On Thu, Dec 4, 2025 at 10:24 PM Jyrki Vesterinen <[email protected]> wrote: > > Hi, > > I tried out run0 --empower on my system (practically Debian Sid) and > discovered I can't use the mount command in the prompt: > > > jyrki@siductionbox:~$ run0 --empower > 🎃 jyrki@siductionbox:~$ ls -l /mnt > total 0 > 🎃 jyrki@siductionbox:~$ mkdir /mnt/varmuuskopiot > 🎃 jyrki@siductionbox:~$ mount /dev/sda1 /mnt/varmuuskopiot/ > mount: /mnt/varmuuskopiot: must be superuser to use mount. > dmesg(1) may have more information after failed mount system call. > > After some further digging, yeah, I verified /usr/bin/mount is a SUID binary > and has to check if the user is allowed to use it. > > Mounting was pretty much the primary use case I had hoped to use the > --empower mode for (since my regular user would own the mount point > afterwards, saving me from running chown by hand).
What makes you think so? > > The same thing would presumably happen with most SUID binaries. Sure, raw > syscalls to perform all kinds of operations would succeed, but SUID programs > will refuse to work. As a result, --empower isn't very usable in practice > with current-day distros. > > Are there any plans to address this? The only way to address it from the run0 side is to enter a user namespace where the invoking user has UID 0. Otherwise it is really up to the invoked command to check for capabilities, not for UID 0.
