mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 10:13:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Lennart Poettering 2024-10-30 09:06:33 +01:00
parent 5c11f6e0a9
commit c79d38d412
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
TODO
View File

@ -129,6 +129,17 @@ Deprecations and removals:
Features:
* system lsmbpf policy that prohibits creating files owned by "nobody"
system-wide
* system lsmpbf policy that prohibits creating or opening device nodes outside
of devtmpfs/tmpfs, except if they are the pseudo-devices /dev/null,
/dev/zero, /dev/urandom and so on.
* system lsmbpf policy that enforces that block device backed mounts may only
be established on top of dm-crypt or dm-verity devices, or an allowlist of
file systems (which should probably include vfat, for compat with the ESP)
* $LISTEN_PID, $MAINPID and $SYSTEMD_EXECPID env vars that the service manager
sets should be augmented with $LISTEN_PIDFDID, $MAINPIDFDID and
$SYSTEMD_EXECPIDFD (and similar for other env vars we might send).