Features:
+* Add timeout to early-boot, and shut down the system if it is hit. Solves the laptop-in-bag problem and is useful for embedded cases
+
+* sd-resolve: add callback api
+
+* ImmutableSystem=yes/no or so to mount /usr, /boot read-only/invisible, and leave /var and /etc writable
+
+* InaccessibleHome=yes/no or so to hide /home and /run/user from a service
+
+* Run most system services with cgroupfs read-only and procfs with a more secure mode
+
+* sd-event: generate a failure of a default event loop is executed out-of-thread
+
* add "M" as recursive version of "m" to tmpfiles, then use it for
chowning /run/log/journal (but not /var/log/journal), so that we
adjust the perms of journal files created before tmpfiles ran.
* "busctl status" works only as root on dbus1, since we cannot read
/proc/$PID/exe
-* systemctl: support --recursive for list-sockets, list-timers,
- ... too, not just for list-units.
-
* implement Distribute= in socket units to allow running multiple
service instances processing the listening socket, and open this up
for ReusePort=
ReadOnlyDirectories=... for whitelisting files for a service.
* sd-bus:
+ - make AddMatch calls on dbus1 transports async
- when kdbus doesn't take our message without memfds, try again with memfds
- systemd-bus-proxyd needs to enforce good old XML policy
- port exit-on-idle logic to byebye ioctl