diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-05-24 04:00:56 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-05-24 04:00:56 +0200 |
commit | ec8927ca5940e809f0b72f530582c76f1db4f065 (patch) | |
tree | b230d2458088a82b879afc39a2752d5fc674974e /TODO | |
parent | e056b01d8acea7fc06d52ef91d227d744faf5259 (diff) |
main: add configuration option to alter capability bounding set for PID 1
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 18 |
1 files changed, 3 insertions, 15 deletions
@@ -23,7 +23,9 @@ Bugfixes: Features: -* For Type=idle don't get confused by ExecStartPre= getting the effect of the idle hup but delaying jobs going away +* make use of /sys/power/wake_lock in inhibitors + +* introduce "systemctl help" which invokes man for the man pages listed in Documentation= * drop accountsservice's StandardOutput=syslog and Type=dbus fields @@ -140,8 +142,6 @@ Features: * There's currently no way to cancel fsck (used to be possible via C-c or c on the console) -* keep an eye on https://bugzilla.gnome.org/show_bug.cgi?id=670100 - * journal: sanely deal with entries which are larger than the individual file size, but where the componets would fit * add command to systemctl to plot dependency graph as tree (see rhbz 795365) @@ -152,9 +152,6 @@ Features: * default unix qlen is too small (10). bump sysctl? add sockopt? -* support units generated by a generator and placed in /run/systemd/system/; the directory is - currently ignored because it is empty before the generatores are executed - * Possibly, detect whether SysV init scripts can do reloading by looking for "echo Usage:" lines * figure out whether we should leave dbus around during shutdown @@ -213,8 +210,6 @@ Features: * when an instanced service exits, remove its parent cgroup too if possible. -* as Tom Gundersen pointed out there's a always a dep loop if people use crypto file systems with random keys - * automatically escape unit names passed on the service (i.e. think "systemctl start serial-getty.service@serial/by-path/jshdfjsdfhkjh" being automatically escaped as necessary. * if we can not get user quota for tmpfs, mount a separate tmpfs instance @@ -361,10 +356,6 @@ External: - allow disabling of UID passing for AUTH EXTERNAL - always pass cred data along each message -* systemd --user - PR_SET_CHILD_REAPER patch: https://lkml.org/lkml/2011/7/28/426 - (patch in linux-next, on the way to the next kernel) - * fix alsa mixer restore to not print error when no config is stored * gnome-shell python script/glxinfo/is-accelerated must die @@ -379,9 +370,6 @@ External: we are in 11-minutes-mode. When we trust the system time to NTP we also want the RTC to sync up. -* patch kernel for cpu feature modalias for autoloading aes/kvm/... - (patches in linux-next, on the way to the next kernel) - * kernel: add device_type = "fb", "fbcon" to class "graphics" Regularly: |