Is it considered safe to setuid on a root-owned binary that launches systemd-nspawn with the argument "--private-users=1000:1"?
i.e. /* user-nspawn.c */ #include <unistd.h> int main() { const char * binary = "/usr/bin/systemd-nspawn"; execl(binary, binary, "--private-users=1000:1", (char *)NULL); } gcc -o user-nspawn user-nspawn.c su chown root:root user-nspawn chmod +s user-nspawn
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel