diff options
| author | Dan Streetman <ddstreet@ieee.org> | 2022-09-16 16:50:59 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-09-16 20:50:52 +0200 |
| commit | 137d162c42ed858613afc3d7493d08d4ae6d5c1b (patch) | |
| tree | bed02a563861aed7f35b4cb42eb4e6f4070a7990 /units/systemd-machined.service.in | |
| parent | sd-netlink: unexport sd-netlink (diff) | |
| download | systemd-137d162c42ed858613afc3d7493d08d4ae6d5c1b.tar.xz systemd-137d162c42ed858613afc3d7493d08d4ae6d5c1b.zip | |
add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle machinectl read-only requests
Without this, the 'machinectl read-only ...' command always fails.
Diffstat (limited to 'units/systemd-machined.service.in')
| -rw-r--r-- | units/systemd-machined.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index e92f436dfd..d3f8abd9e4 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -18,7 +18,7 @@ RequiresMountsFor=/var/lib/machines [Service] BusName=org.freedesktop.machine1 -CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE ExecStart={{ROOTLIBEXECDIR}}/systemd-machined IPAddressDeny=any LockPersonality=yes |