Features:
+* drop parsing of chkconfig header lines from service.c
+
+* mount_cgroup_controllers(): symlinks need to get the label applied
+
+* For timer units: add some mechanisms so that timer units that trigger immediately on boot don't have the services they run added to the initial transaction and thus confuse Type=idle. Alternatively, split up the boot-up state into two, and make Type=idle only be affected by jobs for the default target, but ignore any further jobs
+
+* Add RPM macros for registering/unregistering binfmt drop-ins
+
+* Add timeout to early-boot, and shut down the system if it is hit. Solves the laptop-in-bag problem and is useful for embedded cases
+
+* sd-resolve: add callback api
+
+* ImmutableSystem=yes/no or so to mount /usr, /boot read-only/invisible, and leave /var and /etc writable
+
+* InaccessibleHome=yes/no or so to hide /home and /run/user from a service
+
+* Run most system services with cgroupfs read-only and procfs with a more secure mode
+
+* sd-event: generate a failure of a default event loop is executed out-of-thread
+
* add "M" as recursive version of "m" to tmpfiles, then use it for
chowning /run/log/journal (but not /var/log/journal), so that we
adjust the perms of journal files created before tmpfiles ran.
* "busctl status" works only as root on dbus1, since we cannot read
/proc/$PID/exe
-* systemctl: support --recursive for list-sockets, list-timers,
- ... too, not just for list-units.
-
* implement Distribute= in socket units to allow running multiple
service instances processing the listening socket, and open this up
for ReusePort=
ReadOnlyDirectories=... for whitelisting files for a service.
* sd-bus:
+ - make AddMatch calls on dbus1 transports async
- when kdbus doesn't take our message without memfds, try again with memfds
- systemd-bus-proxyd needs to enforce good old XML policy
- port exit-on-idle logic to byebye ioctl
* fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it
+* register catalog database signature as file magic
+
Regularly:
* look for close() vs. close_nointr() vs. close_nointr_nofail()