From e0c74691c41a204eba2fd5f39615049fc9ff1648 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 4 Jul 2014 03:07:20 +0200 Subject: [PATCH] units: conditionalize static device node logic on CAP_SYS_MODULES instead of CAP_MKNOD npsawn containers generally have CAP_MKNOD, since this is required to make PrviateDevices= work. Thus, it's not useful anymore to conditionalize the kmod static device node units. Use CAP_SYS_MODULES instead which is not available for nspawn containers. However, the static device node logic is only done for being able to autoload modules with it, and if we can't do that there's no point in doing it. --- units/kmod-static-nodes.service.in | 2 +- units/systemd-tmpfiles-setup-dev.service.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in index 368f980fd..0934a8751 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in @@ -9,7 +9,7 @@ Description=Create list of required static device nodes for the current kernel DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service -ConditionCapability=CAP_MKNOD +ConditionCapability=CAP_SYS_MODULE ConditionPathExists=/lib/modules/%v/modules.devname [Service] diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in index b9cfc53bd..06346d3b7 100644 --- a/units/systemd-tmpfiles-setup-dev.service.in +++ b/units/systemd-tmpfiles-setup-dev.service.in @@ -12,7 +12,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target -ConditionCapability=CAP_MKNOD +ConditionCapability=CAP_SYS_MODULE [Service] Type=oneshot -- 2.30.2