On Sun, Aug 24, 2025 at 11:59 PM Ian Pilcher <[email protected]> wrote: > Any suggestions on what might be going on here or what my program should > be doing differently to make this call work would be appreciated. This > error is preventing me from setting DynamicUser=true, because it implies > RestrictSUIDSGID=true.
Hi Ian, openat2() is disabled due to the seccomp filter applied as a consequence of RestrictSUIDSGID=yes. Rationale for this behavior is described in code comment here, https://github.com/systemd/systemd/blob/main/src/shared/seccomp-util.c#L2311 I've recently stumbled on this behavior as well, https://github.com/systemd/systemd/pull/38640 Cheers, Michal
