-* BGPROCESS services:
- - document security issue if pid file is not correctly protected (via access
- rights/ownership).
- - consider using ptrace to attach to process (if not a direct child - which we can
- check with a probe waitpid() call); this allows us to get status of non-child
- processes. Probably need dasynq changes.
- - currently we break if the process is not a child; we'll never see it die. Even
- if we don't attach with ptrace, we should waitpid()-probe it at stop (and then
- potentially assume it's exited if we can't otherwise check).
+For version 0.6.0:
+------------------
+* Refuse to start new services during shutdown.
+* On service failure (all services stop when no restart issued), allow user to interrupt/ctrl+alt+del when
+ they are prompted to press enter, to allow halt/rebooting instead of re-launching the boot service.
+* Basic resource limits setting.
+* per-service environment.
-* libev replacement:
- - We've replaced libev, so that we don't abort on failure. But now exceptions
- can be thrown when we register an event watch - need to handle these.
- - Control socket handling needs to be reworked.
- - Service I/O / child process waits need to be audited.
-
-* Long-running "on console" services will back up the circular log buffer.
- The buffer should just be flushed instead.
-* When a PROCESS service process dies, and smooth_recovery is false, probably
- need to force-stop dependents even if the process itself was stopped
- deliberately.
-* Complete control socket handling and protocol
- - support for pinned-start and pinned-stop
- - support for listing all services
-* Implement a control utility to start/stop services after dinit has started
- - very basic version exists, needs thorough cleanup
+For version 0.7.0:
+------------------
+? Not decided yet.
For version 1.0:
----------------
-* Log messages need to be duplicated to file (or to a logging process) once the
- file system comes up read/write.
+* "triggered" service type: external process notifies Dinit when the service
+ has started. (maybe?)
+* on shutdown, after repeated intervals with no activity, display information
+ about services we are waiting on (or, do this when prompted via ^C or C-A-D).
+* Documentation must be complete (see section below).
+* Proper support for socket activation?
+* Be able to boot and shutdown Linux and FreeBSD.
+
+For later:
+----------
+* On linux when running with PID != 1, write PID to /proc/sys/kernel/cad_pid so
+ that we still receive SIGINT from ctrl+alt+del (must be done after /proc is
+ mounted, possibly could be left to a service script)
* Perhaps need a way to prevent script services from re-starting.
(eg there's no need to mount filesystems twice; there might be various other
system initialisations that can't or shouldn't really be "undone" and so do
not need to be re-done).
-* Documentation including sample service definitions
-* Better error handling, logging of errors (largely done, still some patches
- of code where it may be missing).
-* Write wtmp entry on startup (see simpleinit)
-* Allow running services as a different UID
-* On linux when running with PID != 1, write PID to /proc/sys/kernel/cad_pid so
- that we still receive SIGINT from ctrl+alt+del (must be done after /proc is
- mounted, possibly could be left to a service script)
-
-For later:
* Internationalisation
* A service can prevent shutdown/reboot by failing to stop. Maybe make
multiple CTRL-ALT-DEL presses (or ^C since that's more portable) commence
immediate shutdown (or launch a simple control interface).
-* Interruptible scripted services - where it's ok to terminate the start
- script with a signal (and return the service to the STOPPED state). So a long-
- running filesystem check, for instance, need not hold up shutdown.
* When we take down a service or tty session, it would be ideal if we could kill
- the whole process tree, not just the leader process.
-* Investigate using cn_proc netlink connector (cn_proc.h) to receive process
- termination events even when running with PID != 1 (Linux only).
- Also, there is the possibility of having a small, simple PID-1 init which
- sends terminated process IDs over a pipe to Dinit. Finally, it may be possible
- to run dinit (and subprocesses) in a new PID namespace (again linux-only).
+ the whole process tree, not just the leader process (need cgroups or pid
+ namespace or other mechanism).
* Allow logging tasks to memory (growing or circular buffer) and later
switching to disk logging (allows for filesystem mounted readonly on boot).
But perhaps this really the responsibility of another daemon.
-* Rate control on process respawn
* Allow running services with different resource limits, chroot, cgroups,
namespaces (pid/fs/uid), etc
-* Make default control socket location build-time configurable
-* Allow specifying a timeout for killing services; if they don't die within
- the timeout (after a TERM) then hit them with a KILL.
+* Support chaining service output to another process (logger) input; if the
+ service dies the file descriptor of its stdout isn't closed and is reassigned
+ when the service is restarted, so that minimal output is lost.
+ - even more, it would be nice if a single logger process could be responsible
+ for receiving output from multiple services. This would require some kind of
+ protocol for passing new output descriptors to the logger (for when a
+ service starts).
Even later / Maybe never:
+-------------------------
* Support recognising /etc/init.d services automatically (as script services, with
no dependency management - or upstart compatible dependency management)
Also BSD's rc.d style scripts (PROVIDE, REQUIRE).
Documentation:
+--------------
* Design philosophy/rationale document
* Coding style guidelines
projects / oweals / dinit.git / blobdiff