system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-06 16:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

units: disable ProtectKernelLogs for machined

Browse source 
machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.

Closes #14559.
This commit is contained in:
Guillaume Douézan-Grard 2020-03-01 21:43:24 +01:00 committed by Yu Watanabe
parent 123aeae206
commit f4665664c4
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
units/systemd-machined.service.in
View file

@ -24,7 +24,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectHostname=yes
ProtectKernelLogs=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
SystemCallArchitectures=native