diff options
| -rw-r--r-- | TODO | 12 | ||||
| -rw-r--r-- | src/core/main.c | 15 |
2 files changed, 9 insertions, 18 deletions
@@ -33,8 +33,6 @@ Janitorial Clean-ups: Features: -* resolved: maybe add a switch to disable any local caching - * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc @@ -47,8 +45,6 @@ Features: * RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) -* RestrictRealtime= which takes aware ability to create realtime processes - * nspawn: make /proc/sys/net writable? * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things @@ -66,8 +62,6 @@ Features: * transient units: don't bother with actually setting unit properties, we reload the unit file anyway -* make sure resolved can be restarted without losing pushed-in dns config - * journald: sigbus API via a signal-handler safe function that people may call from the SIGBUS handler @@ -79,9 +73,6 @@ Features: * resolved: when routing queries, make sure only look for the *longest* suffix... -* resolved: maybe, after all, implement local listening for DNS packets on port - 127.0.0.53:53. - * delay activation of logind until somebody logs in, or when /dev/tty0 pulls it in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle @@ -115,8 +106,6 @@ Features: * man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services -* install: include generator dirs in unit file search paths - * fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline * docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date @@ -226,6 +215,7 @@ Features: names, so that for the container case we can establish the same name (maybe "host") for referencing the server, everywhere. - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?) + - hook up resolved with machined-based address resolution * refcounting in sd-resolve is borked diff --git a/src/core/main.c b/src/core/main.c index 237c9c9ebe..3d74ef1adf 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1507,13 +1507,14 @@ int main(int argc, char *argv[]) { (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); } - /* We expect the environment to be set correctly if run inside a - * container. */ - if (arg_system && detect_container() <= 0) { - if (fixup_environment() < 0) { - error_message = "Failed to fix up PID1 environment"; - goto finish; - } + if (arg_system) { + /* We expect the environment to be set correctly + * if run inside a container. */ + if (detect_container() <= 0) + if (fixup_environment() < 0) { + error_message = "Failed to fix up PID1 environment"; + goto finish; + } /* Try to figure out if we can use colors with the console. No * need to do that for user instances since they never log |