Michal Sekletar fb56da5b6e coredump: drop RestrictSUIDSGID= option (#38640) ...

systemd-coredump sandbox already has ProtectSystem=strict hence all non
API filesystems are made read-only, thus RestrictSUIDSGID= doesn't buy
us much.

On top of that systemd-coredump's EnterNamespace= feature requires
openat2() to work correctly and that is implicitly blocked by
RestrictSUIDSGID=.

Follow-up for 8f8148cb08

2025-08-20 11:42:30 +01:00

1.1 KiB

Raw Permalink Blame History

View Raw