]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd35a61)
add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle machinectl read-only...
authorDan Streetman <ddstreet@ieee.org>
Fri, 16 Sep 2022 14:50:59 +0000 (10:50 -0400)
committerLuca Boccassi <luca.boccassi@gmail.com>
Fri, 16 Sep 2022 18:50:52 +0000 (19:50 +0100)
Without this, the 'machinectl read-only ...' command always fails.

units/systemd-machined.service.in patch | blob | blame | history

diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index e92f436dfdfb1809da8df0a797957c46c2755ca0..d3f8abd9e4c63c8a54c65b8a276d3de394d967d0 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -18,7 +18,7 @@ RequiresMountsFor=/var/lib/machines
 
 [Service]
 BusName=org.freedesktop.machine1
-CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
+CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE
 ExecStart={{ROOTLIBEXECDIR}}/systemd-machined
 IPAddressDeny=any
 LockPersonality=yes
Unnamed repository; edit this file 'description' to name the repository.