nspawn: fix --image= when nspawn is run as service

nspawn needs access to /dev/loop to implement --image=, hence grant that in the service file. Fixes #1446.
author: Lennart Poettering <lennart@poettering.net> 2015-10-03 11:23:52 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-10-03 11:23:52 +0200
commit: 988a47964283b6a72f5ce117f287ebeb12e26d2d (patch)
tree: a5000d3b3333ca9a36e994c7a42b9c6e827e92f1
parent: 8580d1f73db36e9383e674e388b4fb55828c0c66 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index 6b86e0a7f7..03349931d9 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
 DeviceAllow=/dev/pts/ptmx rw
 DeviceAllow=char-pts rw
 
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+
 [Install]
 WantedBy=machines.target
author	Lennart Poettering <lennart@poettering.net>	2015-10-03 11:23:52 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-10-03 11:23:52 +0200
commit	988a47964283b6a72f5ce117f287ebeb12e26d2d (patch)
tree	a5000d3b3333ca9a36e994c7a42b9c6e827e92f1
parent	8580d1f73db36e9383e674e388b4fb55828c0c66 (diff)