diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-10-11 13:40:50 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-11 13:40:50 -0400 |
| commit | b744e8937ce603090a9bf64ac7d8cc2c1a29e4f0 (patch) | |
| tree | d6873059fd870c78dae268671ad0e12ac8c493db /TODO | |
| parent | 40f45ff0c339971fd088e6f9cc2e61444087685d (diff) | |
| parent | a46eac1bbddcdd15e741fc6c8389078db1067f81 (diff) | |
Merge pull request #4067 from poettering/invocation-id
Add an "invocation ID" concept to the service manager
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -74,6 +74,12 @@ Features: * RemoveKeyRing= to remove all keyring entries of the specified user +* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill + on PID 1 with the relevant signals, and makes relevant files in /sys and + /proc (such as the sysrq stuff) unavailable + +* DeviceAllow= should also generate seccomp filters for mknod() + * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. |