nspawn: sync DeviceAllow= setting with systemd-nspawn@.service

Follow-up for dc3223919f663b7c8b8d8d1d6072b4487df7709b. Addresses https://github.com/systemd/systemd/pull/34067#discussion_r1748592958. Otherwise, containers started with and without --keep-unit option run in different device policies.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-09-09 20:38:13 +0200
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-09-09 21:38:11 +0200
commit: b86b90cec59d8a41f8cf5e9797980e81bd18082b (patch)
tree: be15b384ea03c8ca605c80f0b7e6a586b566c9f6 /units
parent: machinectl: suppress redirection notice if --quiet is specified (diff)
download: systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.tar.xz
systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index c2f21c6cbb..0dec0e0478 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -36,9 +36,6 @@ TasksMax=16384
 DevicePolicy=closed
 DeviceAllow=/dev/net/tun rwm
 DeviceAllow=char-pts rw
-{# /dev/fuse gets 'm' here even though it doesn't in nspawn-register.c, since
- # efedb6b0f3 (nspawn: refuse to bind mount device node from host when
- # --private-users= is specified, 2024-09-05) #}
 DeviceAllow=/dev/fuse rwm
 
 # nspawn itself needs access to /dev/loop-control and /dev/loop, to implement
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-09-09 20:38:13 +0200
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-09-09 21:38:11 +0200
commit	b86b90cec59d8a41f8cf5e9797980e81bd18082b (patch)
tree	be15b384ea03c8ca605c80f0b7e6a586b566c9f6 /units
parent	machinectl: suppress redirection notice if --quiet is specified (diff)
download	systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.tar.xz systemd-b86b90cec59d8a41f8cf5e9797980e81bd18082b.zip