19c0b0b9a5
The manpage of seccomp specify that using seccomp with SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence, without NoNewPrivilege set, it is impossible to use a SystemCall* directive with a User directive set in system mode. Now, NoNewPrivileges is set if we are in user mode, or if we are in system mode and we don't have CAP_SYS_ADMIN, and SystemCall* directives are used.
12 lines
276 B
Desktop File
12 lines
276 B
Desktop File
[Unit]
|
|
Description=Test for SystemCallFilter in system mode with User set
|
|
|
|
[Service]
|
|
ExecStart=/bin/echo "Foo bar"
|
|
Type=oneshot
|
|
User=nobody
|
|
SystemCallFilter=~read write open execve ioperm
|
|
SystemCallFilter=ioctl
|
|
SystemCallFilter=read write open execve
|
|
SystemCallFilter=~ioperm
|