Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Thomas Gleixner <hidden>
Date: 2019-08-16 10:00:15
Also in:
bpf, linux-api, linux-security-module
On Fri, 16 Aug 2019, Jordan Glover wrote:
"systemd --user" service? Trying to do so will fail with: "Failed to apply ambient capabilities (before UID change): Operation not permitted" I think it's crucial to clear that point to avoid confusion in this discussion where people are talking about different things. On the other hand running "systemd --system" service with: User=nobody AmbientCapabilities=CAP_NET_ADMIN is perfectly legit and clears some security concerns as only privileged user can start such service.
While we are at it, can we please stop looking at this from a systemd only perspective. There is a world outside of systemd. Thanks, tglx