On Sat, 07.02.15 10:40, Topi Miettinen ([email protected]) wrote: > No setuid programs are expected to be executed, so add > SecureBits=no-setuid-fixup no-setuid-fixup-locked > to unit files.
So, hmm, after reading the man page again: what's the rationale for precisely these bits? I mean no-setuid-fixup seems to be something that applies to setuid(), setresuid() calls and suchlike, which seems pretty uninteresting. Much more interesting is SECBIT_NOROOT, which disables suid binary handling... Can you elaborate? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
