TODO - OpenGrok cross reference for /systemd-251/TODO

Lines Matching refs:it
17    - teach dbus to activate all services it finds in /etc/systemd/services/org-*.service
27 … declare access mode and ownership of unit files to root:root 0644, and add an rpmlint check for it
37 * If timer has just OnInactiveSec=..., it should fire after a specified time
41   - hwdb: what belongs into it, lsusb
92   container managers find it. the ~/.identity file is also a candidate for a
93   file to move there, since it is managed by privileged code (i.e. homed) and
110   of its own, because then it is next to the kernel and initrd which after all
119   policies (e.g. the string like "4+7+9") so that it can also include explicit
130   to target dir in /tmp, and bind through it.
151   it. when developer mode is entered generate a key pair in the TPM2, and add
152   the public part of it automatically to keychain of valid code signature keys
155   binding it to locality/PCRs so that that keys cannot be generated otherwise.
159   set up the directory so that it can only be accessed if host and app are in
191   for it, or when read() returns EAGAIN or on IN_Q_OVERFLOW. Then, whenever we
192   see an inotify wd event check against this set, and if it is contained ignore
204   cmdline. Usecase: invoke a VM, and mount a host homedir into it via
223     and synthesize initrd from it, and measure it. Signing is not necessary, as
233   to report when it starts reloading, and when it is complete reloading. Care
237   while we are at it, also maybe extend the logic to require handling of some
309   all it does is download a file from a http server, and execute it, after
312   drop it into the unified kernel dir in the ESP. And bam you have something
313   that is tiny, feels a lot like a unified kernel, but all it does is chainload
330   configuration bundle, and activate it, so that it is instantly visible,
346   invoke a VM or nspawn container in a way it automatically deploys/runs these
358   make it harder for the service to identify the host. Depending on the user
359   setting it should be fully randomized at invocation time, or a hash of the
381     call it at the end only
422   (because it contains only static go binaries in /opt/ or so)
430   enabled. Specifically in some top-level dir /@auto/ it will look for
441   dissection logic, so that nspawn/RootImage= and so on grok it. Maybe make
442   generic enough so that it can also work for ostrees arrangements.
449   records for it, that reports the home dir as "/" and the shell as some binary
450   provided by us. Then, when an SSH login happens and SSH permits it our binary
452   it's not around yet, prompting the user for a password. Once that succeeded
467   and use it in the initrd to log in as root with locally selected password,
492   is mostly the same but does not pull in user@.service or wait for it. Then,
517   on boot. (i.e. maybe add a crypttab option tpm2-measure=8 or so to measure it
562 * systemd-sysext: optionally, run it in initrd already, before transitioning
566   off screen and run it automatically on boot failures, emergency logs and
574   already have it.
582   socket: connect() to it.
586 * Similar, Load= which takes literal data in text or base64 format, and puts it
604   until it gives an OK. That way, tools like gdb or strace can be safely be
622     /var/lib is root-only) and add --user switch to systemd-creds to use it
659 * when configuring loopback netif, and it fails due to EPERM, eat up error if
660   it happens to be set up alright already.
670   it up from there in sd_bus_creds logic. i.e. we can use the socket peer
671   address as conduit for some minimal connection metainfo, and use it to
691 * if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
701   when it exits
726 * seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out
731 * busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
745   - port fsprg over to a dlopen lib, then switch it to openssl
764   it for reaping assigned but unknown children. This needs to some special care
785 * teach parse_timestamp() timezones like the calendar spec already knows it
793   threshold, go to suspend again, only hibernate if below it. This means we'd
797   i.e. see if it can wake up machines from suspend, so that we could resume
806   content. After all it is constant vendor data.
814   uuid from these three things has the benefit that it can be derived easily
827   then check sending UID and ignore message if it doesn't match the user or
848   usefaultd() and make systemd-analyze check for it.
897   it is OK to include them in log strings. This would be particularly useful so
906   selected user is resolvable in the service even if it ships its own /etc/passwd)
909   other doesn't. What a disaster. Probably to exclude it.
911 * Check that users of inotify's IN_DELETE_SELF flag are using it properly, as
949   options so that it is possible to move user session scopes and machines to a
980   the runtime dir as we maintain for the fdstore: i.e. keep it around as long
986   makes sure the processes in it can never migrate out of it
996   make it lose its identity, i.e. be anonymous. For this we'd have to patch
1000 * optionally, collect cgroup resource data, and store it in per-unit RRD files,
1002   possibly implement a CPULoad property based on it.
1012   StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
1018 * expose IO accounting data on the bus, show it in systemd-run --wait and log
1019   about it in the resource log message
1031   the service cgroup, which is supposed to monitor the service, and when it
1035   process), so that it may be queried on the bus and everything.
1043 … support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plu…
1192   when it is otherwise off
1217 …side of the udev rules so that the state is properly initialized by the time other software sees it
1222   error. Currently, we just ignore it and read the unit from the search
1239   assumes starting a service is enough to make it accessible
1241 * Make it possible to set the keymap independently from the font on
1266 …- If we show an error about a unit (such as not showing up) and it has no Description string, then…
1271     being properly synchronous we just keep open the fd and close it
1308 * add a pam module that passes the hdd passphrase into the PAM stack and then expires it, for usage…
1387   fork a container, and make it ping some specific address which is defined by
1393 * firstboot: make it useful to be run immediately after yum --installroot to set up a machine. (mos…
1403 * efi stub: optionally, load initrd from disk as a separate file, HMAC check it
1422   - teach it to prepare an ESP wholesale, i.e. with mkfs.vfat invocation
1423   - teach it to copy in unified kernel images and maybe type #1 boot loader spec entries from host
1424   - make it operate on loopback files, dissecting enough to find ESP to operate on
1446     logout dialog. If it is pressed for 1s, do the usual
1450   - rename session scope so that it includes the UID. THat way
1456   - expose details of boot entries on the bus. In particular, it should be possible
1466 * delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
1467 …in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-id…
1486     so it is possible to display when the file was last synced.
1487 …et is clogged, and we drop, count this and write a message about this when it gets unclogged again.
1501     to syslog when it works again.
1508     do not have to open it to know that it is not interesting for us, for
1551   O_NONBLOCK on it. That way people can control if and when to block for
1591     doesn't mean user B sees it
1600     and always verify passwords against it too. Bootstrapping is a problem
1604   - maybe pre-create ~/.cache as subvol so that it can have separate quota
1606   - add a switch to homectl (maybe called --first-boot) where it will check if
1612     systemd-cryptsetup, so that it can unlock homed volumes
1619     but probably shouldn't be part of the record itself, since it might be
1624   partition on disk, but only if it is marked for growing and not read-only.
1630   or so. (this is useful to factory reset an image, then putting it into
1659   of repart files for the case where ESP is large enough and one where it isn't
1660   and XBOOTLDR is added in instead.  Then apply the former first, and if it
1670   them (think ESP: we don't ever want to grow it, since we cannot resize vfat)
1672 * systemd-repart: make it a static checker during early boot for existence and
1690   - add systemctl switch to dump transaction without executing it
1694     about it. Should fix both to print nice actionable messages.
1703   it should skip the variant type string though.
1721 * "systemctl preset-all" should probably order the unit files it
1737     (i.e. by scanning for symlinks to it) and link them all to /dev/null
1747   - a nice way to boot up without machine id set, so that it is set at boot
1791   - introduce systemd-nspawn-ephemeral@.service, and hook it into
1798     shell in it, and marks it read-only after use
1846      for all routes to it. possibly a second default for DHCP routes.