Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

RHELPRIO AssignedTeam ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.2
Affects Version/s: CentOS Stream 10
Component/s: systemd
Labels:
- backport

Fixed in Build:
systemd-257-19.el10
Regression:
None
Severity:
Low

AssignedTeam:
rhel-systemd

Internal Target Milestone:
26
Story Points:
0
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Preliminary Testing:
Requested
Test Coverage:
None

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:
Architecture:

x86_64

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Currently DelegateNamespaces= only works for services spawned by the
system manager. User managers will always unshare the user namespace
first even if they're running with CAP_SYS_ADMIN.

Let's add support for DelegateNamespaces= for user managers if they're
running with CAP_SYS_ADMIN. By default, we'll still delegate all namespaces
for user managers, but this can now be overridden by explicitly passing
DelegateNamespaces=.

If a user manager is running without CAP_SYS_ADMIN, the user manager is
still always unshared first just like before.

links to

Fix has been submitted as GitHub PR redhat-plumbers/systemd-rhel10/pull/105

https://github.com/systemd/systemd/commit/9e34c34b7b027da24b084a58246c1d88bdbcc817

Assignee:: Jan Macku

Reporter:: Jan Macku

Developer:: systemd maint mailing list

QA Contact:: Frantisek Sumsal

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/11/18 7:41 AM

Updated:: 2025/12/01 12:53 PM

Stale Date:: 2026/11/17

Target end:: 2026/02/23

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates