mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
units: conditionalize static device node logic on CAP_SYS_MODULES instead of CAP_MKNOD
npsawn containers generally have CAP_MKNOD, since this is required to make PrviateDevices= work. Thus, it's not useful anymore to conditionalize the kmod static device node units. Use CAP_SYS_MODULES instead which is not available for nspawn containers. However, the static device node logic is only done for being able to autoload modules with it, and if we can't do that there's no point in doing it.
This commit is contained in:
Lennart Poettering
parent
54f601debc
commit
e0c74691c4
|
|
@ -9,7 +9,7 @@
|
||||||
Description=Create list of required static device nodes for the current kernel
|
Description=Create list of required static device nodes for the current kernel
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
Before=sysinit.target systemd-tmpfiles-setup-dev.service
|
Before=sysinit.target systemd-tmpfiles-setup-dev.service
|
||||||
ConditionCapability=CAP_MKNOD
|
ConditionCapability=CAP_SYS_MODULE
|
||||||
ConditionPathExists=/lib/modules/%v/modules.devname
|
ConditionPathExists=/lib/modules/%v/modules.devname
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ DefaultDependencies=no
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service
|
After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service
|
||||||
Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target
|
Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target
|
||||||
ConditionCapability=CAP_MKNOD
|
ConditionCapability=CAP_SYS_MODULE
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue