diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 887 |
1 files changed, 887 insertions, 0 deletions
@@ -0,0 +1,887 @@ +Bugfixes: + +* Should systemctl status \* work on all unit types, not just .service? + +* Dangling symlinks of .automount unit files in .wants/ directories, set up + automount points even when the original .automount file did not exist + anymore. Only the .mount unit was still around. + +* ExecStart with unicode characters fails in strv_split_extract: + + [Service] + Environment=ONE='one' "TWO='two two' too" THREE= + ExecStart=/bin/python3 -c 'import sys;print(sys.argv)' $ONE $TWO $THREE + +* When systemctl --host is used, underlying ssh connection can remain open. + bus_close does not kill children? + +External: + +* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros. + +* wiki: update journal format documentation for lz4 additions + +Janitorial Clean-ups: + +* code cleanup: retire FOREACH_WORD_QUOTED, port to extract_first_word() loops instead. + For example, most conf parsing callbacks should use it. + +* replace manual readdir() loops with FOREACH_DIRENT or FOREACH_DIRENT_ALL + +* Rearrange tests so that the various test-xyz.c match a specific src/basic/xyz.c again + +Features: + +* drop nss-myhostname in favour of nss-resolve? + +* drop internal dlopen() based nss-dns fallback in nss-resolve, and rely on the + external nsswitch.conf based one + +* add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and + then use that for the setting used in user@.service. It should be understood + relative to the configured default value. + +* on cgroupsv2 add DelegateControllers=, to pick the precise cgroup controllers to delegate + +* in networkd, when matching device types, fix up DEVTYPE rubbish the kernel passes to us + +* enable LockMLOCK to take a percentage value relative to physical memory + +* switch to ProtectSystem=strict for all our long-running services where that's possible + +* If RootDirectory= is used, mount /proc, /sys, /dev into it, if not mounted yet + +* Permit masking specific netlink APIs with RestrictAddressFamily= + +* nspawn: start UID allocation loop from hash of container name + +* nspawn: support that /proc, /sys/, /dev are pre-mounted + +* define gpt header bits to select volatility mode + +* nspawn: mount loopback filesystems with "discard" + +* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files + +* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc + +* ProtectKernelModules= (drops CAP_SYS_MODULE and filters the kmod syscalls) + +* ProtectTracing= (drops CAP_SYS_PTRACE, blocks ptrace syscall, makes /sys/kernel/tracing go away) + +* ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave) + +* ProtectKeyRing= to take keyring calls away + +* RemoveKeyRing= to remove all keyring entries of the specified user + +* ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill + on PID 1 with the relevant signals, and makes relevant files in /sys and + /proc (such as the sysrq stuff) unavailable + +* DeviceAllow= should also generate seccomp filters for mknod() + +* Add DataDirectory=, CacheDirectory= and LogDirectory= to match + RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. + +* Add BindDirectory= for allowing arbitrary, private bind mounts for services + +* Add RootImage= for mounting a disk image or file as root directory + +* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) + +* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things + +* journalctl: make sure -f ends when the container indicated by -M terminates + +* mount: automatically search for "main" partition of an image has multiple + partitions + +* expose the "privileged" flag of ExecCommand on the bus, and open it up to + transient units + +* in nss-systemd, if we run inside of RootDirectory= with PrivateUsers= set, + find a way to map the User=/Group= of the service to the right name. This way + a user/group for a service only has to exist on the host for the right + mapping to work. + +* allow attaching additional journald log fields to cgroups + +* add bus API for creating unit files in /etc, reusing the code for transient units + +* add bus API to remove unit files from /etc + +* add bus API to retrieve current unit file contents (i.e. implement "systemctl cat" on the bus only) + +* rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the + kernel doesn't support linkat() that replaces existing files, currently) + +* check if DeviceAllow= should split first, resolve specifiers later + +* transient units: don't bother with actually setting unit properties, we + reload the unit file anyway + +* journald: sigbus API via a signal-handler safe function that people may call + from the SIGBUS handler + +* move specifier expansion from service_spawn() into load-fragment.c + +* optionally, also require WATCHDOG=1 notifications during service start-up and shutdown + +* resolved: when routing queries, make sure only look for the *longest* suffix... + +* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it + in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle + +* cache sd_event_now() result from before the first iteration... + +* add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction + +* PID1: find a way how we can reload unit file configuration for + specific units only, without reloading the whole of systemd + +* add an explicit parser for LimitRTPRIO= that verifies + the specified range and generates sane error messages for incorrect + specifications. + +* do something about "/control" subcgroups in the unified cgroup hierarchy + +* when we detect that there are waiting jobs but no running jobs, do something + +* push CPUAffinity= also into the "cpuset" cgroup controller (only after the cpuset controller got ported to the unified hierarchy) + +* PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when run via nspawn) + +* there's probably something wrong with having user mounts below /sys, + as we have for debugfs. for exmaple, src/core/mount.c handles mounts + prefixed with /sys generally special. + http://lists.freedesktop.org/archives/systemd-devel/2015-June/032962.html + +* man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services + +* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline + +* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date + +* mounting and unmounting mount points manually with different source + devices will result in collected on all devices used. + http://lists.freedesktop.org/archives/systemd-devel/2015-April/030225.html + +* add a job mode that will fail if a transaction would mean stopping + running units. Use this in timedated to manage the NTP service + state. + http://lists.freedesktop.org/archives/systemd-devel/2015-April/030229.html + +* Maybe add support for the equivalent of "ethtool advertise" to .link files? + http://lists.freedesktop.org/archives/systemd-devel/2015-April/030112.html + +* The udev blkid built-in should expose a property that reflects + whether media was sensed in USB CF/SD card readers. This should then + be used to control SYSTEMD_READY=1/0 so that USB card readers aren't + picked up by systemd unless they contain a medium. This would mirror + the behaviour we already have for CD drives. + +* networkd/udev: implement SR_IOV configuration in .link files: + http://lists.freedesktop.org/archives/systemd-devel/2015-January/027451.html + +* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API + +* implement a per-service firewall based on net_cls + +* Port various tools to make use of verbs.[ch], where applicable: busctl, + coredumpctl, hostnamectl, localectl, systemd-analyze, timedatectl + +* hostnamectl: show root image uuid + +* sysfs set api in libudev is not const + +* Find a solution for SMACK capabilities stuff: + http://lists.freedesktop.org/archives/systemd-devel/2014-December/026188.html + +* "systemctl preset-all" should probably order the unit files it + operates on lexicographically before starting to work, in order to + ensure deterministic behaviour if two unit files conflict (like DMs + do, for example) + +* synchronize console access with BSD locks: + http://lists.freedesktop.org/archives/systemd-devel/2014-October/024582.html + +* as soon as we have sender timestamps, revisit coalescing multiple parallel daemon reloads: + http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html + +* in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column + +* figure out when we can use the coarse timers + +* add "systemctl start -v foobar.service" that shows logs of a service + while the start command runs. This is non-trivial to do without + races though, since we should flush out all journal messages before + returning from the "systemctl stop". + +* firstboot: make it useful to be run immediately after yum --installroot to set up a machine. (most specifically, make --copy-root-password work even if /etc/passwd already exists + +* maybe add support for specifier expansion in user.conf, specifically DefaultEnvironment= + +* introduce systemd-timesync-wait.service or so to sync on an NTP fix? + +* systemd --user should issue sd_notify() upon reaching basic.target, not on becoming idle + +* consider showing the unit names during boot up in the status output, not just the unit descriptions + +* maybe allow timer units with an empty Units= setting, so that they + can be used for resuming the system but nothing else. + +* what to do about udev db binary stability for apps? (raw access is not an option) + +* maybe provide an API to allow migration of foreign PIDs into existing scopes. + +* man: maybe use the word "inspect" rather than "introspect"? + +* systemctl: if some operation fails, show log output? + +* systemctl edit: use equvalent of cat() to insert existing config as a comment, prepended with #. + Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc. + +* exponential backoff in timesyncd when we cannot reach a server + +* timesyncd: add ugly bus calls to set NTP servers per-interface, for usage by NM + +* merge ~/.local/share and ~/.local/lib into one similar /usr/lib and /usr/share.... + +* systemd.show_status= should probably have a mode where only failed + units are shown. + +* add systemd.abort_on_kill or some other such flag to send SIGABRT instead of SIGKILL + (throughout the codebase, not only PID1) + +* resolved: + - mDNS/DNS-SD + - service registration + - service/domain/types browsing + - avahi compat + - DNS-SD service registration from socket units + - resolved should optionally register additional per-interface LLMNR + names, so that for the container case we can establish the same name + (maybe "host") for referencing the server, everywhere. + - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?) + - hook up resolved with machined-based address resolution + +* refcounting in sd-resolve is borked + +* Add a new verb "systemctl top" + +* add new gpt type for btrfs volumes + +* support empty /etc boots nicely: + - nspawn/gpt-generator: introduce new gpt partition type for /usr + - fstab-generator: support systemd.volatile=yes|no|state on the kernel cmdline, too, similar to nspawn's --volatile= + +* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them. + +* a way for container managers to turn off getty starting via $container_headless= or so... + +* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit + +* mount_cgroup_controllers(): symlinks need to get the label applied + +* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services + they run added to the initial transaction and thus confuse Type=idle. + +* Run most system services with cgroupfs read-only and procfs with a more secure mode (doesn't work, since the hidepid= option is per-pid-namespace, not per-mount) + +* add bus api to query unit file's X fields. + +* gpt-auto-generator: + - Support LUKS for root devices + - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap? + - Make /home automount rather than mount? + +* add generator that pulls in systemd-network from containers when + CAP_NET_ADMIN is set, more than the loopback device is defined, even + when it is otherwise off + +* MessageQueueMessageSize= (and suchlike) should use parse_iec_size(). + +* implement Distribute= in socket units to allow running multiple + service instances processing the listening socket, and open this up + for ReusePort= + +* socket units: support creating sockets in different namespace, + opening it up for JoinsNamespaceOf=. This would require to fork off + a tiny process that joins the namespace and creates/binds the socket + and passes this back to PID1 via SCM_RIGHTS. This also could be used + to allow Chown/chgrp on sockets without requiring NSS in PID 1. + +* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze + $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls + should SIGSTOP all unit processes in a loop until all processes of + it are fully stopped. This can later be used for app management by + desktop UIs such as gnome-shell to freeze apps that are not visible + on screen, not unlike how job control works on the shell + +* cgroups: + - implement per-slice CPUFairScheduling=1 switch + - handle jointly mounted controllers correctly + - introduce high-level settings for RT budget, swappiness + - how to reset dynamically changed unit cgroup attributes sanely? + - when reloading configuration, apply new cgroup configuration + - when recursively showing the cgroup hierarchy, optionally also show + the hierarchies of child processes + +* transient units: + - add field to transient units that indicate whether systemd or somebody else saves/restores its settings, for integration with libvirt + - ensure scope units may be started only a single time + +* Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk? + +* when we detect low battery and no AC on boot, show pretty splash and refuse boot + +* libsystemd-journal, libsystemd-login, libudev: add calls to easily attach these objects to sd-event event loops + +* be more careful what we export on the bus as (usec_t) 0 and (usec_t) -1 + +* rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it + +* After coming back from hibernation reset hibernation swap partition using the /dev/snapshot ioctl APIs + +* If we try to find a unit via a dangling symlink, generate a clean + error. Currently, we just ignore it and read the unit from the search + path anyway. + +* refuse boot if /usr/lib/os-release is missing or /etc/machine-id cannot be set up + +* btrfs raid assembly: some .device jobs stay stuck in the queue + +* man: the documentation of Restart= currently is very misleading and suggests the tools from ExecStartPre= might get restarted. + +* load .d/*.conf dropins for device units + +* allow implementation of InaccessibleDirectories=/ plus + ReadOnlyDirectories=... for whitelisting files for a service. + +* sd-bus: + - EBADSLT handling + - GetAllProperties() on a non-existing object does not result in a failure currently + - kdbus: process fd=-1 for incoming msgs + - port to sd-resolve for connecting to TCP dbus servers + - kdbus: maybe add controlling tty metadata fields + - see if we can introduce a new sd_bus_get_owner_machine_id() call to retrieve the machine ID of the machine of the bus itself + - when kdbus does not take our message without memfds, try again with memfds + - see if we can drop more message validation on the sending side + - add API to clone sd_bus_message objects + - make AddMatch calls on dbus1 transports async? + - kdbus: matches against source or destination pids for an "strace -p"-like feel. Problem: The PID info needs to be available in userspace too... + - longer term: priority inheritance + - dbus spec updates: + - kdbus mapping + - NameLost/NameAcquired obsolete + - GVariant + - path escaping + - update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now + - test bloom filter generation indexes + - kdbus: introduce a concept of "send-only" connections + - kdbus: add counter for refused unicast messages that is passed out via the RECV ioctl. SImilar to the counter for dropped multicast messages we already have. + +* sd-event + - allow multiple signal handlers per signal? + - document chaining of signal handler for SIGCHLD and child handlers + - define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ... + - generate a failure of a default event loop is executed out-of-thread + - maybe add support for inotify events + +* investigate endianness issues of UUID vs. GUID + +* dbus: when a unit failed to load (i.e. is in UNIT_ERROR state), we + should be able to safely try another attempt when the bus call LoadUnit() is invoked. + +* add a pam module that passes the hdd passphrase into the PAM stack and then expires it, for usage by gdm auto-login. + +* add a pam module that on password changes updates any LUKS slot where the password matches + +* maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases... + +* cgtop: make cgtop useful in a container + +* test/: + - add 'set -e' to scripts in test/ + - make stuff in test/ work with separate output dir + +* seems that when we follow symlinks to units we prefer the symlink + destination path over /etc and /usr. We should not do that. Instead + /etc should always override /run+/usr and also any symlink + destination. + +* when isolating, try to figure out a way how we implicitly can order + all units we stop before the isolating unit... + +* teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off}) + +* BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify + that the boot loader should be installed to the ESP. Define a way + how an installer can figure out whether a BLS compliant boot loader + is installed. + +* think about requeuing jobs when daemon-reload is issued? usecase: + the initrd issues a reload after fstab from the host is accessible + and we might want to requeue the mounts local-fs acquired through + that automatically. + +* systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep() + +* remove any syslog support from log.c — we probably cannot do this before split-off udev is gone for good + +* shutdown logging: store to EFI var, and store to USB stick? + +* think about window-manager-run-as-user-service problem: exit 0 → activate shutdown.target; exit != 0 → restart service + +* merge unit_kill_common() and unit_kill_context() + +* introduce ExecCondition= in services + +* EFI: + - honor language efi variables for default language selection (if there are any?) + - honor timezone efi variables for default timezone selection (if there are any?) + - change bootctl to be backed by systemd-bootd to control temporary and persistent default boot goal plus efi variables + +* maybe do not install getty@tty1.service symlink in /etc but in /usr? + +* print a nicer explanation if people use variable/specifier expansion in ExecStart= for the first word + +* mount: turn dependency information from /proc/self/mountinfo into dependency information between systemd units. + +* logind: + - logind: optionally, ignore idle-hint logic for autosuspend, block suspend as long as a session is around + - When we update the kernel all kind of hibernation should be prohibited until shutdown/reboot + - logind: wakelock/opportunistic suspend support + - Add pretty name for seats in logind + - logind: allow showing logout dialog from system? + - we should probably handle SIGTERM/SIGINT to not leave dot files around, just in case + - session scopes/user unit: add RequiresMountsFor for the home directory of the user + - add Suspend() bus calls which take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quickly. + - if pam_systemd is invoked by su from a process that is outside of a + any session we should probably just become a NOP, since that's + usually not a real user session but just some system code that just + needs setuid(). + - logind: make the Suspend()/Hibernate() bus calls wait for the for + the job to be completed. before returning, so that clients can wait + for "systemctl suspend" to finish to know when the suspending is + complete. + - logind: when the power button is pressed short, just popup a + logout dialog. If it is pressed for 1s, do the usual + shutdown. Inspiration are Macs here. + - expose "Locked" property on logind sesison objects + - given that logind now lets PID 1 do all nasty work, we can + probably reduce the capability set it retains substantially. + (we need CAP_SYS_ADMIN for drmSetMaster(), so maybe not worth it) + - expose orientation sensors and tablet mode through logind + - maybe allow configuration of the StopTimeout for session scopes + - rename session scope so that it includes the UID. THat way + the session scope can be arranged freely in slices and we don't have + make assumptions about their slice anymore. + - follow PropertiesChanged state more closely, to deal with quick logouts and + relogins + +* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty. + +* service: watchdog logic: for testing purposes allow ping, but do not require pong + +* journal: + - consider introducing implicit _TTY= + _PPID= + _EUID= + _EGID= + _FSUID= + _FSGID= fields + - import and delete pstore filesystem content at startup + - journald: also get thread ID from client, plus thread name + - journal: when waiting for journal additions in the client always sleep at least 1s or so, in order to minimize wakeups + - add API to close/reopen/get fd for journal client fd in libsystemd-journal. + - fallback to /dev/log based logging in libsystemd-journal, if we cannot log natively? + - declare the local journal protocol stable in the wiki interface chart + - sd-journal: speed up sd_journal_get_data() with transparent hash table in bg + - journald: when dropping msgs due to ratelimit make sure to write + "dropped %u messages" not only when we are about to print the next + message that works, but alraedy after a short tiemout + - check if we can make journalctl by default use --follow mode inside of less if called without args? + - maybe add API to send pairs of iovecs via sd_journal_send + - journal: add a setgid "systemd-journal" utility to invoke from libsystemd-journal, which passes fds via STDOUT and does PK access + - journactl: support negative filtering, i.e. FOOBAR!="waldo", + and !FOOBAR for events without FOOBAR. + - journal: store timestamp of journal_file_set_offline() int he header, + so it is possible to display when the file was last synced. + - journal-send.c, log.c: when the log socket is clogged, and we drop, count this and write a message about this when it gets unclogged again. + - journal: find a way to allow dropping history early, based on priority, other rules + - journal: When used on NFS, check payload hashes + - journald: add kernel cmdline option to disable ratelimiting for debug purposes + - refuse taking lower-case variable names in sd_journal_send() and friends. + - journald: we currently rotate only after MaxUse+MaxFilesize has been reached. + - journal: deal nicely with byte-by-byte copied files, especially regards header + - journal: sanely deal with entries which are larger than the individual file size, but where the components would fit + - Replace utmp, wtmp, btmp, and lastlog completely with journal + - journalctl: instead --after-cursor= maybe have a --cursor=XYZ+1 syntax? + - when a kernel driver logs in a tight loop, we should ratelimit that too. + - journald: optionally, log debug messages to /run but everything else to /var + - journald: when we drop syslog messages because the syslog socket is + full, make sure to write how many messages are lost as first thing + to syslog when it works again. + - journald: make sure ratelimit is actually really per-service with the new cgroup changes + - change systemd-journal-flush into a service that stays around during + boot, and causes the journal to be moved back to /run on shutdown, + so that we do not keep /var busy. This needs to happen synchronously, + hence doing this via signals is not going to work. + - optionally support running journald from the command line for testing purposes in external projects + - journald: allow per-priority and per-service retention times when rotating/vacuuming + - journald: make use of uid-range.h to managed uid ranges to split + journals in. + - journalctl: add the ability to look for the most recent process of a binary. journalctl /usr/bin/X11 --pid=-1 or so... + - improve journalctl performance by loading journal files + lazily. Encode just enough information in the file name, so that we + do not have to open it to know that it is not interesting for us, for + the most common operations. + - journal-or-kmsg is currently broken? See reverted + commit 4a01181e460686d8b4a543b1dfa7f77c9e3c5ab8. + - man: document that corrupted journal files is nothing to act on + - rework journald sigbus stuff to use mutex + - Set RLIMIT_NPROC for systemd-journal-xyz, and all other of our + services that run under their own user ids, and use User= (but only + in a world where userns is ubiquitous since otherwise we cannot + invoke those daemons on the host AND in a container anymore). Also, + if LimitNPROC= is used without User= we should warn and refuse + operation. + - journalctl --verify: don't show files that are currently being + written to as FAIL, but instead show that their are being written to. + - add journalctl -H that talks via ssh to a remote peer and passes through + binary logs data + - add a version of --merge which also merges /var/log/journal/remote + - log accumulated resource usage after each service invocation + - journalctl: -m should access container journals directly by enumerating + them via machined, and also watch containers coming and going. + Benefit: nspawn --ephemeral would start working nicely with the journal. + - assign MESSAGE_ID to log messages about failed services + +* document: + - document that deps in [Unit] sections ignore Alias= fields in + [Install] units of other units, unless those units are disabled + - man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets + - document the exit codes when services fail before they are exec()ed + - document that service reload may be implemented as service reexec + - document in wiki how to map ical recurrence events to systemd timer unit calendar specifications + - add a man page containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=, PrivateNetwork= and ReadOnlyDirectories=/etc /usr. + - document systemd-journal-flush.service properly + - documentation: recommend to connect the timer units of a service to the service via Also= in [Install] + - man: document the very specific env the shutdown drop-in tools live in + - man: add more examples to man pages + - man: maybe sort directives in man pages, and take sections from --help and apply them to man too + +* systemctl: + - systemctl list-jobs - show dependencies + - add systemctl switch to dump transaction without executing it + - Add a verbose mode to "systemctl start" and friends that explains what is being done or not done + - "systemctl disable" on a static unit prints no message and does + nothing. "systemctl enable" does nothing, and gives a bad message + about it. Should fix both to print nice actionable messages. + - print nice message from systemctl --failed if there are no entries shown, and hook that into ExecStartPre of rescue.service/emergency.service + - add new command to systemctl: "systemctl system-reexec" which reexecs as many daemons as virtually possible + - systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards? + - systemctl: "Journal has been rotated since unit was started." message is misleading + - better error message if you run systemctl without systemd running + - systemctl status output should include list of triggering units and their status + +* unit install: + - "systemctl mask" should find all names by which a unit is accessible + (i.e. by scanning for symlinks to it) and link them all to /dev/null + +* timer units: + - timer units should get the ability to trigger when: + o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET) + o DST changes + - Support 2012-02~4 as syntax for specifying the fourth to last day of the month. + - Modulate timer frequency based on battery state + +* add libsystemd-password or so to query passwords during boot using the password agent logic + +* clean up date formatting and parsing so that all absolute/relative timestamps we format can also be parsed + +* on shutdown: move utmp, wall, audit logic all into PID 1 (or logind?), get rid of systemd-update-utmp-runlevel + +* make repeated alt-ctrl-del presses printing a dump, or even force a reboot without + waiting for the timeout + +* hostnamed: before returning information from /etc/machine-info.conf check the modification data and reread. Similar for localed, ... + +* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not + +* nspawn: + - nspawn -x should support ephemeral instances of gpt images + - emulate /dev/kmsg using CUSE and turn off the syslog syscall + with seccomp. That should provide us with a useful log buffer that + systemd can log to during early boot, and disconnect container logs + from the kernel's logs. + - as soon as networkd has a bus interface, hook up --network-interface=, + --network-bridge= with networkd, to trigger netdev creation should an + interface be missing + - a nice way to boot up without machine id set, so that it is set at boot + automatically for supporting --ephemeral. Maybe hash the host machine id + together with the machine name to generate the machine id for the container + - fix logic always print a final newline on output. + https://github.com/systemd/systemd/pull/272#issuecomment-113153176 + - should optionally support receiving WATCHDOG=1 messages from its payload + PID 1... + - should send out sd_notify("WATCHDOG=1") messages + - optionally automatically add FORWARD rules to iptables whenever nspawn is + running, remove them when shut down. + - Improve error message when --bind= is used on a non-existing source + directory + - maybe make copying of /etc/resolv.conf optional, and skip it if --read-only + is used + +* machined: + - add an API so that libvirt-lxc can inform us about network interfaces being + removed or added to an existing machine + - "machinectl migrate" or similar to copy a container from or to a + difference host, via ssh + - introduce systemd-nspawn-ephemeral@.service, and hook it into + "machinectl start" with a new --ephemeral switch + - "machinectl status" should also show internal logs of the container in + question + - "machinectl list-images" should show os-release data, as well as + machine-info data (including deployment level) + - "machinectl history" + - "machinectl diff" + - "machinectl commit" that takes a writable snapshot of a tree, invokes a + shell in it, and marks it read-only after use + +* importd: + - generate a nice warning if mkfs.btrfs is missing + +* cryptsetup: + - cryptsetup-generator: allow specification of passwords in crypttab itself + - move cryptsetup key caching into kernel keyctl? + https://bugs.freedesktop.org/show_bug.cgi?id=54982 + - support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator + +* hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it + https://bugs.freedesktop.org/show_bug.cgi?id=54712 + +* create /sbin/init symlinks from the build system + +* MountFlags=shared acts as MountFlags=slave right now. + +* properly handle loop back mounts via fstab, especially regards to fsck/passno + +* initialize the hostname from the fs label of /, if /etc/hostname does not exist? + +* udev: + - move to LGPL + - kill scsi_id + - add trigger --subsystem-match=usb/usb_device device + - reimport udev db after MOVE events for devices without dev_t + +* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting + +* There's currently no way to cancel fsck (used to be possible via C-c or c on the console) + +* add option to sockets to avoid activation. Instead just drop packets/connections, see http://cyberelk.net/tim/2012/02/15/portreserve-systemd-solution/ + +* coredump: + - save coredump in Windows/Mozilla minidump format + - when truncating coredumps, also log the full size that the process had, and make a metadata field so we can report truncated coredumps + +* support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting) + +* default to actual 32-bit PIDs, via /proc/sys/kernel/pid_max + +* be able to specify a forced restart of service A where service B depends on, in case B + needs to be auto-respawned? + +* tmpfiles: + - apply "x" on "D" too (see patch from William Douglas) + - replace F with f+. + - instead of ignoring unknown fields, reject them. + - creating new directories/subvolumes/fifos/device nodes + should not follow symlinks. None of the other adjustment or creation + calls follow symlinks. + +* make sure systemd-ask-password-wall does not shutdown systemd-ask-password-console too early + +* verify that the AF_UNIX sockets of a service in the fs still exist + when we start a service in order to avoid confusion when a user + assumes starting a service is enough to make it accessible + +* Make it possible to set the keymap independently from the font on + the kernel cmdline. Right now setting one resets also the other. + +* and a dbus call to generate target from current state + +* write blog stories about: + - hwdb: what belongs into it, lsusb + - enabling dbus services + - status update + - how to make changes to sysctl and sysfs attributes + - remote access + - how to pass throw-away units to systemd, or dynamically change properties of existing units + - testing with Harald's awesome test kit + - auto-restart + - how to develop against journal browsing APIs + - the journal HTTP iface + - non-cgroup resource management + - dynamic resource management with cgroups + - refreshed, longer missions statement + - calendar time events + - init=/bin/sh vs. "emergency" mode, vs. "rescue" mode, vs. "multi-user" mode, vs. "graphical" mode, and the debug shell + - how to create your own target + - instantiated apache, dovecot and so on + - hooking a script into various stages of shutdown/rearly booot + +* investigate whether the gnome pty helper should be moved into systemd, to provide cgroup support. + +* dot output for --test showing the 'initial transaction' + +* fingerprint.target, wireless.target, gps.target, netdevice.target + +* pid1: + - .timer units should optionally support CLOCK_BOOTTIME in addition to CLOCK_MONOTONIC + - When logging about multiple units (stopping BoundTo units, conflicts, etc.), + log both units as UNIT=, so that journalctl -u triggers on both. + - generate better errors when people try to set transient properties + that are not supported... + http://lists.freedesktop.org/archives/systemd-devel/2015-February/028076.html + - maybe introduce WantsMountsFor=? Usecase: + http://lists.freedesktop.org/archives/systemd-devel/2015-January/027729.html + - recreate systemd's D-Bus private socket file on SIGUSR2 + - GC unreferenced jobs (such as .device jobs) + - move PAM code into its own binary + - when we automatically restart a service, ensure we restart its rdeps, too. + - hide PAM options in fragment parser when compile time disabled + - Support --test based on current system state + - If we show an error about a unit (such as not showing up) and it has no Description string, then show a description string generated form the reverse of unit_name_mangle(). + - after deserializing sockets in socket.c we should reapply sockopts and things + - drop PID 1 reloading, only do reexecing (difficult: Reload() + currently is properly synchronous, Reexec() is weird, because we + cannot delay the response properly until we are back, so instead of + being properly synchronous we just keep open the fd and close it + when done. That means clients do not get a successful method reply, + but much rather a disconnect on success. + - when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr + - when a bus name of a service disappears from the bus make sure to queue further activation requests + +* unit files: + - allow port=0 in .socket units + - maybe introduce ExecRestartPre= + - add ReloadSignal= for configuring a reload signal to use + - implement Register= switch in .socket units to enable registration + in Avahi, RPC and other socket registration services. + - allow Type=simple with PIDFile= + https://bugzilla.redhat.com/show_bug.cgi?id=723942 + - allow writing multiple conditions in unit files on one line + - load-fragment: when loading a unit file via a chain of symlinks + verify that it is not masked via any of the names traversed. + - introduce Type=pid-file + - ExecOnFailure=/usr/bin/foo + - introduce mix of BindTo and Requisite + - add a concept of RemainAfterExit= to scope units + - Set NoNewPrivileges= on all of our own services, where that makes sense + - Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely + - consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup= + +* udev-link-config: + - Make sure ID_PATH is always exported and complete for + network devices where possible, so we can safely rely + on Path= matching + - check MTUBytes parsing (expecting size_t but we are using unsigned) + +* sd-rtnl: + - add support for more attribute types + - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places + +* networkd: + - add more keys to [Route] and [Address] sections + - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config) + - add proper initrd support (in particular generate .network/.link files based on /proc/cmdline) + - add reduced [Link] support to .network files + - add Scope= parsing option for [Network] + - properly handle routerless dhcp leases + - work with non-Ethernet devices + - add support for more bond options + - dhcp: do we allow configuring dhcp routes on interfaces that are not the one we got the dhcp info from? + - the DHCP lease data (such as NTP/DNS) is still made available when + a carrier is lost on a link. It should be removed instantly. + - expose in the API the following bits: + - option 15, domain name and/or option 119, search list + - option 12, host name and/or option 81, fqdn + - option 123, 144, geolocation + - option 252, configure http proxy (PAC/wpad) + - provide a way to define a per-network interface default metric value + for all routes to it. possibly a second default for DHCP routes. + - allow Name= to be specified repeatedly in the [Match] section. Maybe also + support Name=foo*|bar*|baz ? + - duplicate address check for static IPs (like ARPCHECK in network-scripts) + - allow DUID/IAID to be customized, see issue #394. + - whenever uplink info changes, make DHCP server send out FORCERENEW + +* networkd-wait-online: + - make operstates to wait for configurable? + +* dhcp: + - figure out how much we can increase Maximum Message Size + - support RFC4702 (pass FQDN) + +* dhcp6: + - add functions to set previously stored IPv6 addresses on startup and get + them at shutdown; store them in client->ia_na + - write more test cases + - implement reconfigure support, see 5.3., 15.11. and 22.20. + - implement support for temporary adressess (IA_TA) + - implement dhcpv6 authentication + - investigate the usefulness of Confirm messages; i.e. are there any + situations where the link changes without any loss in carrier detection + or interface down + - some servers don't do rapid commit without a filled in IA_NA, verify + this behavior + - RouteTable= ? + +External: + +* dbus: + - natively watch for dbus-*.service symlinks (PENDING) + - teach dbus to activate all services it finds in /etc/systemd/services/org-*.service + +* fix alsa mixer restore to not print error when no config is stored + +* make cryptsetup lower --iter-time + +* patch kernel for xattr support in /dev, /proc/, /sys? + +* kernel: add device_type = "fb", "fbcon" to class "graphics" + +* drop accountsservice's StandardOutput=syslog and Type=dbus fields + +* dbus: in fedora, make /var/lib/dbus/machine-id a symlink to /etc/machine-id + +* /usr/bin/service should actually show the new command line + +* fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people to think about changing the start limit logic. Also point people to RestartPreventExitStatus=, SuccessExitStatus= + +* fedora: F20: go timer units all the way, leave cron.daily for cron + +* neither pkexec nor sudo initialize environ[] from the PAM environment? + +* fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it + +* register catalog database signature as file magic + +* zsh shell completion: + - <command> <verb> -<TAB> should complete options, but currently does not + - systemctl add-wants,add-requires + + +Regularly: + +* look for close() vs. close_nointr() vs. close_nointr_nofail() + +* check for strerror(r) instead of strerror(-r) + +* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel + +* pahole + +* set_put(), hashmap_put() return values check. i.e. == 0 does not free()! + +* use secure_getenv() instead of getenv() where appropriate + +* link up selected blog stories from man pages and unit files Documentation= fields |