]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 123aeae)
units: disable ProtectKernelLogs for machined
authorGuillaume Douézan-Grard <gdouezangrard@gmail.com>
Sun, 1 Mar 2020 20:43:24 +0000 (21:43 +0100)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Mon, 2 Mar 2020 05:49:14 +0000 (14:49 +0900)
machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.

Closes #14559.

units/systemd-machined.service.in patch | blob | blame | history

diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index fa344d487dafe76cce70179423cae2c730850e2c..3db0281f81dcb5f8589f5cd2c49b3cc4b93c6bc9 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -24,7 +24,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectHostname=yes
-ProtectKernelLogs=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 RestrictRealtime=yes
 SystemCallArchitectures=native
Unnamed repository; edit this file 'description' to name the repository.