diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-09-12 00:13:44 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-09-12 00:13:44 +0100 |
| commit | 4e0ceefeb66a5e6f3c45ba06b3841fef39f02487 (patch) | |
| tree | b6304de86614d43c0b417711743f77b0ac324da9 /TODO | |
| parent | 03f48fc7c38bdb42aefc55bc916822650fefe4f6 (diff) | |
| download | systemd-4e0ceefeb66a5e6f3c45ba06b3841fef39f02487.tar.gz | |
update TODO
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -117,17 +117,27 @@ Deprecations and removals: Features: +* lock down acceptable encrypted credentials at boot, via simple allowlist, + maybe on kernel command line: + systemd.import_encrypted_creds=foobar.waldo,tmpfiles.extra to protect locked + down kernels from credentials generated on the host with a weak kernel + +* tmpfiles: currently if we fail to create an inode, we stat it first, and only + then O_PATH open it. Reverse that. + * during the initrd → host transition measure a fixed value into TPM PCR 11 (where we already measure the UKI into), so that unlock policies for disk enryption/credential encryption can be put together that only work in the initrd or only on the host (or both). -* Add support for extra verity configuration options to systemd-reart (FEC, hash type, etc) +* Add support for extra verity configuration options to systemd-repart (FEC, + hash type, etc) * chase_symlinks(): take inspiraton from path_extract_filename() and return O_DIRECTORY if input path contains trailing slash. -* chase_symlinks(): refuse resolution if trailing slash is specified on input, but final node is not a directory +* chase_symlinks(): refuse resolution if trailing slash is specified on input, + but final node is not a directory * chase_symlinks(): add new flag that simply refuses all symlink use in a path, then use that for accessing XBOOTLDR/ESP @@ -689,6 +699,13 @@ Features: images, to configure this. Also, add a kernel cmdline option for this, to be honoured by the gpt auto generator. + Alternative idea: add "systemd.gpt_auto_policy=rhvs" to allow gpt-auto to + only mount root dir, /home/ dir, /var/ and /srv/, but nothing else. And then + minor extension to this, insisting on encryption, for example + "systemd.gpt_auto_policy=r+v+h" to requre encryption for root and var but not + for /home/, and similar. Similar add --image-dissect-policy= to tools that + take --image= that take the same short string. + * nspawn: maybe optionally insert .nspawn file as GPT partition into images, so that such container images are entirely stand-alone and can be updated as one. |