TODO revision 6eb7a9a0010d035e5bdbbf70227088ce02b2120e
b6b15642ffbc95b31765357dc6cc036b590c3a97Reza Sabdar* check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* swap units that are activated by one name but shown in the kernel under another are semi-broken
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* Dangling symlinks of .automount unit files in .wants/ directories, set up
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar automount points even when the original .automount file did not exist
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar anymore. Only the .mount unit was still around.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* make polkit checks async
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* fix --header to files without entries (see test-journal output).
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* external: maybe it is time to patch procps so that "ps" links to
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar libsystemd-logind to print a pretty service name, seat name, session
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar name in its output. Currently it only shows cgroup membership, but
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar that's sometimes kinda hard to parse for a human.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* cgroup attrs:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - update dbus interface docs in wiki
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - localectl: support new converted x11→console keymaps
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* cgroup-agent: downgrade error messages
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* document systemd-journal-flush.service properly
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* chane systemd-journal-flush into a service that stays around during
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar boot, and causes the journal to be moved back to /run on shutdown,
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar so that we don't keep /var busy. This needs to happen synchronously,
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar hence doing this via signals is not going to work.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* allow implementation of InaccessibleDirectories=/ plus
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar ReadOnlyDirectories=... for whitelisting files for a service.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* libsystemd-journal:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - return ECHILD as soon as somebody tries to reuse a journal object across a fork()
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* libsystemd-bus:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - default policy (allow uid == 0 and our own uid)
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - enforce alignment of pointers passed in
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - when kdbus doesn't take our message without memfds, try again with memfds
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - implement translator service
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - port systemd to new library
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - implement busname unit type in systemd
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - move to gvariant
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - merge busctl into systemctl or so?
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - synthesize sd_bus_message objects from kernel messages
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - properly implement name registry ioctls for kdbus
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - get rid of object hash table, use decision tree everyhwere instead?
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - implement monitor logic
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - object vtable logic
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - longer term:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar * priority queues
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar * priority inheritance
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* in the final killing spree, detect processes from the root directory, and
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar complain loudly if they have argv[0][0] == '@' set.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar https://bugzilla.redhat.com/show_bug.cgi?id=961044
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* add an option to nspawn that uses seccomp to make socket(AF_NETLINK,
b6b15642ffbc95b31765357dc6cc036b590c3a97Reza Sabdar SOCK_RAW, NETLINK_AUDIT) fail the the appropriate error code that
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar makes the audit userspace to think auditing is not available in the
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* Introduce a way how we can kill the main process of a service with KillSignal, but all processes with SIGKILL later on
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar https://bugzilla.redhat.com/show_bug.cgi?id=952634
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* maybe add a warning to the unit file parses whern the acces mode of unit files is non-sensical.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* investigate endianess issues of UUID vs. GUID
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* see if we can fix https://bugs.freedesktop.org/show_bug.cgi?id=63672
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar without dropping the location cache entirely.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* dbus: when a unit failed to load (i.e. is in UNIT_ERROR state), we
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar should be able to safely try another attempt when the bus call LoadUnit() is invoked.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* if pam_systemd is invoked by su from a process that is outside of a
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar any session we should probably just become a NOP, since that's
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar usually not a real user session but just some system code that just
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar needs setuid().
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* add a pam module that passes the hdd passphrase into the PAM stack and then expires it, for usage by gdm auto-login.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* add a pam module that on password changes updates any LUKS slot where the password matches
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases...
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* timedatctl, localectl: possibly make some commands work without the daemon, for chroot situations...
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* logind: add Suspend() bus calls which take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quickly.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* we need dynamic units
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* cgtop: make cgtop useful in a container
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - add 'set -e' to scripts in test/
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - make stuff in test/ work with separate output dir
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - remove all the duplicated code in test/
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* suppress log output on shutdown when "quiet" is used
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* systemctl delete x.snapshot leaves no trace in logs (at least at default level).
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* make the coredump collector tool move itself into the user's cgroup
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar so that the coredump is properly written to the user's own journal
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* move /usr/lib/modules/$(uname -r)/modules.devname parsing from udevd to
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar kmod static-nodes
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar call kmod as an early service, and drop CAP_MKNOD from udevd.service
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* seems that when we follow symlinks to units we prefer the symlink
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar destination path over /etc and /usr. We shouldn't do that. Instead
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar /etc should always override /run+/usr and also any symlink
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar destination.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* remove duplicate default deps logic from fstab-generator vs. mount.c
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* when isolating, try to figure out a way how we implicitly can order
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar all units we stop before the isolating unit...
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* teach udev + logind's uaccess to somehow handle the "dead" device nodes from:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar and apply ACLs to them if they have TAG=="uaccess" in udev rules.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* add ConditionArchitecture= or so
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off})
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* we should log capabilities too
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* Support SO_REUSEPORT with socket activation:
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - Let systemd maintain a pool of servers.
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar - Use for seamless upgrades, by running the new server before stopping the
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* after all byte-wise realloc() is slow, even on glibc, so i guess we
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar need manual exponential loops after all
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar* BootLoaderSpec: drop allowing ext234 for $BOOT. Clarify that the
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar kernel has to be in $BOOT. Clarify that the boot loader should be
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar installed to the ESP. Define a way how an installer can figure out
2654012f83cec5dc15b61dfe3e4a4915f186e7a6Reza Sabdar whether a BLS compliant boot loader is installed.
* systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep()
* journal-or-kmsg is currently broken? See reverted commit 4a01181e460686d8b4a543b1dfa7f77c9e3c5ab8.
* remove any syslog support from log.c -- we probably can't do this before split-off udev is gone for good
* documentation: recommend to connect the timer units of a service to the service via Also= in [Install]
* add a tool that lists active timer units plus their next elapstion and the time the units ran last
* man: extend runlevel(8) to mention that runlevels suck, and are dead. Maybe add runlevel(7) with a note about that too
* think about window-manager-run-as-user-service problem: exit 0 → activate shutdown.target; exit != 0 → restart service
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
* dev-setup.c: when running in a container, create a tiny stub udev
- introduce bootctl (backed by systemd-bootd) to control temporary and persistent default boot goal plus efi variables
* fstab: add new mount option x-systemd-after=/foobar/waldo to allow manual dependencies to other mount points
* print a nicer explanation if people use variable/specifier expansion in ExecStart= for the first word
* mount: turn dependency information from /proc/self/mountinfo into dependency information between systemd units.
- logind: optionally, ignore idle-hint logic for autosuspend, block suspend as long as a session is around
- When we update the kernel all kind of hibernation should be prohibited until shutdown/reboot
- logind: wakelock/opportunistic suspend support
- pam: when leaving a session explicitly exclude the ReleaseSession() caller process from the killing spree
- we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
* DeviceAllow/DeviceDeny: disallow everything by default, but whitelist /dev/zero, /dev/null and friends
- do not use magic msync() in src/journal/journal-file.c, just call fsync()
- journal: when waiting for journal additions in the client always sleep at least 1s or so, in order to minimize wakeups
- add API to close/reopen/get fd for journal client fd in libsystemd-journal.
- fallback to /dev/log based logging in libsystemd-journal, if we can't log natively?
- check if we can make journalctl by default use --follow mode inside of less if called without args?
- journal: add a setgid "systemd-journal" utility to invoke from libsystemd-journal, which passes fds via STDOUT and does PK access
- journactl: support negative filtering, i.e. FOOBAR!="waldo",
- journal: when rotating, copy over old acls/access mode
- journal: send out marker messages every now and then, and immediately sync with fdatasync() afterwards, in order to have hourly guaranteed syncs.
- journal-send.c, log.c: when the log socket is clogged, and we drop, count this and write a message about this when it gets unclogged again.
- journal: sanely deal with entries which are larger than the individual file size, but where the components would fit
- man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets
- print nice message from systemctl --failed if there are no entries shown, and hook that into ExecStartPre of rescue.service/emergency.service
- add new command to systemctl: "systemctl system-reexec" which reexecs as many daemons as virtually possible
- systemctl enable: improve the success messages (i.e. more human readable, less shell-like)
- systemctl enable: fail if target to alias into doesn't exist? maybe show how many units are enabled afterwards?
* introduce ntp.service (or suchlike) as symlink that is used to arbitrate between various NTP implementations
* deal with sendmail/postfix exclusivity
- DST/timezone changes && ntp is active && RTC-in-localtime (never do it without ntp)
logs-show.c. Alternatively: use libelfutil, which seems to be the
* If we show an error about a unit (such as not showing up) and it has no Description string, then show a description string generated form the reverse of unit_name_mangle().
* clean up date formatting and parsing so that all absolute/relative timestamps we format can also be parsed
* on shutdown: move utmp, wall, audit logic all into PID 1 (or logind?), get rid of systemd-update-utmp-runlevel
- instructions shipped by packages and stored in /usr/lib/
* hostnamed: before returning information from /etc/machine-info.conf check the modification data and reread. Similar for localed, ...
* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab isn't
* refuse boot if /etc/machine-id is not useful (or set taint?)
lxc.network.type=phys mode, and pass through entire network
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
- support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
* after deserializing sockets in socket.c we should reapply sockopts and things
* come up with a nice way to write queue/read_ahead_kb for a block device without interfering with readahead
* move PID 1 segfaults to /var/lib/systemd/coredump?
* create /sbin/init symlinks from the build system
* system.conf should have controls for cgroups
* properly handle loop back mounts via fstab, especially regards to fsck/passno
* initialize the hostname from the fs label of /, if /etc/hostname does not exist?
* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr
* services which create their own subcgroups break cgroup-empty notification (needs to be fixed in the kernel)
* ExecOnFailure=/usr/bin/foo
- remove src/udev/udev-builtin-firmware.c (CONFIG_FW_LOADER_USER_HELPER=n)
- add trigger --subsystem-match=usb/usb_device device
* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting
* add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/
* save coredump in Windows/Mozilla minidump format
* support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting)
* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
* when a bus name of a service disappears from the bus make sure to queue further activation requests
* hide PAM/TCPWrap options in fragment parser when compile time disabled
* support sd_notify() style notification when reload begins (RELOADING=1), reload is finished (READY=1), and add ReloadSignal= then to use in combination
* support sd_notify() style notification when shutting down, to make auto-exit bus services work (STOPPING=1)
- readahead: make use of EXT4_IOC_MOVE_EXT, as used by http://e4rat.sourceforge.net/
* add support for /bin/mount -s
- init=/bin/sh vs. "emergency" mode, vs. "rescue" mode, vs. "multi-user" mode, vs. "graphical" mode, and the debug shell
- hooking a script into various stages of shutdown/rearly booot
* support systemd.mask= on the kernel command line.
* port over to LISTEN_FDS/LISTEN_PID:
- rpcbind (/var/run/rpcbind.sock!) HAVEPATCH
- libvirtd (/var/run/libvirt/libvirt-sock-ro)
- add documentation to systemd.daemon
- allow specification of socket mode/umask when allocating DBusServer
- teach dbus to activate all services it finds in /etc/systemd/services/org-*.service
* dbus upstream still refers to dbus.target and shouldn't
* /usr/bin/service should actually show the new command line
* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus=
* fedora: F20: go timer units all the way, leave cron.daily for cron
* fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it
* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()!