mirror of
https://github.com/morgan9e/systemd
synced 2026-04-15 00:47:10 +09:00
update TODO
This commit is contained in:
Lennart Poettering
6
TODO
6
TODO
@@ -121,6 +121,12 @@ Deprecations and removals:
|
||||
|
||||
Features:
|
||||
|
||||
* maybe prohibit setuid() to the nobody user, to lock things down, via seccomp.
|
||||
the nobody is not a user any code should run under, ever, as that user would
|
||||
possibly get a lot of access to resources it really shouldn't be getting
|
||||
access to due to the userns + nfs semantics of the user. Alternatively: use
|
||||
the seccomp log action, and allow it.
|
||||
|
||||
* sd-boot: add a new PE section .bls or so that carries a cpio with additional
|
||||
boot loader entries (both type1 and type2). Then when initializing, find this
|
||||
section, iterate through it and populate menu with it. cpio is simple enough
|
||||
|
||||
Reference in New Issue
Block a user