diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-09-30 17:29:01 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-09-30 17:44:25 +0200 |
| commit | 26e6986527fe553edf35a442a520deb10c45a155 (patch) | |
| tree | 18a9492fe2d584259e92554b740cb5124987d736 /TODO | |
| parent | Merge pull request #34564 from YHNdnzj/systemctl-status-job-id (diff) | |
| download | systemd-26e6986527fe553edf35a442a520deb10c45a155.tar.xz systemd-26e6986527fe553edf35a442a520deb10c45a155.zip | |
update TODO
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -39,7 +39,6 @@ External: - how to make changes to sysctl and sysfs attributes - remote access - how to pass throw-away units to systemd, or dynamically change properties of existing units - - testing with Harald's awesome test kit - auto-restart - how to develop against journal browsing APIs - the journal HTTP iface @@ -130,6 +129,24 @@ Deprecations and removals: Features: +* define a generic "report" varlink interface, which services can implement to + provide health/statistics data about themselves. then define a dir somewhere + in /run/ where components can bind such sockets. Then make journald, logind, + and pid1 itself implement this and expose various stats on things there. Then + issue parallel calls to these interfaces from the systemd-report tool, + combine into one json document, and include measurment logs and tpm + quote. tpm quote should proctect the json doc via the nonce field + studd. Allow shipping this off elsewhere for analyze. + +* sd-varlink: maybe add flag(s) to mark methods accepti/require "more" calls in + introspection structures already now, even if IDL doesn't know a construct to + advertise this. But do enforce it when validating incoming method calls, so + that we definitely have the data around and valid. For now, generate an IDL + comment based on this info. + +* The bind(AF_UNSPEC) construct (for resetting sockets to their initial state) + should be blocked in many cases because it punches holes in many sandboxes. + * find a nice way to opt-in into auto-masking SIGCHLD on first sd_event_add_child(), and then get rid of many more explicit sigprocmask() calls. @@ -598,6 +615,8 @@ Features: * measure some string via pcrphase whenever we end up booting into emergency mode. +* similar, measure some string via pcrphase whenver we resume from hibernate + * homed: add a basic form of secrets management to homed, that stores secrets in $HOME somewhere, is protected by the accounts own authentication mechanisms. Should implement something PKCS#11-like that can be used to |