picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

This commit is contained in:
Lennart Poettering 2016-06-24 11:45:06 +02:00
parent 54522e941d
commit 3efb871a3c
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
TODO
View File

@ -33,8 +33,6 @@ Janitorial Clean-ups:
Features: Features:
* resolved: maybe add a switch to disable any local caching
* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
@ -47,8 +45,6 @@ Features:
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) * RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
* RestrictRealtime= which takes aware ability to create realtime processes
* nspawn: make /proc/sys/net writable? * nspawn: make /proc/sys/net writable?
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
@ -66,8 +62,6 @@ Features:
* transient units: don't bother with actually setting unit properties, we * transient units: don't bother with actually setting unit properties, we
reload the unit file anyway reload the unit file anyway
* make sure resolved can be restarted without losing pushed-in dns config
* journald: sigbus API via a signal-handler safe function that people may call * journald: sigbus API via a signal-handler safe function that people may call
from the SIGBUS handler from the SIGBUS handler
@ -79,9 +73,6 @@ Features:
* resolved: when routing queries, make sure only look for the *longest* suffix... * resolved: when routing queries, make sure only look for the *longest* suffix...
* resolved: maybe, after all, implement local listening for DNS packets on port
127.0.0.53:53.
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it * delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
@ -115,8 +106,6 @@ Features:
* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services * man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services
* install: include generator dirs in unit file search paths
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline * fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date * docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date
@ -226,6 +215,7 @@ Features:
names, so that for the container case we can establish the same name names, so that for the container case we can establish the same name
(maybe "host") for referencing the server, everywhere. (maybe "host") for referencing the server, everywhere.
- allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?) - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
- hook up resolved with machined-based address resolution
* refcounting in sd-resolve is borked * refcounting in sd-resolve is borked