From d08a6ec39c2cb786bbf8ba2a8d480ada2973ad59 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 May 2020 19:58:26 +0200
Subject: [PATCH] update TODO

---
 TODO | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/TODO b/TODO
index e499456e59..ee50452d04 100644
--- a/TODO
+++ b/TODO
@@ -22,6 +22,12 @@ Janitorial Clean-ups:
 
 Features:
 
+* machined: add API to acquire UID range. add API to mount/dissect loopback
+  file. Both protected by PK. Then make nspawn use these APIs to run
+  unprivileged containers. i.e. push the truly privileged bits into machined,
+  so that the client side can remain entirely unprivileged, with SUID or
+  anything like that.
+
 * add "throttling" to sd-event event sources: optionally, when we wake up too
   often for one, let's turn it off entirely for a while. Use that for the
   /proc/self/mountinfo logic.