[systemd-devel] [PATCH] Drop ConditionCapability=CAP_MKNOD from *udev* units
Kay Sievers
kay at vrfy.org
Thu Jul 25 16:47:07 PDT 2013
On Fri, Jul 26, 2013 at 12:19 AM, Gerardo Exequiel Pozzi
<vmlinuz386 at yahoo.com.ar> wrote:
>> Anyway, I don't get what you are trying to achieve by your patch please
>> elaborate.
>
> My thought was simple: "Hey! what is doing CAP_MKNOD here since is not
> needed anymore for udev, remove them!". Ok course, I did not think in
> containers, my bad.
Note, that you did not remove/dropped the given CAP, you removed the
*match* on the existence of it.
It's not needed, but after removing the match, it will still have the CAP. :)
> Anyway, this should be changed to something more "obvious" thing for
> testing about running environment.
>
> Q: If udev should not run in container why not udevd itself check about
> this?
It does exactly that, I think.
Kay
More information about the systemd-devel
mailing list