@tokudan NNP has no effect on run0.

I mean, in my ideal world NNP would be a thing that we set globally, early on in PID 1, so that *all* userspace code has NNP set. And then run0 would be the way you get sudo-like behaviour still.

NNP is really about prohibiting code forked off to acquire additional privs, but that's precisely not what run0 will do anyway, it instead asks via an IPC code to run priv code elsewhere, subject to polkit authorization.