The way I’ve read the internal operation of this function, is its calling SECCOMP internally in Linux such that calls that allow changing ownership or permissions are disallowed. Though not expressly stated for the function call you listed, it under the covers would be calling those which should be what causes this return code.
Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: systemd-devel <systemd-devel-boun...@lists.freedesktop.org> on behalf of Ian Pilcher <arequip...@gmail.com> Sent: Sunday, August 24, 2025 4:59:24 PM To: Systemd <systemd-devel@lists.freedesktop.org> Subject: [EXTERNAL] [systemd-devel] RestrictSUIDSGID causing unexpected error I am trying to make one of my .service units as secure as possible, and I've come across a seemingly weird behavior when RestrictSUIDSGID=true is set. Namely, the following system call is failing. openat2(0, "/var/lib/acg/ht...@sprinklers.penurio.us.crt", {flags=O_RDONLY, resolve=RESOLVE_NO_SYMLINKS}, 24) = -1 ENOSYS (Function not implemented) (how.mode is set to 0, as required when how.flags does not include O_CREAT or O_TMPFILE.) When RestrictSUIDSGID is not set, this call succeeds. Note that the permissions of the file being opened are 0644, and no part of its path has the SUID of SGID bits set. Any suggestions on what might be going on here or what my program should be doing differently to make this call work would be appreciated. This error is preventing me from setting DynamicUser=true, because it implies RestrictSUIDSGID=true. -- ======================================================================== If your user interface is intuitive in retrospect ... it isn't intuitive ========================================================================
