From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Jul 2019 11:11:09 +0000 (+0200)
Subject: nspawn: explicitly load units beforehand so that DeviceAllow= syntax works
X-Git-Tag: v243-rc1~39^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=31ea9c89d49d16b912cd7c1f241f83402eb8c626;p=thirdparty%2Fsystemd.git

nspawn: explicitly load units beforehand so that DeviceAllow= syntax works

Yuck, but I don't see any prettier solution.

Fixes: #13130
---

diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index c3194d4f21d..2473a730b47 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -16,6 +16,8 @@ After=network.target systemd-resolved.service
 RequiresMountsFor=/var/lib/machines
 
 [Service]
+# Make sure the DeviceAllow= lines below can properly resolve the 'block-loop' expression (and others)
+ExecStartPre=-/sbin/modprobe -abq tun loop dm-mod
 ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i
 KillMode=mixed
 Type=notify