Skip to content

systemd examples lack sandboxing options #1588

New issue
New issue
Open
Open
systemd examples lack sandboxing options#1588
Labels
enhancementneeds triageWaiting for discussion / prioritization by team
@kaysond

Description

@kaysond
kaysond
opened on Mar 11, 2026

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

The systemd service examples in https://github.com/smallstep/cli/tree/master/systemd lack sandboxing options.

Why is this needed?

There's no need to run step with so many capabilities and it creates unnecessary security risk.

Happy to submit a PR for this as I've already done the work to figure out the minimum set of capabilities needed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementneeds triageWaiting for discussion / prioritization by team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions