From 7e7a9f9c8b7b237047a5e0837da72efc21022b5a Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Thu, 27 Jan 2022 10:39:47 +0100
Subject: [PATCH] NEWS: mention temporary limitations for running containers in
 systemd-homed directories

---
 NEWS | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/NEWS b/NEWS
index 33bdbfe0a4..606b4714c1 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,19 @@ CHANGES WITH 251:
         * Services with Restart=always and a failing ExecCondition= will no longer
           be restarted, to bring ExecCondition= in line with Condition*= settings.
 
+        * In v250 systemd-homed started making use of UID mapped mounts for the
+          home areas if the kernel and used file system support it. Files are
+          now internally owned by the "nobody" user (i.e. the user typically
+          used for indicating "this ownership is not mapped"), and dynamically
+          mapped to the UID used locally on the system via the UID mapping
+          mount logic of recent kernels.
+          In the current implementation systemd-homed only maps a limited
+          number of UIDs and GIDs making it impossible to run unprivileged
+          containers that want to map a full POSIX compliant UID and GID range
+          with their rootfs located within the systemd-homed managed home area.
+          This will be fixed in subsequent releases. See
+          https://github.com/systemd/systemd/pull/22239 for a proposal.
+
 CHANGES WITH 250:
 
         * Support for encrypted and authenticated credentials has been added.
-- 
2.25.1