machined: add CAP_MKNOD to capabilities to run with (#3116)

author Lennart Poettering <lennart@poettering.net>

Mon, 25 Apr 2016 19:38:56 +0000 (21:38 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 25 Apr 2016 19:38:56 +0000 (15:38 -0400)
author Lennart Poettering <lennart@poettering.net>
Mon, 25 Apr 2016 19:38:56 +0000 (21:38 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 25 Apr 2016 19:38:56 +0000 (15:38 -0400)
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in

index 3710c595ca19e9c23fe1d9d985d371dd7f9417d4..685baab21d4055eb6b4fe914ce0ecde1565e07ee 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -15,7 +15,7 @@ After=machine.slice
  [Service]
  ExecStart=@rootlibexecdir@/systemd-machined
  BusName=org.freedesktop.machine1
-CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID
+CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
  WatchdogSec=3min
  
  # Note that machined cannot be placed in a mount namespace, since it
author	Lennart Poettering <lennart@poettering.net>
	Mon, 25 Apr 2016 19:38:56 +0000 (21:38 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 25 Apr 2016 19:38:56 +0000 (15:38 -0400)