summaryrefslogtreecommitdiff
path: root/TODO
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-14 12:26:07 +0200
committerLennart Poettering <lennart@poettering.net>2016-07-22 15:53:45 +0200
commitd82047bef5b8a35fb2d1d4685f241383df1a1d76 (patch)
treedac6a86f2bd09b0b722c76dfcf323aabe045c4c7 /TODO
parent409093fe10685ed55915ef256f09cdf144b6528b (diff)
downloadsystemd-d82047bef5b8a35fb2d1d4685f241383df1a1d76.tar.gz
systemd-d82047bef5b8a35fb2d1d4685f241383df1a1d76.tar.bz2
systemd-d82047bef5b8a35fb2d1d4685f241383df1a1d76.zip
update TODO
Diffstat (limited to 'TODO')
-rw-r--r--TODO27
1 files changed, 24 insertions, 3 deletions
diff --git a/TODO b/TODO
index ef25ef578e..bb36522bf9 100644
--- a/TODO
+++ b/TODO
@@ -33,6 +33,29 @@ Janitorial Clean-ups:
Features:
+* RemoveIPC= in unit files for removing POSIX/SysV IPC objects
+
+* Set SERVICE_RESULT= as env var while running ExecStop=
+
+* Introduce ProtectSystem=strict for making the entire OS hierarchy read-only
+ except for a select few
+
+* nspawn: start UID allocation loop from hash of container name
+
+* in the DynamicUser=1 nss module, also map "nobody" and "root" statically
+
+* pid1: log about all processes we kill with with SIGKILL or in abandoned scopes, as this should normally not happen
+
+* nspawn: support that /proc, /sys/, /dev are pre-mounted
+
+* nspawn: mount esp, so that bootctl can work
+
+* define gpt header bits to select volatility mode
+
+* nspawn: mount loopback filesystems with "discard"
+
+* Make TasksMax= take percentages, taken relative to the pids_max sysctl and pids.max cgroup limit
+
* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
@@ -46,7 +69,7 @@ Features:
* PrivateUsers= which maps the all user ids except root and the one specified
in User= to nobody
-* Add AllocateUser= for allowing dynamic user ids per-service
+* ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
@@ -60,8 +83,6 @@ Features:
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
-* nspawn: make /proc/sys/net writable?
-
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
* journalctl: make sure -f ends when the container indicated by -M terminates