ReadOnlyDirectories=... for whitelisting files for a service.
* libsystemd-bus:
- - default policy (allow uid == 0 and our own uid)
- - access policy as vtable flag
- when kdbus doesn't take our message without memfds, try again with memfds
- implement translator service
- implement monitor logic
* test/:
- add 'set -e' to scripts in test/
- make stuff in test/ work with separate output dir
- - qemu wrapper script: http://www.spinics.net/lists/kvm/msg72389.html
* systemctl delete x.snapshot leaves no trace in logs (at least at default level).