]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1db0db4)
importd: add CAP_DAC_OVERRIDE capability
authorLubomir Rintel <lkundrak@v3.sk>
Mon, 13 Apr 2015 17:46:59 +0000 (19:46 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 21 Apr 2015 00:45:34 +0000 (02:45 +0200)
Fedora's filesystem package ships /usr/bin (and other directories) which are
not writable by its owner. machinectl pull-dkr (and possibly others) are not
able to extract those:

  14182 mkdirat(3, "usr", 0700)           = 0
  14182 mkdirat(3, "usr/bin", 0500)       = 0
  14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied)
  ...

units/systemd-importd.service.in patch | blob | blame | history

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index a540040bfb87346b4ff05e312133d3bdc8cd4e76..80d97c8d9d3e16723b27b9b90b9bfa0d89187e1f 100644 (file)
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,6 +12,6 @@ Documentation=man:systemd-importd.service(8)
 [Service]
 ExecStart=@rootlibexecdir@/systemd-importd
 BusName=org.freedesktop.import1
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
 NoNewPrivileges=yes
 WatchdogSec=1min
Unnamed repository; edit this file 'description' to name the repository.