units: conditionalize static device node logic on CAP_SYS_MODULES instead of CAP_MKNOD

npsawn containers generally have CAP_MKNOD, since this is required
to make PrviateDevices= work. Thus, it's not useful anymore to
conditionalize the kmod static device node units.

Use CAP_SYS_MODULES instead which is not available for nspawn
containers. However, the static device node logic is only done for being
able to autoload modules with it, and if we can't do that there's no
point in doing it.

diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
index 368f980fd11548915900fb855b9a8663fc57b095..0934a8751f3c9d6e77d72452430bd3af4fac0a9c 100644 (file)
--- a/units/kmod-static-nodes.service.in
+++ b/units/kmod-static-nodes.service.in
@@ -9,7 +9,7 @@
 Description=Create list of required static device nodes for the current kernel
 DefaultDependencies=no
 Before=sysinit.target systemd-tmpfiles-setup-dev.service
-ConditionCapability=CAP_MKNOD
+ConditionCapability=CAP_SYS_MODULE
 ConditionPathExists=/lib/modules/%v/modules.devname
 
 [Service]

diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in
index b9cfc53bd140001711b39f63c6b4934bedef01f6..06346d3b7ceac5a276a69a6d15f0d19468ad7dd5 100644 (file)
--- a/units/systemd-tmpfiles-setup-dev.service.in
+++ b/units/systemd-tmpfiles-setup-dev.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service
 Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target
-ConditionCapability=CAP_MKNOD
+ConditionCapability=CAP_SYS_MODULE
 
 [Service]
 Type=oneshot