nostr:npub19dtz5045lnpakgchhjfnxkpzm32zhxer8q7enqtg7k4mxauwwkrqv505k8 We actually have an option for that in /etc/systemd/system.conf.

But I am not aware of any general purpose distro setting that.

And ideally we'd turn off the suid/fcaps logic already in kernel, i.e. compile the whole thing out.