mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 10:13:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Lennart Poettering 2023-05-02 12:39:59 +02:00
parent 093d545658
commit 5596fd8ff7
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
TODO
View File

@ -153,6 +153,10 @@ Features:
dont), of sd-stub and data supplied by user. Then measure sbat too in
sd-stub, explicitly.
* figure out what to do about credentials sealed to PCRs in kexec + soft-reboot
scenarios. Maybe insist sealing is done additionally against some keypair in
the TPM to which access is updated on each boot, for the next, or so?
* open up creds for uses in generators, and document clearly that encrypted
creds are only supported if strictly tpm bound, but not when using the host
secret (as that is only avilable if /var/ is around.
@ -162,6 +166,11 @@ Features:
idea, and specifically works around the fact the autofs ignores busy by mount
namespaces)
* refuse using the switch-root operation without /etc/initrd-release. Now
that we have a concept of userspace reboot, we can clearly say: switch-root
is for transitioning from initrd to host (or initrd to next initrd), while
userspace reboot is for switching host to next version of the host.
* mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.