From c1c4ecd356228319a4ac9d5573ebc1d03561d5a0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 14 Mar 2023 22:36:14 +0100
Subject: update TODO

---
 TODO | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'TODO')

diff --git a/TODO b/TODO
index 42334537e5..fd7c348f9a 100644
--- a/TODO
+++ b/TODO
@@ -129,6 +129,11 @@ Deprecations and removals:
 
 Features:
 
+* mount /tmp/ and /var/tmp with a uidmap applied that blocks out "nobody" user
+  among other things such as dynamic uid ranges for containers and so on. That
+  way noone can create files there with these uids and we enforce they are only
+  used transiently, never persistently.
+
 * set MS_NOSYMFOLLOW for ESP and XBOOTLDR mounts both in gpt-generator and in
   dissect.c
 
-- 
cgit v1.2.1