diff --git a/TODO b/TODO index 805aba6cca..51a18295f4 100644 --- a/TODO +++ b/TODO @@ -22,8 +22,24 @@ Janitorial Clean-ups: Features: +* nspawn: default to 1:1 userns + +* Provide a reasonably bespoke solution for mounting host $HOME directories + into containers: + • add new option --mount-user=$USER for mounting $HOME of the user into the + container at the same place + • check /etc/passwd for UID or user name clashes. If UID clash pick a different + UID in container, and map via userns. If user name clash, refuse. If + matching user already exists use that. + • otherwise: write user record of specified user into /run/host/passwd or so + • in nss-systemd pick up user record from there and make available to system + With all that in place if nspawn host and container payload are up-to-date + enough we have a very simple way to make host users available in containers. + * systemd-sysusers: pick up passwords from credentials logic, so that users can - easily set root user pw + easily set root user pw. enable cred inheriting for root user from PID 1, so + that for containers we can configure the root pw automatically via nspawn's + --set-credential= switch. (Also do this for systemd-firstboot) * whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the reception limit the kernel silently enforces.