a description string generated form the reverse of unit_name_mangle().
- after deserializing sockets in socket.c we should reapply sockopts and things
- - make timer units go away after they elapsed
- drop PID 1 reloading, only do reexecing (difficult: Reload()
currently is properly synchronous, Reexec() is weird, because we
cannot delay the response properly until we are back, so instead of
- Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely
- consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup=
-* systemd-python:
- - figure out a simple way to wait for journal events in a way that
- works with ^C
- - add documentation to systemd.daemon
-
-* bootchart:
- - plot per-process IO utilization
- - group processes based on service association (cgroups)
- - document initcall_debug
- - kernel cmdline "bootchart" option for simplicity?
-
* udev-link-config:
- Make sure ID_PATH is always exported and complete for
network devices where possible, so we can safely rely
- add reduced [Link] support to .network files
- add Scope= parsing option for [Network]
- properly handle routerless dhcp leases
- - add more attribute support for SIT tunnel
- work with non-Ethernet devices
- add support for more bond options
- dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from?
- - add LLDP client side support
- the DHCP lease data (such as NTP/DNS) is still made available when
a carrier is lost on a link. It should be removed instantly.
- expose in the API the following bits:
support Name=foo*|bar*|baz ?
- duplicate address check for static IPs (like ARPCHECK in network-scripts)
- allow DUID/IAID to be customized, see issue #394.
- - support configuration option for TSO (tcp segmentation offload)
- whenever uplink info changes, make DHCP server send out FORCERENEW
* networkd-wait-online:
or interface down
- some servers don't do rapid commit without a filled in IA_NA, verify
this behavior
+ - RouteTable= ?
External:
~ianmdlvl / elogind.git / blobdiff