|
|
|
|
|
|
by viraptor
893 days ago
|
|
|
> Systemd is architected in a way that has a lot of code running as root What would you want to move to a different user specifically? Systemd is the first one that actually makes modern security features first-class. Most big services run with NoNewPrivileges set, with specific paths allowed, with PrivateTmp, and a bunch of other features. Then there's DynamicUser and other fun bits. Not only did systemd make it simpler and more common to run bits as different users, it also makes the root ones more restricted. |
|
|