]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 6e619d6 0316fb8)
core: add 'DefaultRestrictSUIDSGID' config option (#38126)
authorYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 10 Jul 2025 04:30:07 +0000 (13:30 +0900)
committerGitHub <noreply@github.com>
Thu, 10 Jul 2025 04:30:07 +0000 (13:30 +0900)
commit1cf5b39d64e980add79ff1b088088bbf4dc45817
tree09eeb41ebb8ed2658d546ba0f870847636564f31tree | snapshot
parent6e619d6c8d9d542f7f9a6d488fe6a85ea80896e4commit | diff
parent0316fb8219bef47a90db3eb8363251f8391d96cdcommit | diff
core: add 'DefaultRestrictSUIDSGID' config option (#38126)

closes #37602, see there for extra motivation and considered
alternatives.

On typical systems, only few services need to create SUID/SGID files.
This often is limited to the user explicitly setting suid/sgid, the
`systemd-tmpfiles*` services, and the package manager. Allowing a
default to globally restrict creation of suid/sgid files makes it easier
to apply this restriction precisely.

## testing done
- built on aarch64-linux and x86_64-linux
- ran a VM test on x86_64-linux, checking for:
    - VM system boots successfully
    - defaults apply (both `yes`, `no`, and undefined)
    - systemd tmpfiles can set suid/sgid on journal log path
- Other services explicitly defining `RestrictSUIDSGID=no` can create
suid files
man/org.freedesktop.systemd1.xml diff1 | diff2 | blob | history
man/systemd.exec.xml diff1 | diff2 | blob | history
Unnamed repository; edit this file 'description' to name the repository.