Oddbean new post about | logout
Lennart Poettering | 1 years ago (raw) | root | parent | reply | flag 
 @2b562a3e We actually have an option for that in /etc/systemd/system.conf.

But I am not aware of any general purpose distro setting that.

And ideally we'd turn off the suid/fcaps logic already in kernel, i.e. compile the whole thing out.
69706667 | 1 years ago (raw) | root | parent | reply | flag 
 @2ffa8eb4 @2b562a3e I would happily turn on this, but I’m afraid the whole system would break. But I guess ‘systemd-run -S’ would still work?
Lennart Poettering | 1 years ago (raw) | root | parent | reply | flag 
 @a775eafc @2b562a3e yes, it would. 

In systemd we frown on suid binaries, we do not allow them in our own code.