X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=TODO;h=fc56c614a3e76f715baf3b5708d72616ff1fa98c;hp=0999c9040d7e215cbe1b5a88014c4cbb00506df6;hb=93ae25e6fd62b2f87c3dd9ad3e81934eecc48057;hpb=aa575ef8dec6fe74c9fdf27960125dd214511202 diff --git a/TODO b/TODO index 0999c9040..fc56c614a 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,5 @@ Bugfixes: -* killing nspawn with ]]] results in: - machine-f20.scope stopping timed out. Killing. - Stopped Container f20. - Unit machine-f20.scope entered failed state. - and it cannot be started again +* Should systemctl status \* work on all unit types, not just .service? * enabling an instance unit creates a pointless link, and the unit will be started with getty@getty.service: @@ -16,18 +12,16 @@ Bugfixes: * properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point. -* When we detect invalid UTF-8, we cannot use it in an error message: - log...("Path is not UTF-8 clean, ignoring assignment: %s", rvalue); - * shorten the message to sane length: Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details. * systemctl --root=container/ set-default ... is totally borked. -External: +* sd_bus_unref() is broken regarding self-references and "pseudo thread-safety". + See the comment in sd_bus_unref() for more.. -* ps should gain colums for slice +External: * Fedora: when installing fedora with yum --installroot /var/run is a directory, not a symlink https://bugzilla.redhat.com/show_bug.cgi?id=975864 @@ -38,7 +32,72 @@ External: Features: -* hookup nspawn and PrivateNetwork=yes with "ip netns" +* drop parsing of chkconfig header lines from service.c + +* mount_cgroup_controllers(): symlinks need to get the label applied + +* For timer units: add some mechanisms so that timer units that trigger immediately on boot don't have the services they run added to the initial transaction and thus confuse Type=idle. Alternatively, split up the boot-up state into two, and make Type=idle only be affected by jobs for the default target, but ignore any further jobs + +* Add RPM macros for registering/unregistering binfmt drop-ins + +* Add timeout to early-boot, and shut down the system if it is hit. Solves the laptop-in-bag problem and is useful for embedded cases + +* sd-resolve: add callback api + +* ImmutableSystem=yes/no or so to mount /usr, /boot read-only/invisible, and leave /var and /etc writable + +* InaccessibleHome=yes/no or so to hide /home and /run/user from a service + +* Run most system services with cgroupfs read-only and procfs with a more secure mode + +* sd-event: generate a failure of a default event loop is executed out-of-thread + +* add "M" as recursive version of "m" to tmpfiles, then use it for + chowning /run/log/journal (but not /var/log/journal), so that we + adjust the perms of journal files created before tmpfiles ran. + +* expose "Locked" property on logind sesison objects + +* add bus api to query unit file's X fields. + +* consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= + +* sd-event: define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ... + +* gpt-auto-generator: + - Support LUKS for root devices + - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap? + - Make /home automount rather than mount? + +* improve journalctl performance by loading journal files + lazily. Encode just enough information in the file name, so that we + don't have to open it to know that it is not interesting for us, for + the most common operations. + +* support transient mount units + +* add an "input" group to udev logic and add all input devices to it + +* machined: provide calls GetMachineByAddress() on the manager + interface to get the machine for a local IP address, and + GetAddress() on the Machine interface to get the Address for a + machine. Implement via forking off child process which quickly joins + the cotnainer and passes data to parent. Show this in "machinectl + status", and use it to implement NSS module to provide automatic + name resolution for containers. + +* add generator that pulls in systemd-network from containers when + CAP_NET_ADMIN is set, more than the loopback device is defined, even + when it is otherwise off + +* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size(). + +* "busctl status" works only as root on dbus1, since we cannot read + /proc/$PID/exe + +* implement Distribute= in socket units to allow running multiple + service instances processing the listening socket, and open this up + for ReusePort= * socket units: support creating sockets in different namespace, opening it up for JoinsNamespaceOf=. This would require to fork off @@ -46,13 +105,6 @@ Features: and passes this back to PID1 via SCM_RIGHTS. This also could be used to allow Chown/chgrp on sockets without requiring NSS in PID 1. -* sd-resolve: - - make sure event loop integration works similar to event loop integration in other libs - - maybe drop _free() call, introduce _unref() instead - - maybe simplify function calls that take a sd_resolve_query object, to not also require the matching sd_resolve? - - maybe drop the "n_proc" parameter to sd_resolve_new()? - - change all functions to return "int" and negative errno errors - * New service property: maximum CPU and wallclock runtime for a service * introduce bus call FreezeUnit(s, b), as well as "systemctl freeze @@ -62,15 +114,10 @@ Features: desktop UIs such as gnome-shell to freeze apps that are not visible on screen, not unlike how job control works on the shell -* machinectl bash completion is missing -* busctl bash and zsh completions are outdated - -* Introduce PrivateDevices=yes/no which works like PrivateTmp= but for /dev setting up a tmpfs for it that only includes /dev/null, /dev/zero, /dev/random, /dev/urandom, but nothing else. - -* libsystemd-journal returns the object created as first param in sd_journal_new(), sd_bus_new() and suchlike as last... +* completions: + - manager property enumeration was broken when systemd moved to /usr/lib/ * cgroups: - - implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory?) - implement per-slice CPUFairScheduling=1 switch - handle jointly mounted controllers correctly - introduce high-level settings for RT budget, swappiness @@ -84,15 +131,10 @@ Features: - add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt - ensure scope units may be started only a single time -* code cleanup - - we probably should replace the left-over uses of strv_append() and replace them by strv_push() or strv_extend() - * Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk? * when we detect low battery and no AC on boot, show pretty splash and refuse boot -* move libasyncns into systemd as libsystemd-asyncns - * machined, localed: when we try to kill an empty cgroup, generate an ESRCH error over the bus * libsystemd-journal, libsystemd-login, libudev: add calls to easily attach these objects to sd-event event loops @@ -103,24 +145,16 @@ Features: * Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk? -* socket-proxyd:Use a nonblocking alternative to getaddrinfo +* socket-proxyd: Use sd-resolve to resolve the server address * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it -* Add a new Distribute=$NUMBER key to socket units that makes use of SO_REUSEPORT to distribute network traffic on $NUMBER instances - -* move config_parse_path_strv() out of conf-parser.c - * After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs * If we try to find a unit via a dangling symlink, generate a clean error. Currently, we just ignore it and read the unit from the search path anyway. -* When a Type=forking service fails and needed another service, that - service is not cleaned up again when it has StopWhenUnneeded=yes - http://lists.freedesktop.org/archives/systemd-devel/2013-July/012141.html - * refuse boot if /etc/os-release is missing or /etc/machine-id cannot be set up * given that logind now lets PID 1 do all nasty work, we can @@ -141,35 +175,32 @@ Features: Maybe take a BSD lock at the disk device node and teach udev to check for that and suppress event handling. -* something pulls in pcre as shared object dependency into our daemons such as hostnamed. - * allow implementation of InaccessibleDirectories=/ plus ReadOnlyDirectories=... for whitelisting files for a service. * sd-bus: - - let the activator peek the peer connection with KDBUS_CMD_MSG_SRC and log it + - make AddMatch calls on dbus1 transports async - when kdbus doesn't take our message without memfds, try again with memfds - - implement monitor logic + - systemd-bus-proxyd needs to enforce good old XML policy + - port exit-on-idle logic to byebye ioctl + - allow updating attach flags during runtime + - pid1: peek into activating message when activating a service + - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list + - constructors for bus messages should probably not be OK with a NULL bus pointer + - .busname units should not use get_user_creds()/get_cgroup_creds() but instead do NSS only in temporarily forked off child - see if we can drop more message validation on the sending side - add API to clone sd_bus_message objects - - systemd-bus-proxyd needs to enforce good old XML policy - - upload minimal kdbus policy into the kernel at boot - kdbus: matches against source or destination pids for an "strace -p"-like feel. Problem: The PID info needs to be available in userspace too... - - longer term: - * priority queues - * priority inheritance - - check sender of response messages + - longer term: priority inheritance - dbus spec updates: - kdbus mapping - NameLost/NameAcquired obsolete - GVariant - "const" properties (posted) - - port exit-on-idle logic to byebye ioctl - - make use of "drop" ioctl in pid 1 bus activation - - bus proxy: override unique id sender for messages from driver to match the well-known name - - bus driver: GetNameOwner() for "org.freedesktop.DBus" should return "org.freedesktop.DBus" + - path escaping - update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now - - bus proxy should fake seclabel when connecting to kdbus + - test bloom filter generation indexes + - port to sd-resolve for connecting to TCP dbus servers * sd-event - allow multiple signal handlers per signal? @@ -178,11 +209,6 @@ Features: complain loudly if they have argv[0][0] == '@' set. https://bugzilla.redhat.com/show_bug.cgi?id=961044 -* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on - https://bugzilla.redhat.com/show_bug.cgi?id=952634 - -* maybe add a warning to the unit file parses where the access mode of unit files is nonsensical. - * investigate endianness issues of UUID vs. GUID * dbus: when a unit failed to load (i.e. is in UNIT_ERROR state), we @@ -218,22 +244,15 @@ Features: * when isolating, try to figure out a way how we implicitly can order all units we stop before the isolating unit... -* add ConditionArchitecture= or so - * teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off}) -* Support SO_REUSEPORT with socket activation: - - Let systemd maintain a pool of servers. - - Use for seamless upgrades, by running the new server before stopping the - old. - * after all byte-wise realloc() is slow, even on glibc, so i guess we need manual exponential loops after all -* BootLoaderSpec: drop allowing ext234 for $BOOT. Clarify that the - kernel has to be in $BOOT. Clarify that the boot loader should be - installed to the ESP. Define a way how an installer can figure out - whether a BLS compliant boot loader is installed. +* BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify + that the boot loader should be installed to the ESP. Define a way + how an installer can figure out whether a BLS compliant boot loader + is installed. * think about requeuing jobs when daemon-reload is issued? usecase: the initrd issues a reload after fstab from the host is accessible @@ -256,11 +275,6 @@ Features: * timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to. -* dev-setup.c: when running in a container, create a tiny stub udev - database with the systemd tag set for all network interfaces found, - so that libudev reports them as present, and systemd's .device units - will be activated. - * merge unit_kill_common() and unit_kill_context() * introduce ExecCondition= in services @@ -288,11 +302,7 @@ Features: - logind: wakelock/opportunistic suspend support - Add pretty name for seats in logind - logind: allow showing logout dialog from system? - - logind: non-local X11 server handling - - logind: add equivalent to sd_pid_get_owner_uid() to the D-Bus API - - pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree - we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case - - when logging out, remove user-owned sysv and posix IPC objects - session scopes/user unit: add RequiresMountsFor for the home directory of the user - add Suspend() bus calls which take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quickly. - if pam_systemd is invoked by su from a process that is outside of a @@ -357,7 +367,6 @@ Features: - document in wiki how to map ical recurrence events to systemd timer unit calendar specifications - add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr. - document systemd-journal-flush.service properly - - man: remove .include documentation, and instead push people to use .d/*.conf - documentation: recommend to connect the timer units of a service to the service via Also= in [Install] - man: document the very specific env the shutdown drop-in tools live in - man: extend runlevel(8) to mention that runlevels suck, and are dead. Maybe add runlevel(7) with a note about that too @@ -381,7 +390,6 @@ Features: - rework wait filter to not require match callback - better error message if you run systemctl without systemd running - systemctl status output should should include list of triggering units and their status - - in systemctl list-timers show time triggering units ran last * unit install: - "systemctl mask" should find all names by which a unit is accessible @@ -397,7 +405,6 @@ Features: * deal with sendmail/postfix exclusivity * timer units: - - timer events with system resume - timer units should get the ability to trigger when: o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET) o DST changes @@ -405,7 +412,6 @@ Features: - calendarspec: support value ranges with ".." notation. Example: 2013-4..8-1 - when parsing calendar timestamps support the UTC timezone (even if we won't support arbitrary timezone specs, support UTC itself certainly makes sense), also support syntaxes such as +0200 - Modulate timer frequency based on battery state - - anacron-like feature * update the kernel's TZ (sys_tz) when DST changes @@ -416,10 +422,6 @@ Features: mode, it will never touch the RTC if the no reliable time source is active or the user did not request anything like it. -* if booted in "quiet" mode, and an error happens, turn on status - output again, so that the emergency mode isn't totally - surprising. Also, terminate plymouth. - * libunwind support for coredump pattern hook, and includes this in the message for coredumps. After all, libunwind is now capable to unwind coredumps since a few weeks ago. This probably requires that @@ -456,22 +458,14 @@ Features: * currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab isn't * nspawn: - - nspawn: consider changing users for -u with su, so that NSS resolving works correctly - - nspawn: implement personality changes a la linux32(8) - nspawn: --read-only is not applied recursively to submounts - - nspawn: make use of device cgroup controller by default - bind mount read-only the cgroup tree higher than nspawn - - nspawn: investigate whether we can support the same as LXC's - lxc.network.type=phys mode, and pass through entire network - interfaces to the container - - nspawn: maybe explicitly reset loginuid? - - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context + - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters - refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK). - - add an option to nspawn that uses seccomp to make socket(AF_NETLINK, - SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that - makes the audit userspace to think auditing is not available in the - kernel. - support taking a btrfs snapshot at startup and dropping it afterwards + - maybe: hookup nspawn and PrivateNetwork=yes with "ip netns" + - generate predictable mac addresses for the netdev we create (host0), maybe based on guest's machine + name and machine-id of host (?) * cryptsetup: - cryptsetup-generator: allow specification of passwords in crypttab itself @@ -501,8 +495,6 @@ Features: * explore multiple service instances per listening socket idea -* shutdown: don't read-only mount anything when running in container - * MountFlags=shared acts as MountFlags=slave right now. * ReadOnlyDirectories= is not applied recursively to submounts @@ -524,13 +516,6 @@ Features: * rename "userspace" to "core-os" -* syscall filter: - - syscall filter: add knowledge about compat syscalls - - syscall filter: don't enforce no new privs? - - syscall filter: option to return EPERM rather than SIGSYS? - - syscall filter: port to libseccomp - - system-wide seccomp filter - * load-fragment: when loading a unit file via a chain of symlinks verify that it isn't masked via any of the names traversed. @@ -558,6 +543,7 @@ Features: - move to LGPL - kill scsi_id - add trigger --subsystem-match=usb/usb_device device + - reimport udev db after MOVE events for devices without dev_t * when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting @@ -588,7 +574,7 @@ Features: * for services: don't set $HOME in services unless requested -* hide PAM/TCPWrap options in fragment parser when compile time disabled +* hide PAM options in fragment parser when compile time disabled * when we automatically restart a service, ensure we restart its rdeps, too. @@ -663,13 +649,6 @@ Features: * dot output for --test showing the 'initial transaction' -* port over to LISTEN_FDS/LISTEN_PID: - - postfix, saslauthd - - apache/samba - - libvirtd (/var/run/libvirt/libvirt-sock-ro) - - bluetoothd (/var/run/sdp! @/org/bluez/audio!) - - distccd - * fingerprint.target, wireless.target, gps.target, netdevice.target * io priority during initialization @@ -691,17 +670,24 @@ Features: - Make sure ID_PATH is always exported and complete for network devices where possible, so we can safely rely on Path= matching - - Check if Driver= is broken, or just my driver (bcma) * sd-rtnl: - - improve container support, and add support for entering containers when reading - add support for more attribute types + - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places + - add support for multi-part messages (simply call the same callback repeatedly?) * networkd: + - change from udev to rtnl being the main events we listen to devices on, udev will then simply + be used for synchronization - add more keys to [Route] and [Address] sections - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config) - - allow opting out of receiving DNS servers over DHCPv4 - add proper initrd support (in particular generate .network/.link files based on /proc/cmdline) + - add reduced [Link] support to .network files + - add IPv4LL tests (inspire by DHCP) + - add Scope= parsing option for [Network] + +* sd-network: + - make sure ipv4ll and dhcp clients can handle changing mac addresses while running External: @@ -741,6 +727,8 @@ External: * fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it +* register catalog database signature as file magic + Regularly: * look for close() vs. close_nointr() vs. close_nointr_nofail()