update TODO
This commit is contained in:
parent
70cb8b7b16
commit
2c5f295823
21
TODO
21
TODO
|
@ -33,7 +33,13 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
* RemoveIPC= in unit files for removing POSIX/SysV IPC objects
|
* introduce an "invocation ID" for units, that is randomly generated, and
|
||||||
|
identifies each runtime-cycle of a unit. It should be set freshly each time
|
||||||
|
we traverse inactive → activating/active, and should be the primary key to
|
||||||
|
map offline data (stored in the journal) with online bus objects. Let's pass
|
||||||
|
this as $SYSTEMD_INVOCATION_ID to services, as well as set this as xattr on
|
||||||
|
the cgroup of a services. The former is accessible without privileges, the
|
||||||
|
latter ensures the ID cannot be faked.
|
||||||
|
|
||||||
* Introduce ProtectSystem=strict for making the entire OS hierarchy read-only
|
* Introduce ProtectSystem=strict for making the entire OS hierarchy read-only
|
||||||
except for a select few
|
except for a select few
|
||||||
|
@ -58,6 +64,8 @@ Features:
|
||||||
|
|
||||||
* ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only
|
* ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only
|
||||||
|
|
||||||
|
* ProtectKernelTunables= which mounts /sys and /proc/sys read-only
|
||||||
|
|
||||||
* RemoveKeyRing= to remove all keyring entries of the specified user
|
* RemoveKeyRing= to remove all keyring entries of the specified user
|
||||||
|
|
||||||
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
|
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
|
||||||
|
@ -76,6 +84,9 @@ Features:
|
||||||
|
|
||||||
* journalctl: make sure -f ends when the container indicated by -M terminates
|
* journalctl: make sure -f ends when the container indicated by -M terminates
|
||||||
|
|
||||||
|
* mount: automatically search for "main" partition of an image has multiple
|
||||||
|
partitions
|
||||||
|
|
||||||
* expose the "privileged" flag of ExecCommand on the bus, and open it up to
|
* expose the "privileged" flag of ExecCommand on the bus, and open it up to
|
||||||
transient units
|
transient units
|
||||||
|
|
||||||
|
@ -86,6 +97,12 @@ Features:
|
||||||
|
|
||||||
* allow attaching additional journald log fields to cgroups
|
* allow attaching additional journald log fields to cgroups
|
||||||
|
|
||||||
|
* add bus API for creating unit files in /etc, reusing the code for transient units
|
||||||
|
|
||||||
|
* add bus API to remove unit files from /etc
|
||||||
|
|
||||||
|
* add bus API to retrieve current unit file contents (i.e. implement "systemctl cat" on the bus only)
|
||||||
|
|
||||||
* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the
|
* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the
|
||||||
kernel doesn't support linkat() that replaces existing files, currently)
|
kernel doesn't support linkat() that replaces existing files, currently)
|
||||||
|
|
||||||
|
@ -112,8 +129,6 @@ Features:
|
||||||
|
|
||||||
* add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction
|
* add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction
|
||||||
|
|
||||||
* Maybe add a way how users can "pin" units into memory, so that they are not subject to automatic GC?
|
|
||||||
|
|
||||||
* PID1: find a way how we can reload unit file configuration for
|
* PID1: find a way how we can reload unit file configuration for
|
||||||
specific units only, without reloading the whole of systemd
|
specific units only, without reloading the whole of systemd
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue