update TODO

author: Lennart Poettering <lennart@poettering.net> 2016-10-07 20:32:23 +0200
committer: Lennart Poettering <lennart@poettering.net> 2016-10-07 20:32:23 +0200
commit: a46eac1bbddcdd15e741fc6c8389078db1067f81 (patch)
tree: a061873e1d68b1e0c9cb753efbae4392c8f69930 /TODO
parent: 3dbea941d2ee2700eb5e42c8b8352c841e9e0d96 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/TODO b/TODO
index 9ca2736b2a..9b949e93f7 100644
--- a/TODO
+++ b/TODO
@@ -72,6 +72,12 @@ Features:
 
 * RemoveKeyRing= to remove all keyring entries of the specified user
 
+* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill
+  on PID 1 with the relevant signals, and makes relevant files in /sys and
+  /proc (such as the sysrq stuff) unavailable
+
+* DeviceAllow= should also generate seccomp filters for mknod()
+
 * Add DataDirectory=, CacheDirectory= and LogDirectory= to match
   RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
author	Lennart Poettering <lennart@poettering.net>	2016-10-07 20:32:23 +0200
committer	Lennart Poettering <lennart@poettering.net>	2016-10-07 20:32:23 +0200
commit	a46eac1bbddcdd15e741fc6c8389078db1067f81 (patch)
tree	a061873e1d68b1e0c9cb753efbae4392c8f69930 /TODO
parent	3dbea941d2ee2700eb5e42c8b8352c841e9e0d96 (diff)