On Sat, 24 Aug 2024 18:23:00 +0200 Diederik de Haas <didi.deb...@cknow.org> wrote: > I think/assume it's great that systemd would use kernel features like > BPF *if* they're available. But if not, it should not throw an ERROR.
Security features should not fail open; they should fail closed. Launching a service without the expected restrictions could open a security hole on a user's system. Ideally the error message could be improved, such as by more clearly identifying the exact unit that's using the security feature.
