diff options
author | Guillaume Douézan-Grard <gdouezangrard@gmail.com> | 2020-03-01 21:43:24 +0100 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2020-03-02 06:49:14 +0100 |
commit | f4665664c4ff69a3666fabc220535fced1544fa8 (patch) | |
tree | dede31a28d5f792847e656d8549a8961d70dc445 /units | |
parent | random-seed: add missing header for GRND_NONBLOCK (#14988) (diff) | |
download | systemd-f4665664c4ff69a3666fabc220535fced1544fa8.tar.xz systemd-f4665664c4ff69a3666fabc220535fced1544fa8.zip |
units: disable ProtectKernelLogs for machined
machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.
Closes #14559.
Diffstat (limited to 'units')
-rw-r--r-- | units/systemd-machined.service.in | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index fa344d487d..3db0281f81 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -24,7 +24,6 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes ProtectHostname=yes -ProtectKernelLogs=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictRealtime=yes SystemCallArchitectures=native |