* bootctl,sd-boot: actually honour the "architecture" key
-* set memory.oom.group in cgroup v2 for all leaf cgroups (kernel v4.19+)
-
* add a new syscall group "@esoteric" for more esoteric stuff such as bpf() and
usefaultd() and make systemd-analyze check for it.
first. i.e. look for all places we use string_erase()/string_free_erase() and
augment them with mlock(). Also use MADV_DONTDUMP
-* whenever oom_kill memory.event event is triggered print a nice log message
-
* Move RestrictAddressFamily= to the new cgroup create socket
* support the bind/connect/sendmsg cgroup stuff for sandboxing, and possibly