X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=TODO;h=3073c07d46c1c00acec6740f9294374f34cdfd68;hp=c49d1795668e0c1ff38a551c15c547a9dc984ffd;hb=fc07d5d3a982e59d984d6be54342a18028faf7be;hpb=c3a0d00d6dd6f5997d673e133ef6f9f856550b0a diff --git a/TODO b/TODO index c49d17956..3073c07d4 100644 --- a/TODO +++ b/TODO @@ -31,25 +31,72 @@ External: Features: -* Port various tools to make use of verbs.[ch], where applicable +* The udev blkid built-in should expose a property that reflects + whether media was sensed in USB CF/SD card readers. This should then + be used to control SYSTEMD_READY=1/0 so that USB card readers aren't + picked up by systemd unless they contain a medium. This would mirror + the behaviour we already have for CD drives. + +* We should remove really old cruft from cdrom_id + +* nspawn: emulate /dev/kmsg using CUSE and turn off the syslog syscall + with seccomp. That should provide us with a useful log buffer that + systemd can log to during early boot, and disconnect container logs + from the kernel's logs. + +* networkd/udev: implement SR_IOV configuration in .link files: + http://lists.freedesktop.org/archives/systemd-devel/2015-January/027451.html + +* When RLIMIT_NPROC is set from a unit file it currently always is set + for root, not for the user set in User=, which makes it + useless. After fixing this, set RLIMIT_NPROC for + systemd-journal-xyz, and all other of our services that run under + their own user ids, and use User= (but only in a world where userns + is ubiquitous since otherwise we cannot invoke those daemons on the + host AND in a container anymore). Also, if LimitNPROC= is used + without User= we should warn and refuse operation. + +* logind: maybe allow configuration of the StopTimeout for session scopes + +* Set NoNewPriviliges= on all of our own services, where that makes sense + +* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API + +* rework journald sigbus stuff to use mutex + +* import-dkr: support tarsum checksum verification, if it becomes reality one day... + +* import-dkr: convert json bits to nspawn configuration + +* import: support import from local files, and export to local files -* Check all invocations of access() and consider turning them into laccess() +* core/cgroup: support net_cls modules, and support automatically allocating class ids, then add support for making firewall changes depending on it, to implement a per-service firewall -* "machinectl run" that works like systemd-run, but allocates a pty in the container and attached the service to it +* introduce systemd-nspawn-ephemeral@.service, and hook it into "machinectl start" with a new --ephemeral switch -* "machinectl start/enable/disable foo" as aliases for "systemctl start/enable/disable systemd-nspawn@foo.service" +* logind,machined: add generic catch-all polkit verbs for most privileged operations, similar to systemd itself -* "machinectl list-images" for showing a list of container trees collected from /var/lib/containers +* "machinectl status" should also show internal logs of the container in question -* "machinectl snapshot" to make a snapshot of a tree or container into /var/lib/containers +* "machinectl list-images" should show os-release data, as well as machine-info data (including deployment level) -* "machinectl rm" to remove a container tree from /var/lib/containers +* nspawn: when start a container "foobar" look for its configuration in a file "foobar.nspawn" in /etc/systemd/nspawn/ as well as next to the actualy directory or image to boot + +* Port various tools to make use of verbs.[ch], where applicable * "machinectl history" * "machinectl diff" -* machined: open up certain commands to unprivileged clients via polkit +* "machinectl commit" that takes a writable snapshot of a tree, invokes a shell in it, and marks it read-only after use + +* "machinectl status" should show 10 most recent log lines of both the host logs of the unit of the machine, plus the logs generated in the machine + +* add transparent btrfs pool in a loopback file in /var if btrfs operations (such as systemd-import pull-dkr) are used and /var is not a btrfs file system + +* systemd-nspawn -x should support ephemeral instances of gpt images + +* move machinectl's mount and copy commands into machined * hostnamectl: show root image uuid @@ -60,12 +107,6 @@ Features: * port libmount hookup to use API's own inotify interface, as soon as that is table in libmount -* bash completion for busctl, to make it truly useful - -* journald: broken file systems are real (btrfs), we need to handle - SIGBUS in some way if we cannot write or read from the disk. - https://bugzilla.redhat.com/show_bug.cgi?id=1151848 - * "systemctl preset-all" should probably order the unit files it operates on lexicographically before starting to work, in order to ensure deterministic behaviour if two unit files conflict (like DMs @@ -77,7 +118,7 @@ Features: * systemd-journal-upload (or a new, related tool): allow pushing out journal messages onto the network in BSD syslog protocol, - continously. Default to some link-local IP mcast group, to make this + continuously. Default to some link-local IP mcast group, to make this useful as a one-stop debugging tool. * synchronize console access with BSD locks: @@ -124,8 +165,6 @@ Features: * systemd --user should issue sd_notify() upon reaching basic.target, not on becoming idle -* configure.ac pretends dbus was optional but actually hardcodes use of dbus' pkg-config file to determine various dbus dirs such as policy and activation dirs - * consider showing the unit names during boot up in the status output, not just the unit descriptions * dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from? @@ -271,9 +310,6 @@ Features: desktop UIs such as gnome-shell to freeze apps that are not visible on screen, not unlike how job control works on the shell -* completions: - - manager property enumeration was broken when systemd moved to /usr/lib/ - * cgroups: - implement per-slice CPUFairScheduling=1 switch - handle jointly mounted controllers correctly @@ -322,20 +358,12 @@ Features: ReadOnlyDirectories=... for whitelisting files for a service. * sd-bus: + - GetAllProperties() on a non-existing object does not result in a failure currently - kdbus: process fd=-1 for incoming msgs - - make dsrt happy, and change userspace header for kdbus to yyyyuta{tv}v - - kdbus: PID/TID goes missing for method calls from outside the PID namespace? - - kdbus: the kernel should not allow messages to be delivered that have a reply serial != 0, reply-expect unset, but no appropriate window - - kdbus: timestamps on kernel's NameOwnerChanged messages? - - kdbus' busnames.target should get pulled in by basic.target - - Ignore .busname units on classic D-Bus boots, systemd-resolved cannot be started on kdbus - without the active policy and should get a Wants=org.freedesktop.resolve1.busname to - pull-in the policy. - port to sd-resolve for connecting to TCP dbus servers - kdbus: maybe add controlling tty metadata fields - see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself - when kdbus does not take our message without memfds, try again with memfds - - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list - see if we can drop more message validation on the sending side - add API to clone sd_bus_message objects - make AddMatch calls on dbus1 transports async? @@ -390,9 +418,6 @@ Features: * teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off}) -* after all byte-wise realloc() is slow, even on glibc, so i guess we - need manual exponential loops after all - * BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify that the boot loader should be installed to the ESP. Define a way how an installer can figure out whether a BLS compliant boot loader @@ -485,11 +510,11 @@ Features: - journal: add a setgid "systemd-journal" utility to invoke from libsystemd-journal, which passes fds via STDOUT and does PK access - journactl: support negative filtering, i.e. FOOBAR!="waldo", and !FOOBAR for events without FOOBAR. - - journal: send out marker messages every now and then, and immediately sync with fdatasync() afterwards, in order to have hourly guaranteed syncs. + - journal: store timestamp of journal_file_set_offline() int he header, + so it is possible to display when the file was last synced. - journal-send.c, log.c: when the log socket is clogged, and we drop, count this and write a message about this when it gets unclogged again. - journal: find a way to allow dropping history early, based on priority, other rules - journal: When used on NFS, check payload hashes - - journal live copy, based on libneon (client) and libmicrohttpd (server) - journald: add kernel cmdline option to disable ratelimiting for debug purposes - refuse taking lower-case variable names in sd_journal_send() and friends. - journald: we currently rotate only after MaxUse+MaxFilesize has been reached. @@ -582,11 +607,7 @@ Features: * currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not * nspawn: - - bind mount read-only the cgroup tree higher than nspawn - refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK). - - introduce machines.target to order after all nspawn instances - - systemd-nspawn@.service should fail if some nspawn arg is invalid, with Type=notify - - PID 1 doesn't apply nspawns devices cgroup policy * cryptsetup: - cryptsetup-generator: allow specification of passwords in crypttab itself @@ -673,6 +694,8 @@ Features: * tmpfiles: - apply "x" on "D" too (see patch from William Douglas) + - replace F with f+. + - instead of ignoring unknown fields, reject them. * for services: do not set $HOME in services unless requested @@ -783,7 +806,6 @@ Features: - write more test cases - implement and do duplicate address detection, see rfc 4862, 5.4. - implement reconfigure support, see 5.3., 15.11. and 22.20. - - implement information request, see 1.2. and 18.1.5. - implement support for temporary adressess (IA_TA) - implement dhcpv6 authentication - investigate the usefulness of Confirm messages; i.e. are there any