diff options
author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-06-02 19:13:05 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-06-02 19:13:28 +0100 |
commit | 88511a3712bcf8c1922ef21abc9e18798e61a80e (patch) | |
tree | e54d713fbe3a0bbd0622553034fa8cf74cfa6baf /TODO | |
parent | e91035abf0555e0ca85d24a1e02a32063728d9e6 (diff) | |
download | systemd-88511a3712bcf8c1922ef21abc9e18798e61a80e.tar.gz |
TODO: mention the new Landlock LSM as a way to implement sandboxing for systemd --user
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -858,6 +858,9 @@ Features: on PID 1 with the relevant signals, and makes relevant files in /sys and /proc (such as the sysrq stuff) unavailable +* Support ReadWritePaths/ReadOnlyPaths/InaccessiblePaths in systemd --user instances + via the new unprivileged Landlock LSM (https://landlock.io) + * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates |