[systemd-devel] [PATCH] Drop ConditionCapability=CAP_MKNOD from *udev* units
Lennart Poettering
lennart at poettering.net
Thu Jul 25 10:06:39 PDT 2013
On Thu, 25.07.13 10:45, Thomas Bächler (thomas at archlinux.org) wrote:
> Am 25.07.2013 10:18, schrieb Frederic Crozat:
> > Le mercredi 24 juillet 2013 à 18:41 -0300, Gerardo Exequiel Pozzi a
> > écrit :
> >> Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386 at yahoo.com.ar>
> >> ---
> >> units/systemd-udev-settle.service.in | 1 -
> >> units/systemd-udev-trigger.service.in | 1 -
> >> units/systemd-udevd-control.socket | 1 -
> >> units/systemd-udevd-kernel.socket | 1 -
> >> 4 files changed, 4 deletions(-)
> >
> > What do you expect to fix with this patch ?
> >
> > This will just break distro containers (nspawn / lxc) since it will
> > cause udev to be started there.
>
> If these units should not be started in containers, this should be
> reflected with ConditionVirtualization. ConditionCapability is not
> related to containers at all.
CAP_MKNOD certainly is related to containers. It's generally available
on hosts but not in containers.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list