diff --git a/TODO.md b/TODO.md
index bfc49674..c07564a6 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,10 +2,20 @@
 x11docker ToDo notes
 
 ## Work in progress
+ - --xc --user=root fails
+
+ - centralize argument checks
+ - change global "no" to ""
+ - --xc=backend
+ - --xc: Sysbox and runc both in use
+ - --pulseaudio=host: check possible tcp setup
+ 
+ - `--interactive --init=runit|openrc|sysvinit`: no job control in shell
+ - --init=openrc|runit: elogind fails
+ - check elogind with cgroupv2. maybe drop --sharecgroup and set up in container only
  
  - sommelier
- - --gpu=virgl
- - --backend=systemd-nspawn
+ - --backend=systemd-nspawn|lxc|lxd|runc
  - check empty XDG_RUNTIME_DIR e.g. with --user, --hostuser
  - --weston2-xwayland?
  
@@ -23,19 +33,15 @@ x11docker ToDo notes
    - use xauth and others from image if not available on host
    - missing: Xorg, Weston/Kwin on console, xpra-xwayland
    - --xpra-xwayland --xc: xpra client fails with keyboard error 
-
- - deprecate --sharecgroup?
  
 ## Issues to fix
  - sysbox: warning on capabilities
  - --build: download files for COPY/ADD (x11docker/check, x11docker/xserver)
- - x11docker/fvwm: openrc package broken? no `rc-update`, no dbus
  - `--remove`: give note about not removed files in `~./config/x11docker` and `/etc/x11docker`
  - `--update`: Check if installs not into `/usr/bin` or `/usr/local/bin`. Do not install other files then.
    Maybe change to $1 mode without `--`
    
 ## Checks
- - check elogind with cgroupv2
  - check all `--init=` in all backends rootful and rootless.
    - checked: 
      - rootful docker: all
@@ -46,17 +52,12 @@ x11docker ToDo notes
  - `--user`: Check in all rootless modes, maybe disallow except for `--user=root`.
  - `--user=root --home` in rootless docker and nerdctl: Set up HOME in host user ~/x11docker?
  - `--backend=podman` rootless: disallow `--home` for different `--user`.
- - `--init=systemd`: cgroupv2 support #349
 
 ## Old issues to fix
  - `--kwin-xwayland`: broken? Xwayland says: "missing wl_shell protocol". Deprecated yet.
- - `--gpu --webcam` adds user to group `video` twice.
  - docker-for-win: DOS newline mess in `error()` #219.
  - docker-for-win: Double entries in log.
  - `--install`/`--update`: first install shows entire `CHANGELOG.md`. Should only show most recent release notes.
- - replace `find` in `containerrootrc`, missing in fedora images.
- - error message window in Wayland fails: xterm: no display. x11docker should use `konsole` or `xfce4-terminal`.
- - `--env`: check escapestring results in `containerrc`, some ugly strings are not escaped well
 
 ## Nice to fix
  - `--init=systemd`: check systemd warnings on x11docker services
@@ -65,7 +66,6 @@ x11docker ToDo notes
  - `--runtime=kata-runtime`: `x11docker/lxde` needs `--init=systemd`, why? Sort of `menud` issue.
  - `--runtime=kata-runtime --nxagent`: ALT-GR works wrong.
  - `myrealpath()`: If `realpath` is missing, the path argument is returned without resolving.
- - `--interactive --init=runit|openrc|sysvinit`: no job control in shell
  - `--interactive` not possible without `winpty` in WSL and Cygwin
  - `--interactive --enforce-i` fails. Issue is subshell containershell & in main, would work without it.
  - `--group-add`: gid 101 for both possible: `messagebus` and `systemd-journal`, works nonetheless.
@@ -75,9 +75,6 @@ x11docker ToDo notes
 ## Nice to fix (images)
  - `x11docker/check`: Print several checks in terminal before running gui
  - `x11docker/fluxbox` on arch host: background can miss, sometimes no context menu. Where is the difference to other hosts?
- - `--sudouser`: `su` to root in void containers fails.
- - `elogind` in alpine: `su` does not take effect. missing policykit? pam corrupted by x11docker?
- - `elogind` in void container: loginctl is empty. ck-list-sessions, too.
 
 ## 3rd party bugs
   - `kwin_wayland` needs `CAP_SYS_RESOURCE` even if running nested
@@ -90,9 +87,7 @@ x11docker ToDo notes
   
 ## Improvements
  - `--cleanup`: avoid hardcoded paths
- - avoid losing hostexe from process tree
  - dependency wiki: Cygwin packages
- - `capsh`: replace `su` with `capsh`? (missing in alpine) But how to trigger login?
  - `x11docker/check`: palinopsia: check video RAM size with `glxinfo`, adjust requested RAM size.
  - further checks of `/etc/pam.d`
  - further checks of multimonitor behaviour
diff --git a/x11docker b/x11docker
index 0b0d1eb0..d008a0af 100755
--- a/x11docker
+++ b/x11docker
@@ -3812,7 +3812,7 @@ create_xcontainercommand() {    # option --xc: create docker command for X in co
   --pull=never \\
   --init \\
   --name $Xcontainername \\
-  --user ${Containeruseruid:-$Hostuseruid}:${Containerusergid:-$Hostusergid} \\
+  --user ${Hostuseruid}:${Hostusergid} \\
   --env HOME=/tmp \\
   --cap-drop ALL \\
   --security-opt=no-new-privileges \\
@@ -4698,6 +4698,7 @@ check_containerhome() {         # option --home: check HOME of container user.
   case "$Sharehome" in
     host)
       Containeruserhomebasefolder="/home"
+      [ "$Containeruser" = "root" ] && Containeruserhomebasefolder="/"
       # A change can break existing configs, e.g. playonlinux
 #      Containeruserhomebasefolder="/home.x11docker"
       [ "$Persistanthomevolume" = "$Containeruserhosthome" ] && {
@@ -4709,6 +4710,7 @@ check_containerhome() {         # option --home: check HOME of container user.
     no)
 #      Containeruserhomebasefolder="/home.tmp"
       Containeruserhomebasefolder="/home"
+      [ "$Containeruser" = "root" ] && Containeruserhomebasefolder="/"
     ;;
     volume)
       Containeruserhomebasefolder="/home.volume/$Persistanthomevolume"
@@ -5847,6 +5849,17 @@ done
 
 # /etc/profile.d
 "
+  case "$Initsystem" in
+    systemd|openrc|sysvinit|runit)
+      echo "
+install -m 666 /dev/null /etc/profile.d/90-x11docker-containerrc.sh
+echo '
+echo > /etc/profile.d/90-x11docker-containerrc.sh
+exec /bin/sh $(convertpath share "$Containerrc")
+' >> /etc/profile.d/90-x11docker-containerrc.sh
+"
+    ;;
+  esac
   while read Line; do
     echo "echo 'export $Line' >> /etc/profile.d/10-x11docker-env.sh"
   done <<< $(store_runoption dump env)
@@ -6132,6 +6145,11 @@ export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR
       # Check for dbus user daemon command
       echo "command -v dbus-run-session >/dev/null && Dbus=dbus-run-session || note \"Option --dbus: dbus seems to be not installed.
   Cannot run a DBus user session. Please install package dbus in image.\""
+      case "$Initsystem" in
+        systemd|sysvinit|openrc|runit)
+          echo "Dbus="
+        ;;
+      esac
     }
     echo "export DISPLAY='$Newdisplay' XAUTHORITY=$(convertpath share "$Xclientcookie")"
     case "$Xserver" in
@@ -6231,7 +6249,6 @@ Timetosaygoodbyefile=$(convertpath share "$Timetosaygoodbyefile")
     echo "
 debugnote \"cmdrc: Running container command:
   $Containerentrypoint $Containercommand\"
-note \"Container command: $Containerentrypoint $Containercommand\"
 "
     case "$Backend" in
       host|chroot)
@@ -6294,17 +6311,14 @@ chmod +x /usr/local/bin/x11docker-su
 echo \"#! /bin/sh
 # Run agetty to get a valid console.
 # Needed at least for --interactive.
-# Runs x11docker-su.
+# Runs x11docker-su or agetty with login
 # Called at different places depending on init system.
 . /usr/local/bin/x11docker-message
 debugnote 'Running x11docker-agetty'
 "
   case "$Initsystem" in
-    systemd)
+    systemd|openrc|sysvinit|runit)
       echo "
-#su \$Containeruser -c 'mkdir -p \$Containeruserhome/.config/systemd/user/default.target.wants' ### FIXME fails for unknown reasons, authentication issue
-#mkdir -p -m 777 \$Containeruserhome/.config/systemd/user/default.target.wants
-#ln -s /etc/systemd/user/x11docker-containerrc.service \$Containeruserhome/.config/systemd/user/default.target.wants/x11docker-containerrc.service
 [ -e /sbin/agetty ] && exec agetty --autologin \$Containeruser console
 " 
     ;;
@@ -6316,7 +6330,7 @@ debugnote 'Running x11docker-agetty'
   esac
   echo "
 debugnote 'x11docker-agetty: agetty not found.'
-note '/sbin/agetty not found. Startup can fail.
+note '/sbin/agetty not found. Startup can fail, --interactive can misbehave.
   Please install package util-linux in image.'
 exec /usr/local/bin/x11docker-su
 \" >/usr/local/bin/x11docker-agetty
@@ -6526,7 +6540,7 @@ rootrc_prepare_init_openrc() {
   echo "
 # --init=openrc
 
-# Tell openrc that it runs in docker container
+# Tell openrc that it runs in a container
 sed -e 's/#rc_sys=\"\"/rc_sys=\"$Backend\"/g' -i /etc/rc.conf
 
 # Create and enable x11docker service containing container command
@@ -6536,7 +6550,7 @@ depend() {
   after *
 }
 start() {
-  ebegin 'Starting containerrc'
+  ebegin 'Starting x11docker-agetty'
   /usr/local/bin/x11docker-agetty
   openrc-shutdown --poweroff 0
   shutdown 0
@@ -6545,12 +6559,11 @@ start() {
   eend \$?
 }
 \" > /etc/init.d/x11docker.service
-
 chmod +x /etc/init.d/x11docker.service
 rc-update add x11docker.service default
 
 # DBus service
-echo '#!/sbin/openrc-run
+[ -e /etc/init.d/dbus ] || echo '#!/sbin/openrc-run
 start() {
   ebegin \"Starting D-BUS system messagebus\"
   /usr/bin/dbus-uuidgen --ensure=/etc/machine-id
@@ -6582,6 +6595,7 @@ rc-update add dbus default
 rootrc_prepare_init_runit() {
   echo "
 # --init=runit
+
 # create and enable x11docker service containing container command
 mkdir -p /etc/sv/x11docker
 mkdir -p /etc/runit/runsvdir/default
@@ -6678,8 +6692,6 @@ rootrc_prepare_init_systemd() {
   echo "
 # --init=systemd
 
-echo '/bin/sh $(convertpath share "$Containerrc")' > /etc/profile.d/90-x11docker-containerrc.sh
-
 # remove failing and annoying services
 Unservicelist='
 apt-daily.service