@2b562a3e We actually have an option for that in /etc/systemd/system.conf.

But I am not aware of any general purpose distro setting that.

And ideally we'd turn off the suid/fcaps logic already in kernel, i.e. compile the whole thing out. 

 @2ffa8eb4 @2b562a3e I would happily turn on this, but I’m afraid the whole system would break. But I guess ‘systemd-run -S’ would still work? 

 @a775eafc @2b562a3e yes, it would. 

In systemd we frown on suid binaries, we do not allow them in our own code.