X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=TODO;h=f09e85303a2e8374d69b08f1329e488420fd2e75;hp=9ffe6b0c2b0f40913879dec9ccfe871c95f24163;hb=8225488bec7b0e57ea0ca23e2cdc63064bfc48ab;hpb=9459781ee66eb57709c8b8701701365ba60a9f1c diff --git a/TODO b/TODO index 9ffe6b0c2..f09e85303 100644 --- a/TODO +++ b/TODO @@ -1,8 +1,8 @@ Bugfixes: -* enabling an instance unit creates a pointless link, and - the unit will be started with getty@getty.service: - $ systemctl enable getty@.service - ln -s '/usr/lib/systemd/system/getty@.service' '/etc/systemd/system/getty.target.wants/getty@.service' +* Re-enable "fsck -l" when it is ready: + https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5 + +* Should systemctl status \* work on all unit types, not just .service? * Dangling symlinks of .automount unit files in .wants/ directories, set up automount points even when the original .automount file did not exist @@ -10,14 +10,7 @@ Bugfixes: * properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point. -* shorten the message to sane length: - - Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details. - -* systemctl --root=container/ set-default ... is totally borked. - External: - * Fedora: when installing fedora with yum --installroot /var/run is a directory, not a symlink https://bugzilla.redhat.com/show_bug.cgi?id=975864 @@ -25,16 +18,67 @@ External: * Fedora: post FPC ticket to move add %tmpfiles_create to the packaging guidelines +* Fedora: move kernel image to /usr/lib/modules/, kernel-install will take care of populating /boot + Features: +* new component "systemd-first-boot" which asks for locale, timezone, + root password on first boot if the configuration for that has not + been provisioned yet. Similar in style to what the distros have, but + minimalist, text-only /dev/console stuff. + +* Add a new verb "systemctl top" + +* order OnCalendar timer units after timer-sync.target if DefaultDependencies=no so that we don't trigger them prematurely + +* refuse mounting on symlinks + +* logind: allow users to kill or lock their own sessions + +* support empty /etc boots nicely: + - nspawn/gpt-generator: introduce new gpt partition type for /usr + - nspawn: add --mode=auto,stateful,stateless,volatile + - fstab-generator: support auot/stateful/stateless/volatile on the kernel cmdline, too + - fstab-generator: add support for usr= in addition to root= on the kernel cmdline + +* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them. + +* support setting empty environment variables with Environment= and EnvironmentFile= + +* machined/machinectl: sort IP addresses we return by scope and protocol +* machined: write NSS module for looking up IP addresses for machines + +* timer units: actually add extra delays to timer units with high AccuracySec values, don't start them already when we are awake... + +* timesyncd - hookup with networkd: NTP servers from dhcp + +* a way for container managers to turn off getty starting via $container_headless= or so... + +* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit + +* journalctl: add the ability to look for the most recent process of a binary. journalctl /usr/bin/X11 --pid=-1 or so... + +* set NOTIFY_SOCKET also for control processes + +* mount_cgroup_controllers(): symlinks need to get the label applied + +* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services + they run added to the initial transaction and thus confuse Type=idle. + +* Add timeout to early-boot, and shut down the system if it is hit. Solves the laptop-in-bag problem and is useful for embedded cases + +* Run most system services with cgroupfs read-only and procfs with a more secure mode (doesn't work, since the hidepid= option is per-pid-namespace, not per-mount) + +* sd-event: generate a failure of a default event loop is executed out-of-thread + +* expose "Locked" property on logind sesison objects + * add bus api to query unit file's X fields. * consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= * sd-event: define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ... -* maybe add DefaultTimerAccuracySec= as global config option to set AccuracySec='s default value in .timer units - * gpt-auto-generator: - Support LUKS for root devices - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap? @@ -42,24 +86,9 @@ Features: * improve journalctl performance by loading journal files lazily. Encode just enough information in the file name, so that we - don't have to open it to know that it is not interesting for us, for + do not have to open it to know that it is not interesting for us, for the most common operations. -* support transient mount units - -* Imply DevicePolicy=closed when PrivateDevices= is used. Mount - pts+kdbus+shm+mqueue into /dev namespace - -* add an "input" group to udev logic and add all input devices to it - -* machined: provide calls GetMachineByAddress() on the manager - interface to get the machine for a local IP address, and - GetAddress() on the Machine interface to get the Address for a - machine. Implement via forking off child process which quickly joins - the cotnainer and passes data to parent. Show this in "machinectl - status", and use it to implement NSS module to provide automatic - name resolution for containers. - * add generator that pulls in systemd-network from containers when CAP_NET_ADMIN is set, more than the loopback device is defined, even when it is otherwise off @@ -69,9 +98,6 @@ Features: * "busctl status" works only as root on dbus1, since we cannot read /proc/$PID/exe -* systemctl: support --recursive for list-sockets, list-timers, - ... too, not just for list-units. - * implement Distribute= in socket units to allow running multiple service instances processing the listening socket, and open this up for ReusePort= @@ -92,8 +118,6 @@ Features: on screen, not unlike how job control works on the shell * completions: - - busctl zsh completion is outdated - - systemd-nspawn -Z/-L/-q is missing for zsh - manager property enumeration was broken when systemd moved to /usr/lib/ * cgroups: @@ -124,8 +148,6 @@ Features: * Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk? -* socket-proxyd: Use sd-resolve to resolve the server address - * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it * After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs @@ -142,46 +164,35 @@ Features: * btrfs raid assembly: some .device jobs stay stuck in the queue -* make sure gdm doesn't use multi-user-x but the new default X configuration file, and then remove multi-user-x from systemd +* make sure gdm does not use multi-user-x but the new default X configuration file, and then remove multi-user-x from systemd * man: the documentation of Restart= currently is very misleading and suggests the tools from ExecStartPre= might get restarted. * load .d/*.conf dropins for device units -* gparted needs to disable auto-activation of mount units somehow, or - maybe we should stop doing auto-activation of this after boot - entirely. https://bugzilla.gnome.org/show_bug.cgi?id=701676 - Maybe take a BSD lock at the disk device node and teach udev to - check for that and suppress event handling. - * allow implementation of InaccessibleDirectories=/ plus ReadOnlyDirectories=... for whitelisting files for a service. * sd-bus: - - when kdbus doesn't take our message without memfds, try again with memfds - - implement monitor logic + - when kdbus does not take our message without memfds, try again with memfds + - systemd-bus-proxyd needs to enforce good old XML policy + - allow updating attach flags during runtime + - pid1: peek into activating message when activating a service + - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list + - port to sd-resolve for connecting to TCP dbus servers - see if we can drop more message validation on the sending side - add API to clone sd_bus_message objects - - systemd-bus-proxyd needs to enforce good old XML policy - - upload minimal kdbus policy into the kernel at boot + - make AddMatch calls on dbus1 transports async? - kdbus: matches against source or destination pids for an "strace -p"-like feel. Problem: The PID info needs to be available in userspace too... - longer term: priority inheritance - - check sender of response messages - dbus spec updates: - kdbus mapping - NameLost/NameAcquired obsolete - GVariant - "const" properties (posted) - path escaping - - port exit-on-idle logic to byebye ioctl - update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now - - allow updating attach flags during runtime - - pid1: peek into activating message when activating a service - test bloom filter generation indexes - - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list - - port to sd-resolve for connecting to TCP dbus servers - - constructors for bus messages should probably not be OK with a NULL bus pointer - - .busname units should not use get_user_creds()/get_cgroup_creds() but instead do NSS only in temporarily forked off child * sd-event - allow multiple signal handlers per signal? @@ -211,14 +222,8 @@ Features: - add 'set -e' to scripts in test/ - make stuff in test/ work with separate output dir -* systemctl delete x.snapshot leaves no trace in logs (at least at default level). - -* make the coredump collector tool move itself into the user's cgroup - so that the coredump is properly written to the user's own journal - file. - * seems that when we follow symlinks to units we prefer the symlink - destination path over /etc and /usr. We shouldn't do that. Instead + destination path over /etc and /usr. We should not do that. Instead /etc should always override /run+/usr and also any symlink destination. @@ -230,10 +235,10 @@ Features: * after all byte-wise realloc() is slow, even on glibc, so i guess we need manual exponential loops after all -* BootLoaderSpec: drop allowing ext234 for $BOOT. Clarify that the - kernel has to be in $BOOT. Clarify that the boot loader should be - installed to the ESP. Define a way how an installer can figure out - whether a BLS compliant boot loader is installed. +* BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify + that the boot loader should be installed to the ESP. Define a way + how an installer can figure out whether a BLS compliant boot loader + is installed. * think about requeuing jobs when daemon-reload is issued? usecase: the initrd issues a reload after fstab from the host is accessible @@ -244,7 +249,7 @@ Features: * journal-or-kmsg is currently broken? See reverted commit 4a01181e460686d8b4a543b1dfa7f77c9e3c5ab8. -* remove any syslog support from log.c -- we probably can't do this before split-off udev is gone for good +* remove any syslog support from log.c -- we probably cannot do this before split-off udev is gone for good * shutdown logging: store to EFI var, and store to USB stick? @@ -254,14 +259,11 @@ Features: * use "log level" rather than "log priority" everywhere -* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to. - * merge unit_kill_common() and unit_kill_context() * introduce ExecCondition= in services * EFI: - - write man page for efi boot generator - honor language efi variables for default language selection (if there are any?) - honor timezone efi variables for default timezone selection (if there are any?) - change bootctl to be backed by systemd-bootd to control temporary and persistent default boot goal plus efi variables @@ -283,7 +285,6 @@ Features: - logind: wakelock/opportunistic suspend support - Add pretty name for seats in logind - logind: allow showing logout dialog from system? - - logind: add equivalent to sd_pid_get_owner_uid() to the D-Bus API - we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case - session scopes/user unit: add RequiresMountsFor for the home directory of the user - add Suspend() bus calls which take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quickly. @@ -301,7 +302,7 @@ Features: - journald: also get thread ID from client, plus thread name - journal: when waiting for journal additions in the client always sleep at least 1s or so, in order to minimize wakeups - add API to close/reopen/get fd for journal client fd in libsystemd-journal. - - fallback to /dev/log based logging in libsystemd-journal, if we can't log natively? + - fallback to /dev/log based logging in libsystemd-journal, if we cannot log natively? - declare the local journal protocol stable in the wiki interface chart - journal: reuse XZ context - sd-journal: speed up sd_journal_get_data() with transparent hash table in bg @@ -337,7 +338,7 @@ Features: - journald: make sure ratelimit is actually really per-service with the new cgroup changes - change systemd-journal-flush into a service that stays around during boot, and causes the journal to be moved back to /run on shutdown, - so that we don't keep /var busy. This needs to happen synchronously, + so that we do not keep /var busy. This needs to happen synchronously, hence doing this via signals is not going to work. * document: @@ -364,39 +365,27 @@ Features: about it. Should fix both to print nice actionable messages. - print nice message from systemctl --failed if there are no entries shown, and hook that into ExecStartPre of rescue.service/emergency.service - add new command to systemctl: "systemctl system-reexec" which reexecs as many daemons as virtually possible - - systemctl enable: improve the success messages (i.e. more human readable, less shell-like) - - systemctl enable: fail if target to alias into doesn't exist? maybe show how many units are enabled afterwards? + - systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards? - systemctl: "Journal has been rotated since unit was started." message is misleading - support "systemctl stop foobar@.service" to stop all units matching a certain template - Something is wrong with symlink handling of "autovt@.service" in "systemctl list-unit-files" - - rework wait filter to not require match callback - better error message if you run systemctl without systemd running - systemctl status output should should include list of triggering units and their status - - in systemctl list-timers show time triggering units ran last * unit install: - "systemctl mask" should find all names by which a unit is accessible (i.e. by scanning for symlinks to it) and link them all to /dev/null - - "systemctl disable" of a unit instance removes all symlinks, but should - only remove the instance symlink (systemctl disable of a template - unit however should remove them all). - systemctl list-unit-files should list generated files (and probably with a new state "generated" for them, or so) - systemctl: maybe add "systemctl add-wants" or so... -* introduce ntp.service (or suchlike) as symlink that is used to arbitrate between various NTP implementations - -* deal with sendmail/postfix exclusivity - * timer units: - - timer events with system resume - timer units should get the ability to trigger when: o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET) o DST changes - Support 2012-02~4 as syntax for specifying the fourth to last day of the month. - calendarspec: support value ranges with ".." notation. Example: 2013-4..8-1 - - when parsing calendar timestamps support the UTC timezone (even if we won't support arbitrary timezone specs, support UTC itself certainly makes sense), also support syntaxes such as +0200 + - when parsing calendar timestamps support the UTC timezone (even if we will not support arbitrary timezone specs, support UTC itself certainly makes sense), also support syntaxes such as +0200 - Modulate timer frequency based on battery state - - anacron-like feature * update the kernel's TZ (sys_tz) when DST changes @@ -407,50 +396,29 @@ Features: mode, it will never touch the RTC if the no reliable time source is active or the user did not request anything like it. -* libunwind support for coredump pattern hook, and includes this in - the message for coredumps. After all, libunwind is now capable to - unwind coredumps since a few weeks ago. This probably requires that - we have nice support for multi-line messages on display in - logs-show.c. Alternatively: use libelfutil, which seems to be the - better supported alternative. - * add libsystemd-password or so to query passwords during boot using the password agent logic * If we show an error about a unit (such as not showing up) and it has no Description string, then show a description string generated form the reverse of unit_name_mangle(). * fedup: add --unit to systemctl switch-root somehow -* fedup: don't delete initrd on switch-root +* fedup: do not delete initrd on switch-root * fedup: generator -* timedated: refuse time changes when NTP is on - * clean up date formatting and parsing so that all absolute/relative timestamps we format can also be parsed * on shutdown: move utmp, wall, audit logic all into PID 1 (or logind?), get rid of systemd-update-utmp-runlevel -* add "provisioning" instructions to setup an empty /etc + /var - - used to setup a new container from a shared /usr - - superset of tmpfiles model - - instructions shipped by packages and stored in /usr/lib/ - - compose /etc/passwd and /etc/group, copy files - - able to create uid + gid used by packages, for file ownership - * make repeated alt-ctrl-del presses printing a dump, or even force a reboot without waiting for the timeout * hostnamed: before returning information from /etc/machine-info.conf check the modification data and reread. Similar for localed, ... -* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab isn't +* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not * nspawn: - - nspawn: --read-only is not applied recursively to submounts - bind mount read-only the cgroup tree higher than nspawn - - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters - refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK). - support taking a btrfs snapshot at startup and dropping it afterwards - - maybe: hookup nspawn and PrivateNetwork=yes with "ip netns" - - generate predictable mac addresses for the netdev we create (host0), maybe based on guest's machine - name and machine-id of host (?) * cryptsetup: - cryptsetup-generator: allow specification of passwords in crypttab itself @@ -465,30 +433,21 @@ Features: * make timer units go away after they elapsed -* http://lists.freedesktop.org/archives/systemd-devel/2012-September/006502.html - (network and remote-fs on shutdown) - * come up with a nice way to write queue/read_ahead_kb for a block device without interfering with readahead * move PID 1 segfaults to /var/lib/systemd/coredump? * create /sbin/init symlinks from the build system -* Query Paul Moore about relabelling socket fds while they are open - * allow writing multiple conditions in unit files on one line -* explore multiple service instances per listening socket idea - * MountFlags=shared acts as MountFlags=slave right now. -* ReadOnlyDirectories= is not applied recursively to submounts - * drop PID 1 reloading, only do reexecing (difficult: Reload() currently is properly synchronous, Reexec() is weird, because we - can't delay the response properly until we are back, so instead of + cannot delay the response properly until we are back, so instead of being properly synchronous we just keep open the fd and close it - when done. That means clients don't get a successful method reply, + when done. That means clients do not get a successful method reply, but much rather a disconnect on success. * properly handle loop back mounts via fstab, especially regards to fsck/passno @@ -502,7 +461,7 @@ Features: * rename "userspace" to "core-os" * load-fragment: when loading a unit file via a chain of symlinks - verify that it isn't masked via any of the names traversed. + verify that it is not masked via any of the names traversed. * introduce Type=pid-file @@ -534,8 +493,6 @@ Features: * introduce mix of BindTo and Requisite -* add DeleteSocketsOnStop=yes|no option to socket units - * There's currently no way to cancel fsck (used to be possible via C-c or c on the console) * add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/ @@ -546,7 +503,7 @@ Features: * support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting) -* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max +* default to actual 32-bit PIDs, via /proc/sys/kernel/pid_max * be able to specify a forced restart of service A where service B depends on, in case B needs to be auto-respawned? @@ -554,12 +511,11 @@ Features: * when a bus name of a service disappears from the bus make sure to queue further activation requests * tmpfiles: - - check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar - apply "x" on "D" too (see patch from William Douglas) -* for services: don't set $HOME in services unless requested +* for services: do not set $HOME in services unless requested -* hide PAM/TCPWrap options in fragment parser when compile time disabled +* hide PAM options in fragment parser when compile time disabled * when we automatically restart a service, ensure we restart its rdeps, too. @@ -581,8 +537,6 @@ Features: when we start a service in order to avoid confusion when a user assumes starting a service is enough to make it accessible -* support User= and Group= attributes for AF_UNIX sockets. (difficult, requires NSS from PID 1?) - * Make it possible to set the keymap independently from the font on the kernel cmdline. Right now setting one resets also the other. @@ -595,8 +549,6 @@ Features: - readahead: when bumping /sys readahead variable save mtime and compare later to detect changes - readahead: make use of EXT4_IOC_MOVE_EXT, as used by http://e4rat.sourceforge.net/ -* add support for /bin/mount -s - * GC unreferenced jobs (such as .device jobs) * write blog stories about: @@ -622,8 +574,6 @@ Features: * allow port=0 in .socket units -* support systemd.mask= on the kernel command line. - * recreate systemd's D-Bus private socket file on SIGUSR2 * Support --test based on current system state @@ -636,8 +586,6 @@ Features: * fingerprint.target, wireless.target, gps.target, netdevice.target -* io priority during initialization - * drop cap bounding set in readahead and other services * systemd-python: @@ -655,21 +603,49 @@ Features: - Make sure ID_PATH is always exported and complete for network devices where possible, so we can safely rely on Path= matching + - check MTUBytes parsing (expecting size_t but we are using unsigned) * sd-rtnl: - - add support for exiting containers without reading them fully first - add support for more attribute types + - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places * networkd: - - make sure RTM_NEWLINK messages match both the ifname and kind when setting the ifindex of a netdev - add more keys to [Route] and [Address] sections - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config) + - send hostname to DHCP server - add proper initrd support (in particular generate .network/.link files based on /proc/cmdline) - add reduced [Link] support to .network files - - add IPv4LL tests (inspire by DHCP) - add Scope= parsing option for [Network] - - change LL address generation and make it predictable like get_mac() (link-config.c) - - have smooth transition from LL to routable address, without disconnecting clients. + - properly handle routerless dhcp leases + - add veth netdev support (c.f. http://shorewall.net/bridge-Shorewall-perl.html#veth) + - add tun/tap netdev support + - add more attribute support for SIT tunnel + - make metric of routes configurable + - work with non-ethernet devices + +* networkd-wait-online: + - make operstates to wait for configurable? + +* dhcp: + - figure out how much we can increase Maximum Message Size + - export timezone information + - FORCERENEW + +* dhcp6: + - add functions to set previously stored IPv6 addresses on startup and get + them at shutdown; store them in client->ia_na + - write more test cases + - implement and do duplicate address detection, see rfc 4862, 5.4. + - implement reconfigure support, see 5.3., 15.11. and 22.20. + - implement information request, see 1.2. and 18.1.5. + - implement support for temporary adressess (IA_TA) + - implement elapsed time option + - implement dhcpv6 authentication + - investigate the usefulness of Confirm messages; i.e. are there any + situations where the link changes without any loss in carrier detection + or interface down + - some servers don't do rapid commit without a filled in IA_NA, verify + this behavior External: @@ -683,17 +659,11 @@ External: * patch kernel for xattr support in /dev, /proc/, /sys? -* NTP: the kernel's 11-minutes-mode syncs the system time to the RTC, but only - in an ~30 minutes window. It does not adjust larger differences. Find a way - to tell the kernel, to always do a full time sync when the RTC is in UTC and - we are in 11-minutes-mode. When we trust the system time to NTP we also want - the RTC to sync up. - * kernel: add device_type = "fb", "fbcon" to class "graphics" * drop accountsservice's StandardOutput=syslog and Type=dbus fields -* dbus upstream still refers to dbus.target and shouldn't +* dbus upstream still refers to dbus.target and should not * dbus: in fedora, make /var/lib/dbus/machine-id a symlink to /etc/machine-id @@ -709,6 +679,8 @@ External: * fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it +* register catalog database signature as file magic + Regularly: * look for close() vs. close_nointr() vs. close_nointr_nofail() @@ -719,7 +691,7 @@ Regularly: * pahole -* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()! +* set_put(), hashmap_put() return values check. i.e. == 0 does not free()! * use secure_getenv() instead of getenv() where appropriate