Fix (remove) noexcept specification for init_log().

[oweals/dinit.git] / TODO

* BGPROCESS services:
  - document security issue if pid file is not correctly protected (via access
    rights/ownership).
  - consider using ptrace to attach to process (if not a direct child - which we can
    check with a probe waitpid() call); this allows us to get status of non-child
    processes. Probably need dasynq changes.
  - currently we break if the process is not a child; we'll never see it die. Even
    if we don't attach with ptrace, we should waitpid()-probe it at stop (and then
    potentially assume it's exited if we can't otherwise check).

* libev replacement:
  - We've replaced libev, so that we don't abort on failure. But now exceptions
    can be thrown when we register an event watch - need to handle these.
  - Control socket handling needs to be reworked.
  - Service I/O / child process waits need to be audited.

* Long-running "on console" services will back up the circular log buffer.
  The buffer should just be flushed instead.
* When a PROCESS service process dies, and smooth_recovery is false, probably
  need to force-stop dependents even if the process itself was stopped
  deliberately.
* Complete control socket handling and protocol
  - support for pinned-start and pinned-stop
  - support for listing all services
* Implement a control utility to start/stop services after dinit has started
  - very basic version exists, needs thorough cleanup

For version 1.0:
----------------
* Log messages need to be duplicated to file (or to a logging process) once the
  file system comes up read/write.
* Perhaps need a way to prevent script services from re-starting.
  (eg there's no need to mount filesystems twice; there might be various other
   system initialisations that can't or shouldn't really be "undone" and so do
   not need to be re-done).
* Documentation including sample service definitions
* Better error handling, logging of errors (largely done, still some patches
  of code where it may be missing).
* Write wtmp entry on startup (see simpleinit)
* Allow running services as a different UID
* On linux when running with PID != 1, write PID to /proc/sys/kernel/cad_pid so
  that we still receive SIGINT from ctrl+alt+del (must be done after /proc is
  mounted, possibly could be left to a service script)

For later:
* Internationalisation
* A service can prevent shutdown/reboot by failing to stop. Maybe make
  multiple CTRL-ALT-DEL presses (or ^C since that's more portable) commence
  immediate shutdown (or launch a simple control interface).
* Interruptible scripted services - where it's ok to terminate the start
  script with a signal (and return the service to the STOPPED state). So a long-
  running filesystem check, for instance, need not hold up shutdown.
* When we take down a service or tty session, it would be ideal if we could kill
  the whole process tree, not just the leader process.
* Investigate using cn_proc netlink connector (cn_proc.h) to receive process
  termination events even when running with PID != 1 (Linux only).
  Also, there is the possibility of having a small, simple PID-1 init which
  sends terminated process IDs over a pipe to Dinit. Finally, it may be possible
  to run dinit (and subprocesses) in a new PID namespace (again linux-only).
* Allow logging tasks to memory (growing or circular buffer) and later
  switching to disk logging (allows for filesystem mounted readonly on boot).
  But perhaps this really the responsibility of another daemon.
* Rate control on process respawn
* Allow running services with different resource limits, chroot, cgroups,
  namespaces (pid/fs/uid), etc
* Make default control socket location build-time configurable
* Allow specifying a timeout for killing services; if they don't die within
  the timeout (after a TERM) then hit them with a KILL.

Even later / Maybe never:
* Support recognising /etc/init.d services automatically (as script services, with
  no dependency management - or upstart compatible dependency management)
  Also BSD's rc.d style scripts (PROVIDE, REQUIRE).
* Place some reasonable, soft limit on the number of services to be started
  simultaneously, to prevent thrashing. Services that are taking a long time
  to start don't count to the limit. Maybe use CPU/IO usage as a controlling
  factor.
* Cron-like tasks (if started, they run a sub-task periodically. Stopping the
  task will wait until the sub-task is complete). 
* Allow to run services attached to virtual tty, allow connection to that tty (ala "screen").
* SystemD-like handling of filesystem mounts (see autofs documentation in kernel)
  i.e. a mount point gets an autofs attached, and lazily gets mounted when accessed
  (or is mounted in parallel). Probably put the functionality in a separate daemon.


Documentation:
* Design philosophy/rationale document
* Coding style guidelines

* What's the best TERM setting? gogetty gives me "linux" but I think other variants may be
  better (eg "linux-c").

* Figure out the ConsoleKit/logind / PolicyKit mess & how dinit needs to fit into it.
  * Consolekit/logind tracks "sessions". Provides a mechanism to mark a session starting,
    associates processes with sessions, provides calls to terminate sessions etc (why?!!)
    Can use environment variable or cgroups to track processes in a session.
    A PAM module exists to create/destroy sessions.
  * Consolekit/logind also allows for requesting shutdown, reboot, and inhibiting reboot
    (via dbus API).
  * "seats" are a set of input/output hardware (mouse/keyboard/monitor) on which a session
    can be run. You can have multiple sessions on a seat - one is in the foreground
    (eg linux virtual ttys implement multiple sessions on a single seat).
    Sessions can run without a seat (eg ssh session).