From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 May 2020 17:58:26 +0000 (+0200)
Subject: update TODO
X-Git-Tag: v246-rc1~328
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d08a6ec39c2cb786bbf8ba2a8d480ada2973ad59;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index e499456e591..ee50452d040 100644
--- a/TODO
+++ b/TODO
@@ -22,6 +22,12 @@ Janitorial Clean-ups:
 
 Features:
 
+* machined: add API to acquire UID range. add API to mount/dissect loopback
+  file. Both protected by PK. Then make nspawn use these APIs to run
+  unprivileged containers. i.e. push the truly privileged bits into machined,
+  so that the client side can remain entirely unprivileged, with SUID or
+  anything like that.
+
 * add "throttling" to sd-event event sources: optionally, when we wake up too
   often for one, let's turn it off entirely for a while. Use that for the
   /proc/self/mountinfo logic.