]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b47261e) | patch
core: add device mapper to allow-list with DevicePolicy=closed and RootImage
authorLuca Boccassi <luca.boccassi@microsoft.com>
Fri, 26 Jun 2020 11:19:48 +0000 (12:19 +0100)
committerLennart Poettering <lennart@poettering.net>
Fri, 26 Jun 2020 16:39:45 +0000 (18:39 +0200)
commit0cffae953aa3c821a7d2d13fed8fbe66378223e8
tree1fdd82f3c8e63d6ccfe4adf48ee8929dd0dc1279tree | snapshot
parentb47261e5cbb7d29ce2021a8298d143e829c195d7commit | diff
core: add device mapper to allow-list with DevicePolicy=closed and RootImage

To set up a verity/cryptsetup RootImage the forked child needs to
ioctl /dev/mapper/control and create a new mapper.
If PrivateDevices=yes and/or DevicePolicy=closed are used, this is
blocked by the cgroup setting, so add an exception like it's done
for loop devices (and also add a dependency on the kernel modules
implementing them).
src/core/unit.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.