From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sat, 22 Oct 2016 03:00:38 +0000 (-0400)
Subject: units: disable /dev/hugepages in private user namespaces
X-Git-Tag: v232~28^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4442%2Fhead;p=thirdparty%2Fsystemd.git

units: disable /dev/hugepages in private user namespaces

The mount fails, even though CAP_SYS_ADMIN is granted.
---

diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount
index 882adb4545a..489cc777e40 100644
--- a/units/dev-hugepages.mount
+++ b/units/dev-hugepages.mount
@@ -13,6 +13,7 @@ DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/sys/kernel/mm/hugepages
 ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
 
 [Mount]
 What=hugetlbfs