On Tue, 21.07.15 13:24, Florian Weimer ([email protected]) wrote: > And that's fine. But doing hardening for UID=0 services seems a very > bad practice to me because it looks like someone is assuming that UID=0 > without capabilities is just another “nobody” user. Which is not > surprising, because capabilities are often advertised that way.
I'd be happy to take a patch that adds a comment about this to the CapabilityBoundingSet= option in the man page, explaining that one should not mistake a UID=0 user zero caps as equivalent to a nobody user. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
