The way I’ve read the internal operation of this function, is its calling
SECCOMP internally in Linux such that calls that allow changing ownership or
permissions are disallowed. Though not expressly stated for the function call
you listed, it under the covers would be calling those which should
I am trying to make one of my .service units as secure as possible, and
I've come across a seemingly weird behavior when RestrictSUIDSGID=true
is set. Namely, the following system call is failing.
openat2(0, "/var/lib/acg/ht...@sprinklers.penurio.us.crt",
{flags=O_RDONLY, resolve=RESOLVE_NO_S
