nspawn: fix --image= when nspawn is run as service

author Lennart Poettering <lennart@poettering.net>

Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)

committer Lennart Poettering <lennart@poettering.net>

Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)
author Lennart Poettering <lennart@poettering.net>
Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)
committer Lennart Poettering <lennart@poettering.net>
Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in

index 6b86e0a7f7758772ef5e1488b11090ece51a0c45..03349931d9d81e5d05768b2708084b778f1c1888 100644 (file)
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
  DeviceAllow=/dev/pts/ptmx rw
  DeviceAllow=char-pts rw
  
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+
  [Install]
  WantedBy=machines.target
author	Lennart Poettering <lennart@poettering.net>
	Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Sat, 3 Oct 2015 09:23:52 +0000 (11:23 +0200)