mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
units: include DM devices in DeviceAllow fpor systemd-nspawn@.service
We need it to make LUKS devices work. Fixes: #6525
This commit is contained in:
parent
715cbb81ee
commit
3982becc92
@ -23,18 +23,23 @@ Slice=machine.slice
|
||||
Delegate=yes
|
||||
TasksMax=16384
|
||||
|
||||
## Enforce a strict device policy, similar to the one nspawn configures
|
||||
## when it allocates its own scope unit. Make sure to keep these
|
||||
## policies in sync if you change them!
|
||||
# Enforce a strict device policy, similar to the one nspawn configures when it
|
||||
# allocates its own scope unit. Make sure to keep these policies in sync if you
|
||||
# change them!
|
||||
DevicePolicy=closed
|
||||
DeviceAllow=/dev/net/tun rwm
|
||||
DeviceAllow=char-pts rw
|
||||
|
||||
# nspawn itself needs access to /dev/loop-control and /dev/loop, to
|
||||
# implement the --image= option. Add these here, too.
|
||||
# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement
|
||||
# the --image= option. Add these here, too.
|
||||
DeviceAllow=/dev/loop-control rw
|
||||
DeviceAllow=block-loop rw
|
||||
DeviceAllow=block-blkext rw
|
||||
|
||||
# nspawn can set up LUKS encrypted loopback files, in which case it needs
|
||||
# access to /dev/mapper/control and the block devices /dev/mapper/*.
|
||||
DeviceAllow=/dev/mapper/control rw
|
||||
DeviceAllow=block-device-mapper rw
|
||||
|
||||
[Install]
|
||||
WantedBy=machines.target
|
||||
|
Loading…
Reference in New Issue
Block a user