This is the stupid "second layer protection" that simply does not make sense especially for server applications.
nostr:npub1x3azxuysp5vmfer4vgs4jn5tmfcx4ew8sh0qnev7gczljxsr7jwqa3g4el This is fucking stupid because by running the process same uid as files it can modify them however it wants. It HAS to have different uid to be made read-only
Discussion
nostr:npub1x3azxuysp5vmfer4vgs4jn5tmfcx4ew8sh0qnev7gczljxsr7jwqa3g4el I think security is better with KISS principle not with layers and layers of shit making it hard for everyone
This thing is basically not trusting the security that the linux kernel already puts at all. It's so obscure that i won't even understand why.
Just make other operating system already.
Canonical is deluded. Really deluded.