TODO

@@ -22,24 +22,8 @@ Janitorial Clean-ups:
 
 Features:
 
-* nspawn: default to 1:1 userns
-
-* Provide a reasonably bespoke solution for mounting host $HOME directories
-  into containers:
-  • add new option --mount-user=$USER for mounting $HOME of the user into the
-    container at the same place
-  • check /etc/passwd for UID or user name clashes. If UID clash pick a different
-    UID in container, and map via userns. If user name clash, refuse. If
-    matching user already exists use that.
-  • otherwise: write user record of specified user into /run/host/passwd or so
-  • in nss-systemd pick up user record from there and make available to system
-  With all that in place if nspawn host and container payload are up-to-date
-  enough we have a very simple way to make host users available in containers.
-
 * systemd-sysusers: pick up passwords from credentials logic, so that users can
-  easily set root user pw. enable cred inheriting for root user from PID 1, so
+  easily set root user pw
-  that for containers we can configure the root pw automatically via nspawn's
-  --set-credential= switch. (Also do this for systemd-firstboot)
 
 * whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
   reception limit the kernel silently enforces.

rules.d/50-udev-default.rules.in

@@ -39,8 +39,6 @@ SUBSYSTEM=="cec", GROUP="video"
 SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@"
 SUBSYSTEM=="kfd", GROUP="render", MODE="@GROUP_RENDER_MODE@"
 
-SUBSYSTEM=="misc", KERNEL=="sgx_enclave", GROUP="sgx", MODE="0660"
-
 # When using static_node= with non-default permissions, also update
 # tmpfiles.d/static-nodes-permissions.conf.in to keep permissions synchronized.
 

sysusers.d/basic.conf.in

@@ -31,7 +31,6 @@ g input   -     -            -
 g kvm     -     -            -
 g lp      -     -            -
 g render  -     -            -
-g sgx     -     -            -
 g tape    -     -            -
 g video   -     -            -