- nspawn: --read-only is not applied recursively to submounts
- bind mount read-only the cgroup tree higher than nspawn
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters
- refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
- support taking a btrfs snapshot at startup and dropping it afterwards
- maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"
- nspawn: --read-only is not applied recursively to submounts
- bind mount read-only the cgroup tree higher than nspawn
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters
- refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
- support taking a btrfs snapshot at startup and dropping it afterwards
- maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"