ProtectSystem= and other sandboxing options require a user namespace in order to work as user units (the user manager does not run as root and thus without a user namespace it is unable to perform mounts).
We are looking to enable this implicitly. Very few user units use these options, so want to make sure it is intentional and won't cause regressions. The alternative is to remove ProtectSystem=.
ProtectSystem= and other sandboxing options require a user namespace in order to work as user units (the user manager does not run as root and thus without a user namespace it is unable to perform mounts).
We are looking to enable this implicitly. Very few user units use these options, so want to make sure it is intentional and won't cause regressions. The alternative is to remove ProtectSystem=.