casually reading man systemd.exec again
> If DynamicUser= is used, and if the kernel version supports id-mapped mounts, the specified directories will be owned by "nobody" in the host namespace
ffs...
the idea behind "nobody" was that it's a user that *doesn't own anything*
and now systemd wants to make it so that configs and data of all services running as DynamicUsers will be owned by "nobody", so that any process running as "nobody" in the host namespace has access to them?
Wolf480pl /
npub170…ut88d
2025-05-22 20:06:45
in reply to nevent1q…aek5
Author Public Key
npub170403ynslsp4tn32j8tfhjn3cdq2pgut0jpnhrlcxl524gxf36pqput88dSeen on
wss://relay.mostr.pubPublished at
2025-05-22 20:06:45Event JSON
{
"id": "45b4411b4c31b97af8e7747bc01b178af58286800b1d768861457d41aa9c0f54",
"pubkey": "f3eaf89270fc0355ce2a91d69bca71c340a0a38b7c833b8ff837e8aaa0c98e82",
"created_at": 1747944405,
"kind": 1,
"tags": [
[
"e",
"bfc06537bbf72333a49a64403fa64ae863b42e9a1341e398c66fc3e59896207c",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mstdn.io/users/wolf480pl/statuses/114553284546794724",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "casually reading man systemd.exec again\n\n\u003e If DynamicUser= is used, and if the kernel version supports id-mapped mounts, the specified directories will be owned by \"nobody\" in the host namespace\n\nffs...\n\nthe idea behind \"nobody\" was that it's a user that *doesn't own anything*\n\nand now systemd wants to make it so that configs and data of all services running as DynamicUsers will be owned by \"nobody\", so that any process running as \"nobody\" in the host namespace has access to them?",
"sig": "5027672bac50ac0b50bb4a4a32061f3c10261e74f31022a855ef3da05019c144af3f7e33587ebcd84d37492acf3b298d5cfec03cfe4366d5df153f2e2651f75d"
}