Hi, On 07/31/2014 11:42, [email protected] wrote: > the attached unit file has NoNewPrivileges set to "yes", which, > according to systemd.exec(5), "prohibits UID changes of any kind". > > However, the tor daemon it starts successfully manages to change its > UID to debian-tor, as configured with "User debian-tor" in > /usr/share/tor/tor-service-defaults-torrc: [...] > Did I misunderstand the documentation, or is the doc wrong, or is > there a bug somewhere?
It works as intended, but the documentation might be a bit misleading. NoNewPrivileges only affects the exec syscall which will no longer grant any new privileges, including no longer switching uid for suid binaries. It does *not* take away the CAP_SETUID or any other capabilities the process already has. See also man:prctl(2) and Documentation/prctl/no_new_privs.txt in the Linux kernel documentation. Ansgar _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
