summaryrefslogtreecommitdiffstats
path: root/units
diff options
context:
space:
mode:
authorGuillaume Douézan-Grard <gdouezangrard@gmail.com>2020-03-01 21:43:24 +0100
committerYu Watanabe <watanabe.yu+github@gmail.com>2020-03-02 06:49:14 +0100
commitf4665664c4ff69a3666fabc220535fced1544fa8 (patch)
treedede31a28d5f792847e656d8549a8961d70dc445 /units
parentrandom-seed: add missing header for GRND_NONBLOCK (#14988) (diff)
downloadsystemd-f4665664c4ff69a3666fabc220535fced1544fa8.tar.xz
systemd-f4665664c4ff69a3666fabc220535fced1544fa8.zip
units: disable ProtectKernelLogs for machined
machined needs access to the host mount namespace to propagate bind mounts created with the "machinectl bind" command. However, the "ProtectKernelLogs" directive relies on mount namespaces to make the kernel ring buffer inaccessible. This commit removes the "ProtectKernelLogs=yes" directive from machined service file introduced in 6168ae5. Closes #14559.
Diffstat (limited to 'units')
-rw-r--r--units/systemd-machined.service.in1
1 files changed, 0 insertions, 1 deletions
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index fa344d487d..3db0281f81 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -24,7 +24,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectHostname=yes
-ProtectKernelLogs=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
SystemCallArchitectures=native