X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=TODO;h=19e53fe658a998ed39696002a774373845f8ecaa;hp=339a34d01562089dd91b854a127101e42c6d2b2a;hb=e4ee6e5cc3e8e23e1ecc0d9fa756d9cc2534d218;hpb=8973790ee6f62132b1b57de15c4edaef2c097004 diff --git a/TODO b/TODO index 339a34d01..19e53fe65 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,7 @@ Bugfixes: +* systemctl status *.path shows all logs, not only the ones since the unit is + active + * check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar * swap units that are activated by one name but shown in the kernel under another are semi-broken @@ -26,9 +29,38 @@ Fedora 19: Features: -* handle named vs controller hierarchies correctly in cg_pid_get_path() - -* add nspawn@.service +* libsystemd-bus: + - default policy (allow uid == 0 and our own uid) + - enforce alignment of pointers passed in + - negotiation for attach attributes + - verify that the PID doesn't change for existing busses + - when kdbus doesn't take our message without memfds, try again with memfds + - kdbus: generate correct bloom filter for matches + - implement translator service + - port systemd to new library + - implement busname unit type in systemd + - move to gvariant + - minimal locking around the memfd cache + - keep the connection fds around as long as the bus is open + - merge busctl into systemctl or so? + - synthesize sd_bus_message objects from kernel messages + +* in the final killing spree, detect processes from the root directory, and + complain loudly if they have argv[0][0] == '@' set. + https://bugzilla.redhat.com/show_bug.cgi?id=961044 + +* read the kernel's console "debug" keyword like we read "quiet" and adjust: + systemd.log_level=debug and maybe systemd.log_target=kmsg + +* add an option to nspawn that uses seccomp to make socket(AF_NETLINK, + SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that + makes the audit userspace to think auditing is not available in the + kernel. + +* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on + https://bugzilla.redhat.com/show_bug.cgi?id=952634 + +* maybe add a warning to the unit file parses whern the acces mode of unit files is non-sensical. * investigate endianess issues of UUID vs. GUID @@ -59,8 +91,6 @@ Features: * cgtop: make cgtop useful in a container -* make sure cg_pid_get_path() works properly for co-mounted controllers - * test/: - add 'set -e' to scripts in test/ - make stuff in test/ work with separate output dir @@ -141,8 +171,6 @@ Features: * systemctl: maybe add "systemctl add-wants" or so... -* man: add a link to socket activation blog from systemd.socket(5) - * man: add more examples to man pages * man: maybe sort directives in man pages, and take sections from --help and apply them to man too @@ -158,8 +186,6 @@ Features: * use "log level" rather than "log priority" everywhere -* ensure sd_journal_seek_monotonic actually works properly. - * timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to. * Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to @@ -204,9 +230,6 @@ Features: - pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree - logind: GetSessionByPID() should accept 0 as PID value - we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case - - add configuration/switches to use - freeze (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git) and - standby (https://bugs.freedesktop.org/show_bug.cgi?id=57793) as suspend modes * exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty. @@ -366,10 +389,10 @@ Features: - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context * cryptsetup: - - cryptsetup-generator: warn if the password files are world-readable - cryptsetup-generator: allow specification of passwords in crypttab itself - move cryptsetup key caching into kernel keyctl? https://bugs.freedesktop.org/show_bug.cgi?id=54982 + - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator * move debug shell to tty6 and make sure this doesn't break the gettys on tty6 @@ -440,8 +463,6 @@ Features: * change Requires=basic.target to RequisiteOverride=basic.target -* support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator - * when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr * move passno parsing to fstab generator @@ -461,8 +482,6 @@ Features: * ExecOnFailure=/usr/bin/foo -* ConditionSecurity= should learn about IMA and SMACK - * udev: - remove src/udev/udev-builtin-firmware.c (CONFIG_FW_LOADER_USER_HELPER=n) - move to LGPL @@ -602,7 +621,6 @@ Features: - plot per-process IO utilization - group processes based on service association (cgroups) - document initcall_debug - - put bootcharts in the journal - kernel cmdline "bootchart" option for simplicity? External: @@ -640,12 +658,14 @@ External: * /usr/bin/service should actually show the new command line -* fedora: suggest auto-restart on failure, but not on sucess and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus= +* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus= * fedora: F20: go timer units all the way, leave cron.daily for cron * neither pkexec nor sudo initialize environ[] from the PAM environment? +* fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it + Regularly: * look for close() vs. close_nointr() vs. close_nointr_nofail()