From: Yu Watanabe Date: Wed, 19 Mar 2025 21:28:18 +0000 (+0900) Subject: core: Make DelegateNamespaces= work for user managers with CAP_SYS_ADMIN (#36771) X-Git-Tag: v258-rc1~1041 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=db4b4e0cd364ec58db72f3f2fb992b2ce8244b3b;p=thirdparty%2Fsystemd.git core: Make DelegateNamespaces= work for user managers with CAP_SYS_ADMIN (#36771) Currently DelegateNamespaces= only works for services spawned by the system manager. User managers will always unshare the user namespace first even if they're running with CAP_SYS_ADMIN. Let's add support for DelegateNamespaces= for user managers if they're running with CAP_SYS_ADMIN. By default, we'll still delegate all namespaces for user managers, but this can now be overridden by explicitly passing DelegateNamespaces=. If a user manager is running without CAP_SYS_ADMIN, the user manager is still always unshared first just like before. --- db4b4e0cd364ec58db72f3f2fb992b2ce8244b3b