summaryrefslogtreecommitdiff
path: root/TODO
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-06-13 16:54:21 +0200
committerGitHub <noreply@github.com>2016-06-13 16:54:21 +0200
commit9ea8e2ce85303bba2a15c7508b1eb905433ad62c (patch)
treecd5d09b1832a12ca48391e50658d16c414739ca1 /TODO
parentdcd61450026c281c916f12c2affa220e0994ba19 (diff)
parent54a17e01de048a2275f8861b211f10d11e56407d (diff)
Merge pull request #3498 from poettering/syscall-filter-fixes
Syscall filter fixes, tighter nspawn seccomp sandbox by default
Diffstat (limited to 'TODO')
-rw-r--r--TODO4
1 files changed, 4 insertions, 0 deletions
diff --git a/TODO b/TODO
index aeed0c84d2..929fb96491 100644
--- a/TODO
+++ b/TODO
@@ -47,6 +47,10 @@ Features:
* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
+* RestrictRealtime= which takes aware ability to create realtime processes
+
+* nspawn: make /proc/sys/net writable?
+
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
* journalctl: make sure -f ends when the container indicated by -M terminates