From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 16 Jan 2026 20:23:11 +0000 (+0100)
Subject: tree-wide: Allow running capsules as any user
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d388536ee51bb7a4ae33326a3d20cbe72c77744;p=thirdparty%2Fsystemd.git

tree-wide: Allow running capsules as any user

For many use cases DynamicUser= just doesn't cut it. Specifically lots
of stuff wants to run as root. Let's support this use case by relaxing
our checks for capsules a bit.
---

diff --git a/src/run/run.c b/src/run/run.c
index 3d72d7b4c34..04e643b209c 100644
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -61,7 +61,6 @@
 #include "strv.h"
 #include "terminal-util.h"
 #include "time-util.h"
-#include "uid-classification.h"
 #include "unit-def.h"
 #include "unit-name.h"
 #include "user-util.h"
@@ -2248,9 +2247,6 @@ static int fchown_to_capsule(int fd, const char *capsule) {
         if (r < 0)
                 return r;
 
-        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid)) /* paranoid safety check */
-                return -EPERM;
-
         return fchmod_and_chown(fd, 0600, st.st_uid, st.st_gid);
 }
 
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index c8d4c47f731..444c4df0fb4 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -35,7 +35,6 @@
 #include "string-util.h"
 #include "strv.h"
 #include "time-util.h"
-#include "uid-classification.h"
 
 static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *reterr_error) {
         sd_event *e = ASSERT_PTR(userdata);
@@ -316,7 +315,7 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
         if (!p)
                 return -ENOMEM;
 
-        /* We enter territory owned by the user, hence let's be paranoid about symlinks and ownership */
+        /* We enter territory owned by the user, hence let's be paranoid about symlinks */
         r = chase(p, /* root= */ NULL, CHASE_SAFE|CHASE_PROHIBIT_SYMLINKS, /* ret_path= */ NULL, &inode_fd);
         if (r < 0)
                 return r;
@@ -324,10 +323,6 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
         if (fstat(inode_fd, &st) < 0)
                 return negative_errno();
 
-        /* Paranoid safety check */
-        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid))
-                return -EPERM;
-
         *ret_uid = st.st_uid;
         *ret_gid = st.st_gid;