]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 88fce09) | patch
coredump: drop RestrictSUIDSGID= option (#38640)
authorMichal Sekletar <msekletar@users.noreply.github.com>
Wed, 20 Aug 2025 10:42:30 +0000 (12:42 +0200)
committerGitHub <noreply@github.com>
Wed, 20 Aug 2025 10:42:30 +0000 (11:42 +0100)
commitfb56da5b6eb80f4400ea7241fa98d90d245d7fde
treed8a03a9af0784bba774b87652344c8e63ae3ff50tree | snapshot
parent88fce090263ba8944cf491346eae2e8022dfd88dcommit | diff
coredump: drop RestrictSUIDSGID= option (#38640)

systemd-coredump sandbox already has ProtectSystem=strict hence all non
API filesystems are made read-only, thus RestrictSUIDSGID= doesn't buy
us much.

On top of that systemd-coredump's EnterNamespace= feature requires
openat2() to work correctly and that is implicitly blocked by
RestrictSUIDSGID=.

Follow-up for 8f8148cb08bf9f2c0e1f7fe6a5e6eb383115957b
units/systemd-coredump@.service.in diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.