From: Dan Streetman Date: Fri, 16 Sep 2022 14:50:59 +0000 (-0400) Subject: add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle machinectl read-only... X-Git-Tag: v252-rc1~169 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=137d162c42ed858613afc3d7493d08d4ae6d5c1b;p=thirdparty%2Fsystemd.git add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle machinectl read-only requests Without this, the 'machinectl read-only ...' command always fails. --- diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index e92f436dfdf..d3f8abd9e4c 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -18,7 +18,7 @@ RequiresMountsFor=/var/lib/machines [Service] BusName=org.freedesktop.machine1 -CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE ExecStart={{ROOTLIBEXECDIR}}/systemd-machined IPAddressDeny=any LockPersonality=yes