summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-01 18:39:26 -0700
committerLennart Poettering <lennart@poettering.net>2016-07-01 18:39:26 -0700
commit563a69f480180378ac109a4125b565ce4f394979 (patch)
tree0983064af9ec88442e6155c3661decbc690c3774
parent1e706c8dff18dc8a9ccc0e1d0bf2b1a0fd79c501 (diff)
update TODO
-rw-r--r--TODO15
1 files changed, 15 insertions, 0 deletions
diff --git a/TODO b/TODO
index ea359c3768..3af3126453 100644
--- a/TODO
+++ b/TODO
@@ -43,6 +43,21 @@ Features:
* ProtectKeyRing= to take keyring calls away
+* PrivateUsers= which maps the all user ids except root and the one specified
+ in User= to nobody
+
+* Add AllocateUser= for allowing dynamic user ids per-service
+
+* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
+ RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
+
+* Add BindDirectory= for allowing arbitrary, private bind mounts for services
+
+* Beef up RootDirectory= to use namespacing/bind mounts as soon as fs
+ namespaces are enabled by the service
+
+* Add RootImage= for mounting a disk image or file as root directory
+
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
* nspawn: make /proc/sys/net writable?