tree-wide: remove support for kernels lacking ambient caps

Let's bump the kernel baseline a bit to 4.3 and thus require ambient caps. This allows us to remove support for a variety of special casing, most importantly the ExecStart=!! hack.
2026-04-15 00:47:10 +09:00 · 2024-12-12 13:42:12 +01:00
parent 96ec3911f3
commit 00a415fc8f
18 changed files with 70 additions and 134 deletions
--- a/7
+++ b/7
@@ -29,8 +29,7 @@ LICENSE:
        LGPL-2.1-or-later for all code, exceptions noted in LICENSES/README.md

 REQUIREMENTS:
-        Linux kernel ≥ 3.15
-                     ≥ 4.3 for ambient capabilities
+        Linux kernel ≥ 4.3
                     ≥ 4.5 for pids controller in cgroup v2
                     ≥ 4.6 for cgroup namespaces
                     ≥ 4.9 for RENAME_NOREPLACE support in vfat
@@ -42,9 +41,9 @@ REQUIREMENTS:
                     ≥ 5.4 for pidfd and signed Verity images
                     ≥ 5.7 for CLONE_INTO_CGROUP, BPF links and the BPF LSM hook

-        ⛔ Kernel versions below 3.15 ("minimum baseline") are not supported at
+        ⛔ Kernel versions below 4.3 ("minimum baseline") are not supported at
        all, and are missing required functionality (e.g. CLOCK_BOOTTIME
-        support for timerfd_create()).
+        support for timerfd_create() or ambient capabilities).

        ⚠️ Kernel versions below 5.4 ("recommended baseline") have significant
        gaps in functionality and are not recommended for use with this version