Features:
+* nspawn: if /var/log/journal/<container machine id> exists in both
+ the container and the host mount one to the other so that the
+ containers logs are stored and visible on the host.
+
* syscall filter: add knowledge about compat syscalls
+* syscall filter: don't enforce no new privs?
+
+* syscall filter: option to return EPERM rather than SIGSYS?
+
* logind: wakelock/opportunistic suspend support
* switch-root: sockets need relabelling