* Check all invocations of access() and consider turning them into laccess()
-* "machinectl start/enable/disable foo" as aliases for "systemctl start/enable/disable systemd-nspawn@foo.service"
-
* "machinectl history"
* "machinectl diff"
* nspawn:
- bind mount read-only the cgroup tree higher than nspawn
- refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
- - introduce machines.target to order after all nspawn instances
- - systemd-nspawn@.service should fail if some nspawn arg is invalid, with Type=notify
- - PID 1 doesn't apply nspawns devices cgroup policy
* cryptsetup:
- cryptsetup-generator: allow specification of passwords in crypttab itself