units: disable ProtectKernelLogs for machined

machined needs access to the host mount namespace to propagate bind mounts created with the "machinectl bind" command. However, the "ProtectKernelLogs" directive relies on mount namespaces to make the kernel ring buffer inaccessible. This commit removes the "ProtectKernelLogs=yes" directive from machined service file introduced in 6168ae5. Closes #14559.
author: Guillaume Douézan-Grard <gdouezangrard@gmail.com> 2020-03-01 21:43:24 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2020-03-02 06:49:14 +0100
commit: f4665664c4ff69a3666fabc220535fced1544fa8 (patch)
tree: dede31a28d5f792847e656d8549a8961d70dc445
parent: random-seed: add missing header for GRND_NONBLOCK (#14988) (diff)
download: systemd-f4665664c4ff69a3666fabc220535fced1544fa8.tar.xz
systemd-f4665664c4ff69a3666fabc220535fced1544fa8.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index fa344d487d..3db0281f81 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -24,7 +24,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectHostname=yes
-ProtectKernelLogs=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 RestrictRealtime=yes
 SystemCallArchitectures=native
author	Guillaume Douézan-Grard <gdouezangrard@gmail.com>	2020-03-01 21:43:24 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2020-03-02 06:49:14 +0100
commit	f4665664c4ff69a3666fabc220535fced1544fa8 (patch)
tree	dede31a28d5f792847e656d8549a8961d70dc445
parent	random-seed: add missing header for GRND_NONBLOCK (#14988) (diff)
download	systemd-f4665664c4ff69a3666fabc220535fced1544fa8.tar.xz systemd-f4665664c4ff69a3666fabc220535fced1544fa8.zip