diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-07-04 03:10:09 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-07-04 03:24:42 +0200 |
commit | fa229d09281d435153b4cfd138a2a62fa66d889b (patch) | |
tree | f15b28718287883d2eb7f34785b43c9c6ea36c0a /units/sys-kernel-config.mount | |
parent | units: conditionalize static device node logic on CAP_SYS_MODULES instead of ... (diff) | |
download | systemd-fa229d09281d435153b4cfd138a2a62fa66d889b.tar.xz systemd-fa229d09281d435153b4cfd138a2a62fa66d889b.zip |
units: conditionalize configfs and debugfs with CAP_SYS_RAWIO
We really don't want these in containers as they provide a too lowlevel
look on the system.
Conditionalize them with CAP_SYS_RAWIO since that's required to access
/proc/kcore, /dev/kmem and similar, which feel similar in style. Also,
npsawn containers lack that capability.
Diffstat (limited to 'units/sys-kernel-config.mount')
-rw-r--r-- | units/sys-kernel-config.mount | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/units/sys-kernel-config.mount b/units/sys-kernel-config.mount index 020101c0d8..21648eff6a 100644 --- a/units/sys-kernel-config.mount +++ b/units/sys-kernel-config.mount @@ -11,6 +11,7 @@ Documentation=https://www.kernel.org/doc/Documentation/filesystems/configfs/conf Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no ConditionPathExists=/sys/kernel/config +ConditionCapability=CAP_SYS_RAWIO After=systemd-modules-load.service Before=sysinit.target |