You might not have a systemd instance inside a container, but you still might want to switch user IDs there.

Podman has systemd inside, you can run0 in it

Surely that depends on the container? Podman doesn't artificially inject a systemd process as PID 1 by default.

Not all containers are on podman

The Lennart post about it explain it https://mastodon.social/@pid_eins/112353324518585654

He was comparing to "normal" sudo, but sudo-rs have the same problems he highlighted anyway

sudo-rs uses setuid.

run0 does not (and instead relies on systemd).

---

To answer your next question: setuid, while historic, is a bit weird, and is disabled in some environments, e.g. NoNewPrivileges.

sudo-rs doesn’t gratuitously require a root privilege daemon that regularly ships filesystem destruction and remote unauthenticated arbitrary code execution bugs.

If your bar is “I’ll tolerate such crap”, you may as well run your desktop session as root.

If sudo does this, as you imply, why do Linux system still exist that are not part of a botnet?

Implication is that systemd does this, not sudo.

Nice technical argument, did Lennart bite you while you where sleeping?