summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-08-03 18:40:48 +0200
committerLennart Poettering <lennart@poettering.net>2016-08-03 20:43:50 +0200
commit8ce9b83a8f0316b42143ad01c10e4944acc85e87 (patch)
tree0ef37a842ed9372ce167c7df11c26a92fee0bdc1
parentd251207d555a1a0d97924980e49b0ba563b9fc67 (diff)
update TODO
-rw-r--r--TODO10
1 files changed, 7 insertions, 3 deletions
diff --git a/TODO b/TODO
index bb36522bf9..0199d9d509 100644
--- a/TODO
+++ b/TODO
@@ -66,11 +66,10 @@ Features:
* ProtectKeyRing= to take keyring calls away
-* PrivateUsers= which maps the all user ids except root and the one specified
- in User= to nobody
-
* ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only
+* RemoveKeyRing= to remove all keyring entries of the specified user
+
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
@@ -90,6 +89,11 @@ Features:
* expose the "privileged" flag of ExecCommand on the bus, and open it up to
transient units
+* in nss-systemd, if we run inside of RootDirectory= with PrivateUsers= set,
+ find a way to map the User=/Group= of the service to the right name. This way
+ a user/group for a service only has to exist on the host for the right
+ mapping to work.
+
* allow attaching additional journald log fields to cgroups
* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the