diff options
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | TODO | 17 | ||||
| -rw-r--r-- | src/mount/mount-tool.c | 1 |
3 files changed, 20 insertions, 2 deletions
@@ -67,13 +67,13 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork and PrivateDevices in service units: + Required for PrivateNetwork= and PrivateDevices= in service units: CONFIG_NET_NS CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use PrivateNetwork and PrivateDevices so this is effectively required. - Required for PrivateUsers in service units: + Required for PrivateUsers= in service units: CONFIG_USER_NS Optional but strongly recommended: @@ -40,6 +40,11 @@ Features: partitions automatically, to be used when the media used is actually larger than the image written onto it is. +* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing + after all. Be strict however, only support the equivalent of nspawn's + --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such + as MAINPID. + * change the dependency Set* objects in Unit structures to become Hashmap*, and then store a bit mask who created a specific dependency: the source unit via fragment configuration, the destination unit via fragment configuration, or @@ -53,6 +58,15 @@ Features: the service cgroup, which is supposed to monitor the service, and when it exits the service is considered failed by its monitor. +* track the per-service PAM process properly (i.e. as an additional control + process), so that it may be queried on the bus and everything. + +* add a new "debug" job mode, that is propagated to unit_start() and for + services results in two things: we raise SIGSTOP right before invoking + execve() and turn off watchdog support. Then, use that to implement + "systemd-gdb" for attaching to the start-up of any system service in its + natural habitat. + * replace all canonicalize_file_name() invocations by chase_symlinks(), in particulr those where a rootdir is relevant. @@ -60,6 +74,9 @@ Features: * set ProtectSystem=strict for all our usual services. +* fix PrivateNetwork= so that we fall back gracefully on kernels lacking + namespacing support (similar for the other namespacing options) + * maybe add gpt-partition-based user management: each user gets his own LUKS-encrypted GPT partition with a new GPT type. A small nss module enumerates users via udev partition enumeration. UIDs are assigned in a fixed diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index a277724029..4b3cac8a22 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -139,6 +139,7 @@ static int parse_argv(int argc, char *argv[]) { { "discover", no_argument, NULL, ARG_DISCOVER }, { "type", required_argument, NULL, 't' }, { "options", required_argument, NULL, 'o' }, + { "fsck", required_argument, NULL, ARG_FSCK }, { "description", required_argument, NULL, ARG_DESCRIPTION }, { "property", required_argument, NULL, 'p' }, { "automount", required_argument, NULL, ARG_AUTOMOUNT }, |