mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
update TODO
This commit is contained in:
parent
a5efbf468c
commit
a8796773b0
21
TODO
21
TODO
@ -79,6 +79,21 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* tmpfiles: for f/F/w lines, if the argument columns is left unspecified, look
|
||||
for a service credential named after the file path to write to, and load
|
||||
contents to write from there. Usecase: provision arbitrary files from
|
||||
credentials. Example use: with a line like "f /root/.ssh/authorized-keys
|
||||
0644 root root" in a tmpfiles.d/ snippet add
|
||||
LoadCredential=root.ssh.authorized-keys via drop-in to
|
||||
systemd-tmpfiles.service, and then provision an SSH access key through
|
||||
nspawn's --load-credential=, through qemu's fw_cfg, or via systemd-stub's
|
||||
credntial pick-up. The latter is particularly interesting to implement SSH
|
||||
access to an initrd.
|
||||
|
||||
* systemd-homed: when initializing, look for a credential sysemd.homed.register
|
||||
or so with JSON user records to automatically register if not registered yet.
|
||||
Usecase: deploy a system, and add an account one can directly log into.
|
||||
|
||||
* add a proper concept of a "developer" mode, i.e. where cryptographic
|
||||
protections of the root OS are weakened after interactive confirmation, to
|
||||
allow hackers to allow their own stuff. idea: allow entering developer mode
|
||||
@ -174,9 +189,6 @@ Features:
|
||||
the sigqueue() data parameter. With that we extended with minimal logic the
|
||||
service runtime logic quite substantially.
|
||||
|
||||
* get_color_mode() should probably check the $COLORTERM environment variable
|
||||
which most terminal environments appear to set.
|
||||
|
||||
* firstboot: maybe just default to C.UTF-8 locale if nothing is set, so that we
|
||||
don't query this unnecessarily in entirely uninitialized
|
||||
containers. (i.e. containers with empty /etc).
|
||||
@ -788,9 +800,6 @@ Features:
|
||||
|
||||
* Move RestrictAddressFamily= to the new cgroup create socket
|
||||
|
||||
* support the bind/connect/sendmsg cgroup stuff for sandboxing, and possibly
|
||||
patching around
|
||||
|
||||
* maybe implicitly attach monotonic+realtime timestamps to outgoing messages in
|
||||
log.c and sd-journal-send
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user