From c47fc1f025dd4b4c22d4650385748dc8486df0b6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 17 Jun 2014 03:23:23 +0200
Subject: [PATCH] kmod: conditionalize kmod setup on CAP_SYS_MODULE, not
 whether we run in a container

It's generally preferrable to conditionalize on the actual ability to do
something then the context we run in.
---
 src/core/kmod-setup.c | 6 +++++-
 src/core/main.c       | 3 +--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index 0791ae8ea..2f3f60883 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -27,7 +27,7 @@
 
 #include "macro.h"
 #include "execute.h"
-
+#include "capability.h"
 #include "kmod-setup.h"
 
 static void systemd_kmod_log(
@@ -54,6 +54,7 @@ static bool cmdline_check_kdbus(void) {
 }
 
 int kmod_setup(void) {
+
         static const struct {
                 const char *module;
                 const char *path;
@@ -76,6 +77,9 @@ int kmod_setup(void) {
         unsigned int i;
         int r;
 
+        if (have_effective_cap(CAP_SYS_MODULE) == 0)
+                return 0;
+
         for (i = 0; i < ELEMENTSOF(kmod_table); i++) {
                 struct kmod_module *mod;
 
diff --git a/src/core/main.c b/src/core/main.c
index 4ad3bc2c5..899233bf5 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1589,8 +1589,7 @@ int main(int argc, char *argv[]) {
                         status_welcome();
 
 #ifdef HAVE_KMOD
-                if (detect_container(NULL) <= 0)
-                        kmod_setup();
+                kmod_setup();
 #endif
                 hostname_setup();
                 machine_id_setup("");
-- 
2.30.2