shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-22 22:03:43 +03:00
Code

importd: add CAP_DAC_OVERRIDE capability

Browse Source 
Fedora's filesystem package ships /usr/bin (and other directories) which are
not writable by its owner. machinectl pull-dkr (and possibly others) are not
able to extract those:

  14182 mkdirat(3, "usr", 0700)           = 0
  14182 mkdirat(3, "usr/bin", 0500)       = 0
  14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied)
  ...
This commit is contained in:
Lubomir Rintel 2015-04-13 19:46:59 +02:00 committed by Lennart Poettering
parent 1db0db4b7f
commit 15d7b51724
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
units/systemd-importd.service.in
View File

@ -12,6 +12,6 @@ Documentation=man:systemd-importd.service(8)
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
NoNewPrivileges=yes
WatchdogSec=1min