On 8/25/25 6:57 AM, Michal Sekletar wrote:
openat2() is disabled due to the seccomp filter applied as a consequence of RestrictSUIDSGID=yes. Rationale for this behavior is described in code comment here, https://github.com/systemd/systemd/blob/main/src/shared/seccomp- util.c#L2311 <https://github.com/systemd/systemd/blob/main/src/shared/ seccomp-util.c#L2311>
Thanks for the explanation. I've opened https://github.com/systemd/systemd/issues/38711 to see if there's some way to enable the use of openat2() with DynamicUser=true. -- ======================================================================== If your user interface is intuitive in retrospect ... it isn't intuitive ========================================================================
