diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-08-06 22:41:35 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-08-06 23:04:45 +0200 |
| commit | d87a2ef78277177b363f3d603221183d22811a82 (patch) | |
| tree | d5dcb1b973d3ab79d3fe331a56bc924a56f8d2b1 /TODO | |
| parent | journal-gatewayd: fix segfault with certain request (#3893) (diff) | |
| parent | update TODO (diff) | |
| download | systemd-d87a2ef78277177b363f3d603221183d22811a82.tar.xz systemd-d87a2ef78277177b363f3d603221183d22811a82.zip | |
Merge pull request #3884 from poettering/private-users
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -56,11 +56,10 @@ Features: * ProtectKeyRing= to take keyring calls away -* PrivateUsers= which maps the all user ids except root and the one specified - in User= to nobody - * ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only +* RemoveKeyRing= to remove all keyring entries of the specified user + * Add DataDirectory=, CacheDirectory= and LogDirectory= to match RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. @@ -80,6 +79,11 @@ Features: * expose the "privileged" flag of ExecCommand on the bus, and open it up to transient units +* in nss-systemd, if we run inside of RootDirectory= with PrivateUsers= set, + find a way to map the User=/Group= of the service to the right name. This way + a user/group for a service only has to exist on the host for the right + mapping to work. + * allow attaching additional journald log fields to cgroups * rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the |