Re: [systemd-devel] RestrictSUIDSGID causing unexpected error

On 8/25/25 6:57 AM, Michal Sekletar wrote: openat2() is disabled due to the seccomp filter applied as a consequence of RestrictSUIDSGID=yes. Rationale for this behavior is described in code comment here, https://github.com/systemd/systemd/blob/main/src/shared/seccomp- util.c#L2311

Re: [systemd-devel] RestrictSUIDSGID causing unexpected error

On Sun, Aug 24, 2025 at 11:59 PM Ian Pilcher wrote: > Any suggestions on what might be going on here or what my program should > be doing differently to make this call work would be appreciated. This > error is preventing me from setting DynamicUser=true, because it implies > RestrictSUIDSGID=tru

Re: [systemd-devel] RestrictSUIDSGID causing unexpected error

should be what causes this return code. Get Outlook for iOS<https://aka.ms/o0ukef> From: systemd-devel on behalf of Ian Pilcher Sent: Sunday, August 24, 2025 4:59:24 PM To: Systemd Subject: [EXTERNAL] [systemd-devel] RestrictSUIDSGID causing unexpected error

[systemd-devel] RestrictSUIDSGID causing unexpected error

I am trying to make one of my .service units as secure as possible, and I've come across a seemingly weird behavior when RestrictSUIDSGID=true is set. Namely, the following system call is failing. openat2(0, "/var/lib/acg/ht...@sprinklers.penurio.us.crt", {flags=O_RDONLY, resolve=RESOLVE_NO_S