Hi,
> Just add the capability to the service unit file.
Sure, I can do that.
My doubts are not about how to do it, but whether it is a good idea.
CAP_SYS_ADMIN is a rather huge pile of capabilities, and certainly there is a
reason userdbd runs with a very constrained set now?
-nik
On Di, 29.11.22 11:50, Dominik George (n...@naturalnet.de) wrote:
> Hi,
>
> > in theory, I have implemented that now […]
>
> In practice now, as well:
>
> https://github.com/systemd/systemd/pull/25556
>
> However, something kicked back here a bit… systemd-userdbd drops all
> capabilities, and
Hi,
> in theory, I have implemented that now […]
In practice now, as well:
https://github.com/systemd/systemd/pull/25556
However, something kicked back here a bit… systemd-userdbd drops all
capabilities, and sending SO_PASSCRED requires CAP_SYS_ADMIN…
What do we do about that?
Cheers,
Nik
On Tue, Nov 29, 2022 at 04:35:10AM +0100, Mirsad Goran Todorovac wrote:
> On 10. 11. 2022. 10:20, Greg KH wrote:
> > On Thu, Nov 10, 2022 at 05:57:57AM +0100, Mirsad Goran Todorovac wrote:
> > > On 04. 11. 2022. 11:40, Mirsad Goran Todorovac wrote:
> > >
> > > > Dear Sirs,
> > > >
> > > > When