From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 14 Mar 2023 21:36:14 +0000 (+0100)
Subject: update TODO
X-Git-Tag: v254-rc1~1030
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c1c4ecd356228319a4ac9d5573ebc1d03561d5a0;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index 42334537e52..fd7c348f9a1 100644
--- a/TODO
+++ b/TODO
@@ -129,6 +129,11 @@ Deprecations and removals:
 
 Features:
 
+* mount /tmp/ and /var/tmp with a uidmap applied that blocks out "nobody" user
+  among other things such as dynamic uid ranges for containers and so on. That
+  way noone can create files there with these uids and we enforce they are only
+  used transiently, never persistently.
+
 * set MS_NOSYMFOLLOW for ESP and XBOOTLDR mounts both in gpt-generator and in
   dissect.c