From d82047bef5b8a35fb2d1d4685f241383df1a1d76 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 14 Jul 2016 12:26:07 +0200 Subject: update TODO --- TODO | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index ef25ef578e..bb36522bf9 100644 --- a/TODO +++ b/TODO @@ -33,6 +33,29 @@ Janitorial Clean-ups: Features: +* RemoveIPC= in unit files for removing POSIX/SysV IPC objects + +* Set SERVICE_RESULT= as env var while running ExecStop= + +* Introduce ProtectSystem=strict for making the entire OS hierarchy read-only + except for a select few + +* nspawn: start UID allocation loop from hash of container name + +* in the DynamicUser=1 nss module, also map "nobody" and "root" statically + +* pid1: log about all processes we kill with with SIGKILL or in abandoned scopes, as this should normally not happen + +* nspawn: support that /proc, /sys/, /dev are pre-mounted + +* nspawn: mount esp, so that bootctl can work + +* define gpt header bits to select volatility mode + +* nspawn: mount loopback filesystems with "discard" + +* Make TasksMax= take percentages, taken relative to the pids_max sysctl and pids.max cgroup limit + * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc @@ -46,7 +69,7 @@ Features: * PrivateUsers= which maps the all user ids except root and the one specified in User= to nobody -* Add AllocateUser= for allowing dynamic user ids per-service +* ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. @@ -60,8 +83,6 @@ Features: * RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) -* nspawn: make /proc/sys/net writable? - * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates -- cgit v1.2.3 From 8ce9b83a8f0316b42143ad01c10e4944acc85e87 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Aug 2016 18:40:48 +0200 Subject: update TODO --- TODO | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index bb36522bf9..0199d9d509 100644 --- a/TODO +++ b/TODO @@ -66,11 +66,10 @@ Features: * ProtectKeyRing= to take keyring calls away -* PrivateUsers= which maps the all user ids except root and the one specified - in User= to nobody - * ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only +* RemoveKeyRing= to remove all keyring entries of the specified user + * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. @@ -90,6 +89,11 @@ Features: * expose the "privileged" flag of ExecCommand on the bus, and open it up to transient units +* in nss-systemd, if we run inside of RootDirectory= with PrivateUsers= set, + find a way to map the User=/Group= of the service to the right name. This way + a user/group for a service only has to exist on the host for the right + mapping to work. + * allow attaching additional journald log fields to cgroups * rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the -- cgit v1.2.3 From d47f681b285b1dfb7ce68200205bfe8b835657a2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 27 Jul 2016 13:30:58 +0200 Subject: update TODO --- TODO | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index bb36522bf9..723292cde0 100644 --- a/TODO +++ b/TODO @@ -35,27 +35,17 @@ Features: * RemoveIPC= in unit files for removing POSIX/SysV IPC objects -* Set SERVICE_RESULT= as env var while running ExecStop= - * Introduce ProtectSystem=strict for making the entire OS hierarchy read-only except for a select few * nspawn: start UID allocation loop from hash of container name -* in the DynamicUser=1 nss module, also map "nobody" and "root" statically - -* pid1: log about all processes we kill with with SIGKILL or in abandoned scopes, as this should normally not happen - * nspawn: support that /proc, /sys/, /dev are pre-mounted -* nspawn: mount esp, so that bootctl can work - * define gpt header bits to select volatility mode * nspawn: mount loopback filesystems with "discard" -* Make TasksMax= take percentages, taken relative to the pids_max sysctl and pids.max cgroup limit - * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc -- cgit v1.2.3