diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-10-07 20:32:23 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-10-07 20:32:23 +0200 |
commit | a46eac1bbddcdd15e741fc6c8389078db1067f81 (patch) | |
tree | a061873e1d68b1e0c9cb753efbae4392c8f69930 /TODO | |
parent | 3dbea941d2ee2700eb5e42c8b8352c841e9e0d96 (diff) |
update TODO
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -72,6 +72,12 @@ Features: * RemoveKeyRing= to remove all keyring entries of the specified user +* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill + on PID 1 with the relevant signals, and makes relevant files in /sys and + /proc (such as the sysrq stuff) unavailable + +* DeviceAllow= should also generate seccomp filters for mknod() + * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. |