mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-25 23:21:33 +03:00
logind: run with CAP_SYS_ADMIN
DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge set of actions, this mostly renders the restriction-set useless. Anyway, patches are already pending to reduce the restriction on the kernel side. But these won't really make it into any stable-release so for now we're stuck with CAP_SYS_ADMIN.
This commit is contained in:
parent
dfd552707d
commit
11c2f7a813
@ -18,7 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
|
||||
Restart=always
|
||||
RestartSec=0
|
||||
BusName=org.freedesktop.login1
|
||||
CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# logins since we keep one fd open per session.
|
||||
|
Loading…
Reference in New Issue
Block a user