On Monday, August 28, 2017 11:51:12 AM CEST Pádraig Brady wrote: > On 29/09/16 08:15, Bernhard Voelker wrote: > > On 09/26/2016 05:53 PM, Paul Eggert wrote: > >>> "I don't think we need to fix this for runcon, as it isn't as > >>> sandboxing tool like sandbox, and the loss of job control would likely > >>> be much more noticeable for runcon." > >> > >> Thanks, closing the debbugs bug report. > > > > FWIW Karel just committed a workaround for su/runuser in util-linux > > using libseccomp: > > > > https://github.com/karelzak/util-linux/commit/8e492501
Note that the above mentioned commit was reverted long time ago: https://github.com/karelzak/util-linux/commit/23f75093 Kamil > I think this issue is worth addressing with libseccomp. > That lib is a widely used dependency on SELinux systems > so not a significant dependency to add. > The attached uses libseccomp if available, > and falls back to using setsid() in the edge cases where not. > > cheers, > Pádraig