update TODO

1 files changed, 17 insertions, 1 deletions

diff --git a/TODO b/TODO
index 805aba6cca..51a18295f4 100644
--- a/TODO
+++ b/TODO
@@ -22,8 +22,24 @@ Janitorial Clean-ups:
 
 Features:
 
+* nspawn: default to 1:1 userns
+
+* Provide a reasonably bespoke solution for mounting host $HOME directories
+  into containers:
+  • add new option --mount-user=$USER for mounting $HOME of the user into the
+    container at the same place
+  • check /etc/passwd for UID or user name clashes. If UID clash pick a different
+    UID in container, and map via userns. If user name clash, refuse. If
+    matching user already exists use that.
+  • otherwise: write user record of specified user into /run/host/passwd or so
+  • in nss-systemd pick up user record from there and make available to system
+  With all that in place if nspawn host and container payload are up-to-date
+  enough we have a very simple way to make host users available in containers.
+
 * systemd-sysusers: pick up passwords from credentials logic, so that users can
-  easily set root user pw
+  easily set root user pw. enable cred inheriting for root user from PID 1, so
+  that for containers we can configure the root pw automatically via nspawn's
+  --set-credential= switch. (Also do this for systemd-firstboot)
 
 * whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
   reception limit the kernel silently enforces.