- nspawn: maybe add a way to drop additional caps, in addition to add additional caps
- nspawn: maybe explicitly reset loginuid?
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
+ - refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
* cryptsetup:
- cryptsetup-generator: allow specification of passwords in crypttab itself