Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-129179

core: Make DelegateNamespaces= work for user managers with CAP_SYS_ADMIN

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • CentOS Stream 10
    • systemd
    • systemd-257-19.el10
    • None
    • Low
    • rhel-systemd
    • 26
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      Currently DelegateNamespaces= only works for services spawned by the
      system manager. User managers will always unshare the user namespace
      first even if they're running with CAP_SYS_ADMIN.

      Let's add support for DelegateNamespaces= for user managers if they're
      running with CAP_SYS_ADMIN. By default, we'll still delegate all namespaces
      for user managers, but this can now be overridden by explicitly passing
      DelegateNamespaces=.

      If a user manager is running without CAP_SYS_ADMIN, the user manager is
      still always unshared first just like before.

              jamacku@redhat.com Jan Macku
              jamacku@redhat.com Jan Macku
              systemd maint mailing list systemd maint mailing list
              Frantisek Sumsal Frantisek Sumsal
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: