Lines Matching refs:and
23 * fedora: suggest auto-restart on failure, but not on success and not on coredump. also, ask people…
27 * fedora: update policy to declare access mode and ownership of unit files to root:root 0644, and a…
43 - how to make changes to sysctl and sysfs attributes
54 …mergency" mode, vs. "rescue" mode, vs. "multi-user" mode, vs. "graphical" mode, and the debug shell
56 - instantiated apache, dovecot and so on
71 * link up selected blog stories from man pages and unit files Documentation= fields
77 * rework mount.c and swap.c to follow proper state enumeration/deserialization
86 images that owned by arbitrary UIDs, and are owned/managed by the users, but
88 privileged dirs inside of unprivileged dirs, and thus containers really
93 file to move there, since it is managed by privileged code (i.e. homed) and
100 unified kernel binaries. This section should be picked up by sd-stub, and
110 of its own, because then it is next to the kernel and initrd which after all
112 thus mean, calculating PCR values for the raw kernel image, and raw initrd
113 image, then signing those PCR values with a vendor key, and then combining
114 sd-stub, raw kernel image, raw initrd, and PCR signature into a unified
117 * a new tool "systemd-trust" or so, that can calculate PCR hashes offline, and
122 and file names to calculate hashes from, i.e.
127 * maybe add support for binding and connecting AF_UNIX sockets in the file
130 to target dir in /tmp, and bind through it.
133 for a service credential named after the file path to write to, and load
138 systemd-tmpfiles.service, and then provision an SSH access key through
145 Usecase: deploy a system, and add an account one can directly log into.
151 it. when developer mode is entered generate a key pair in the TPM2, and add
158 via TPM2. Specifically, for StateDirectory= (and related dirs) use fscrypt to
159 set up the directory so that it can only be accessed if host and app are in
165 generation counter into account that can only monotonically increase and can
177 cloud-init/ignitation and similar can parameterize the host with data they
190 descriptors, and clear this set piecemeal when we see the IN_IGNORED event
192 see an inotify wd event check against this set, and if it is contained ignore
198 creds, sysexts and so on. similar to existing variable of sd-boot
204 cmdline. Usecase: invoke a VM, and mount a host homedir into it via
209 - sysext should pick up sysext images from /.extra/ in the initrd, and insist
214 machine id, root pw, rootfs uuid, resume partition uuid, and place next to
216 the TPM, and bind to the right PCR the kernel is measured to.
217 - kernel-install should be able to pick up initrd sysexts automatically and
223 and synthesize initrd from it, and measure it. Signing is not necessary, as
231 further and extends the protocol to cover reloads. Specifically, SIGHUP will
232 become the official way to reload, and daemon has to respond with sd_notify()
233 to report when it starts reloading, and when it is complete reloading. Care
249 (which has benefits, given SecureBoot and kernel cmdline are not necessarily
253 then passing $NOTIFY_SOCKET and $NOTIFY_GUESTCID with PID1's cid (typically
254 fixed to "2", i.e. the official host cid) and the expected guest cid, for the
260 extending the command line to enable vsock on the VM, and using fw_cfg to
284 priority, but leave enabled, and once ratelimit window is over, upgrade
297 /loader/entries/ dir, look for a file /loader/entries/SHA256SUMS and use that
304 files, drivers, keys to enroll and so on. Then, add whatever we find that way
309 all it does is download a file from a http server, and execute it, after
311 binary with some minimal info about an URL + hash sum, plus .osrel data, and
314 the real kernel. benefit: downloading these stubs would be tiny and quick,
319 are used, and hence kernel cmdline cannot be modified locally
328 but operates on /etc/ instead of /usr/ and /opt/. Use case would be: trusted,
330 configuration bundle, and activate it, so that it is instantly visible,
339 boot-up is completed successfully, and use that in nspawn for dealing with
340 boot counting, implemented in the partition table labels and directory names.
343 systemd.pull-raw-portable=, systemd-pull-raw-sysext= and similar switches
348 payload you like, which is then downloaded, securely verified and run.
357 /etc/machine-id and /proc/sys/kernel/random/boot_id with synthetic files, to
363 options. Particularly useful for portable services, and anything else that
368 create a structured log entry that contains boot ID, monotonic clock and
372 of this kinda that has a matching boot id, and convert the monotonic clock
384 vs. Question vs. Transaction vs. Stream and so on.
391 * bootspec: bring UEFI and userspace enumeration of bootspec entries back into
396 * add linker script that implicitly adds symbol for build ID and new coredump
397 json package metadata, and use that when logging
404 * Add systemd-analyze security checks for RestrictFileSystems= and
407 * cryptsetup/homed: implement TOTP authentication backed by TPM2 and its
413 * man: rework os-release(5), and clearly separate our extension-release.d/ and
426 unlocked over locked and prefer non-empty over empty.
429 initrd and rearranges the rootfs hierarchy via bind mounts, if
431 dirs/symlinks/subvolumes that are named after their purpose, and optionally
432 encode a version as well as assessment counters, and then mount them into the
441 dissection logic, so that nspawn/RootImage= and so on grok it. Maybe make
445 strverscmp() of everything inside that dir and use that. i.e. implement very
446 simple version control. Also use this in systemd-nspawn --image= and so on.
449 records for it, that reports the home dir as "/" and the shell as some binary
450 provided by us. Then, when an SSH login happens and SSH permits it our binary
451 is invoked. This binary can then talk to homed and activate the homedir if
453 we'll switch to the real user record, i.e. home dir and shell, and our tool
462 will work for RSA and Ed25519 keys.
465 credential logic and drops them into /run where nss-systemd can pick them up,
467 and use it in the initrd to log in as root with locally selected password,
479 shutdown, and has similar security semantics. This should then take the place
490 * logind introduce two types of sessions: "heavy" and "light". The former would
494 parameters, and then make user@.service's session one of these "light" ones.
495 People could then choose to make FTP sessions and suchlike "light" if they
501 externally and provide to us on demand only.
513 that such container images are entirely stand-alone and can be updated as
521 what must be read-only, what requires encryption, and what requires
548 /var/lib/portable/ and so on.
566 off screen and run it automatically on boot failures, emergency logs and
580 system paths at service startup time and pass them to the service process via
584 * Similar, ConnectStream= which takes IP addresses and connects to them.
586 * Similar, Load= which takes literal data in text or base64 format, and puts it
587 into a memfd, and passes that. This enables some fun stuff, such as embedding
592 socket unit, and which will connect to the socket defined therein, and pass
603 "systemd-analyze debug" instance shall be contacted and execution paused
621 - make user manager instances create and use a user-specific key (the one in
622 /var/lib is root-only) and add --user switch to systemd-creds to use it
628 --pcrs=4:<hash> or so, i.e. select a PCR to include in the hash, and then
632 and such
636 * cryptsetup: if only recovery keys are registered and no regular passphrases,
641 * cryptsetup: optionally, when run during boot-up and password is never
642 entered, and we are on battery power (or so), power off machine again
644 * cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
645 allow plymouth to abort the waiting and enter pw instead
659 * when configuring loopback netif, and it fails due to EPERM, eat up error if
669 socket name in abstract namespace to include "description" string, and pick
671 address as conduit for some minimal connection metainfo, and use it to
687 component is found and then allows the caller to create the rest.
689 * make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np().
709 - bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are,
710 since they are so basic and our defaults)
718 * systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum,
719 mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such
732 exists and responds.
736 activated right before hibernation and thus never used for regular swapping.
747 * add growvol and makevol options for /etc/crypttab, similar to
748 x-systemd.growfs and x-systemd-makefs.
750 * userdb: allow username prefix searches in varlink API, allow realname and
768 with higher prio explicitly, and then watch the entire rest with P_ALL.
770 * tweak sd-event's child watching: keep a prioq of children to watch and use
772 and ignore all lower-prio ones from that point on
777 that's outside of the LUKS encryption/verity verification, and we probably
798 automatically when the system is low on power and move automatically to
801 section 10.2.2.8 and
815 from /proc/$PID/ in a stable, and unique way that changes on both fork() and
821 process is under ptracing and then log loudly and continue instead.
824 gnome-bluetooth and friends
827 then check sending UID and ignore message if it doesn't match the user or
847 * add a new syscall group "@esoteric" for more esoteric stuff such as bpf() and
848 usefaultd() and make systemd-analyze check for it.
851 first. i.e. look for all places we use free_and_erasep() and
858 log.c and sd-journal-send
873 sufficient to build a link by prefixing "http://" and suffixing the
885 * hibernate/s2h: make this robust and safe to enable in Fedora by default.
890 2. check if swap is on weird storage and refuse if so
899 files and suchlike we operate on.
914 zero and is not open anymore, while the latter happens when a file is
924 files and directories that are left writable for a unit, and which are
933 directory trees from the host to the services RootImage= and RootDirectory=
934 environment. Which we can use for /etc/machine-id and in particular
935 /etc/resolv.conf. Should be smart and do something useful on read-only
943 and so on, which would mean we could report errors and such.
948 be moved somewhere else too. Finally machined and logind should get similar
949 options so that it is possible to move user session scopes and machines to a
959 * calenderspec: add support for week numbers and day numbers within a
963 and asynchronously before dispatching the operation
965 * sd-bus: parse addresses given in sd_bus_set_addresses immediately and not
975 doing disk usage calculations and so on.
988 * blog about fd store and restartable services
992 * rework ExecOutput and ExecInput enums so that EXEC_OUTPUT_NULL loses its
993 magic meaning and is no longer upgraded to something else if set explicitly.
1000 * optionally, collect cgroup resource data, and store it in per-unit RRD files,
1001 suitable for processing with rrdtool. Add bus API to access this data, and
1018 * expose IO accounting data on the bus, show it in systemd-run --wait and log
1025 * add some optional flag to ReadWritePaths= and friends, that has the effect
1031 the service cgroup, which is supposed to monitor the service, and when it
1035 process), so that it may be queried on the bus and everything.
1037 * add a new "debug" job mode, that is propagated to unit_start() and for
1039 execve() and turn off watchdog support. Then, use that to implement
1043 * gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt b…
1045 * add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and
1065 * ProtectReboot= that masks reboot() and kexec_load() syscalls, prohibits kill
1066 on PID 1 with the relevant signals, and makes relevant files in /sys and
1091 * optionally, also require WATCHDOG=1 notifications during service start-up and shutdown
1099 the specified range and generates sane error messages for incorrect
1104 * PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when ru…
1114 Note that we start initrd-fs.target and initrd-cleanup.target there, so a straightforward
1152 * merge ~/.local/share and ~/.local/lib into one similar /usr/lib and /usr/share....
1182 they run added to the initial transaction and thus confuse Type=idle.
1194 * MessageQueueMessageSize= (and suchlike) should use parse_iec_size().
1197 service instances processing the listening socket, and open this up
1211 * when we detect low battery and no AC on boot, show pretty splash and refuse boot
1215 * be more careful what we export on the bus as (usec_t) 0 and (usec_t) -1
1222 error. Currently, we just ignore it and read the unit from the search
1227 * man: the documentation of Restart= currently is very misleading and suggests the tools from ExecS…
1244 * and a dbus call to generate target from current state
1266 …- If we show an error about a unit (such as not showing up) and it has no Description string, then…
1267 - after deserializing sockets in socket.c we should reapply sockopts and things
1271 being properly synchronous we just keep open the fd and close it
1277 processes in a service's cgroup share the same cookie and are guaranteed not to share SMT cores
1285 in Avahi, RPC and other socket registration services.
1300 * clean up date formatting and parsing so that all absolute/relative timestamps we format can also …
1308 * add a pam module that passes the hdd passphrase into the PAM stack and then expires it, for usage…
1316 destination path over /etc and /usr. We should not do that. Instead
1317 /etc should always override /run+/usr and also any symlink
1334 and we might want to requeue the mounts local-fs acquired through
1341 * shutdown logging: store to EFI var, and store to USB stick?
1343 * merge unit_kill_common() and unit_kill_context()
1345 * add a dependency on standard-conf.xml and other included files to man pages
1369 - document chaining of signal handler for SIGCHLD and child handlers
1371 - maybe support iouring as backend, so that we allow hooking read and write
1387 fork a container, and make it ping some specific address which is defined by
1397 enroll them as PK/KEK/db, turn off setup mode and proceed. Optionally,
1400 installer images can just drop the certfiicates in the ESP, and on first boot
1408 host, and used kernel, and means people cannot change initrd or kernel
1414 …- change bootctl to be backed by systemd-bootd to control temporary and persistent default boot go…
1423 - teach it to copy in unified kernel images and maybe type #1 boot loader spec entries from host
1436 …ch take timestamps to fix double suspend issues when somebody hits suspend and closes laptop quick…
1451 the session scope can be arranged freely in slices and we don't have
1453 - follow PropertiesChanged state more closely, to deal with quick logouts and
1463 user@.service, which returns the XDG_RUNTIME_DIR value, and make this
1482 …-journal" utility to invoke from libsystemd-journal, which passes fds via STDOUT and does PK access
1484 and !FOOBAR for events without FOOBAR.
1487 …- journal-send.c, log.c: when the log socket is clogged, and we drop, count this and write a messa…
1491 - refuse taking lower-case variable names in sd_journal_send() and friends.
1495 - Replace utmp, wtmp, btmp, and lastlog completely with journal
1502 - journald: allow per-priority and per-service retention times when rotating/vacuuming
1512 - Set RLIMIT_NPROC for systemd-journal-xyz, and all other of our
1513 services that run under their own user ids, and use User= (but only
1516 if LimitNPROC= is used without User= we should warn and refuse
1520 - add journalctl -H that talks via ssh to a remote peer and passes through
1524 them via machined, and also watch containers coming and going.
1533 time-based policy, so that the verification key can remain on host and ve
1537 pages, and include hyperlinks to them in the journal output
1545 keyed by cgroup path, and guarded by ctime changes. This should provide us
1550 the sd-journal logging socket, and, if the timeout is set to 0, sets
1551 O_NONBLOCK on it. That way people can control if and when to block for
1562 and we should also have a unit test to check that all our message are OK.)
1572 beefing up logind to make pam session close hook synchronous and wait until
1576 images (and btrfs snapshots of subvolumes) (think: time machine)
1593 - permit multiple user record signing keys to be used locally, and pick
1597 and insert a local signature instead.
1600 and always verify passwords against it too. Bootstrapping is a problem
1602 unlock the volume in order to create the first user and add the first pw.
1607 any non-system users exist, and if not prompts interactively for basic user
1609 after systemd-homed, but before gdm and friends, as a simple, barebones
1624 partition on disk, but only if it is marked for growing and not read-only.
1647 Type=, so that partition definitions can sanely apply to both the GPT and the
1659 of repart files for the case where ESP is large enough and one where it isn't
1660 and XBOOTLDR is added in instead. Then apply the former first, and if it
1664 and always create anew even if matching partition already exists.
1672 * systemd-repart: make it a static checker during early boot for existence and
1680 … containing packaging guidelines and recommending usage of things like Documentation=, PrivateTmp=…
1686 - man: maybe sort directives in man pages, and take sections from --help and apply them to man too
1691 - Add a verbose mode to "systemctl start" and friends that explains what is being done or not done
1692 - "systemctl disable" on a static unit prints no message and does
1693 nothing. "systemctl enable" does nothing, and gives a bad message
1695 …- print nice message from systemctl --failed if there are no entries shown, and hook that into Exe…
1699 - systemctl status output should include list of triggering units and their status
1706 status"-like outputs (i.e. with a series of field names left and values
1707 right) become genuine first class citizens, and we gain automatic, sane JSON
1712 the slices, and the units attached to them.
1737 (i.e. by scanning for symlinks to it) and link them all to /dev/null
1740 - emulate /dev/kmsg using CUSE and turn off the syslog syscall
1742 systemd can log to during early boot, and disconnect container logs
1758 switch that takes one or more arguments, and applies the extensions already
1791 - introduce systemd-nspawn-ephemeral@.service, and hook it into
1798 shell in it, and marks it read-only after use
1808 …- when truncating coredumps, also log the full size that the process had, and make a metadata fiel…
1823 - Make sure ID_PATH is always exported and complete for
1829 - inbuilt piping support (essentially degenerate async)? see loopback-setup.c and other places
1832 - add more keys to [Route] and [Address] sections
1833 - add support for more DHCPv4 options (and, longer term, other kinds of dynamic config)
1842 - option 12, hostname and/or option 81, fqdn
1859 - add functions to set previously stored IPv6 addresses on startup and get
1862 - implement reconfigure support, see 5.3., 15.11. and 22.20.