nspawn: sync DeviceAllow= setting with systemd-nspawn@.service

Follow-up for dc3223919f663b7c8b8d8d1d6072b4487df7709b. Addresses https://github.com/systemd/systemd/pull/34067#discussion_r1748592958. Otherwise, containers started with and without --keep-unit option run in different device policies.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-09-09 20:38:13 +0200
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-09-09 21:38:11 +0200
commit: b86b90cec59d8a41f8cf5e9797980e81bd18082b (patch)
tree: be15b384ea03c8ca605c80f0b7e6a586b566c9f6 /src/nspawn
parent: machinectl: suppress redirection notice if --quiet is specified (diff)
download: systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.tar.xz
systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c
index 52f7384468..009f71f59f 100644
--- a/src/nspawn/nspawn-register.c
+++ b/src/nspawn/nspawn-register.c
@@ -43,7 +43,7 @@ static int append_machine_properties(
                 return bus_log_create_error(r);
         if (enable_fuse) {
                 r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
-                                          "/dev/fuse", "rw");
+                                          "/dev/fuse", "rwm");
                 if (r < 0)
                         return bus_log_create_error(r);
         }
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-09-09 20:38:13 +0200
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-09-09 21:38:11 +0200
commit	b86b90cec59d8a41f8cf5e9797980e81bd18082b (patch)
tree	be15b384ea03c8ca605c80f0b7e6a586b566c9f6 /src/nspawn
parent	machinectl: suppress redirection notice if --quiet is specified (diff)
download	systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.tar.xz systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.zip