From 19b8e712d8fc59c8fabe2607400874a65dcc0030 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 5 Jan 2024 16:34:33 +0100
Subject: hostnamed: expose local AF_VSOCK CID among other host info

This is a host identifier of major relevance, since it is how you
connect to this system if it is a VM, hence expose this nicely.
---
 units/systemd-hostnamed.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'units/systemd-hostnamed.service.in')

diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 31b45e0fa8..1cc15dd7cf 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -22,7 +22,7 @@ IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-PrivateDevices=yes
+DeviceAllow=/dev/vsock r
 PrivateNetwork=yes
 PrivateTmp=yes
 ProtectProc=invisible
-- 
cgit v1.2.3