mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 16:37:19 +09:00
24832d10b6
Until now, using any form of seccomp while being unprivileged (User=) resulted in systemd enabling no_new_privs. There's no need for doing this because: * We trust the filters we apply * If User= is set and a process wants to apply a new seccomp filter, it will need to set no_new_privs itself An example of application that might want seccomp + !no_new_privs is a program that wants to run as an unprivileged user but uses file capabilities to start a web server on a privileged port while benefitting from a restrictive seccomp profile. We now keep the privileges needed to do seccomp before calling enforce_user() and drop them after the seccomp filters are applied. If the syscall filter doesn't allow the needed syscalls to drop the privileges, we keep the previous behavior by enabling no_new_privs.
3.1 KiB
3.1 KiB