This is a suggestion to the functionality of 66.
For those confused, Build= is described here.
Presently, [with Build=auto i.e.] the stdin/out redirection , retrieving fds from fdholder, dropping privs, execl-envfile, etc.. are handled by certain chainloaders before the actual Execute=() part
These work ONLY with Build=auto
There is even a warning in the wiki that "RunAs=" will not take effect with Build=custom.
My suggestion to fix this is:
whenever Build = custom, write Execute=() into 'execute.start' file rather than 'run'.
The 'run' file will exec into 'execute.start', after the chainloaders.
This can reduce the disparities between Build = auto and custom, while retaining the flexibility.