mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
update TODO
This commit is contained in:
parent
fec81dedfd
commit
f351e951d3
7
TODO
7
TODO
@ -129,6 +129,13 @@ Deprecations and removals:
|
||||
|
||||
Features:
|
||||
|
||||
* mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
|
||||
uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.
|
||||
|
||||
* mount the root fs with MS_NOSUID by default, and then mount /usr/ without
|
||||
both so that suid executables can only be placed there. Do this already in
|
||||
the initrd. If /usr/ is not split out create a bind mount automatically.
|
||||
|
||||
* rework journalctl -M to be based on a machined method that generates a mount
|
||||
fd of the relevant journal dirs in the container with uidmapping applied to
|
||||
allow the host to read it, while making everything read-only.
|
||||
|
Loading…
Reference in New Issue
Block a user