summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLubomir Rintel <lkundrak@v3.sk>2015-04-13 19:46:59 +0200
committerLennart Poettering <lennart@poettering.net>2015-04-21 02:45:34 +0200
commit15d7b51724cc9775f03f2af4d3eec7f48f39f7de (patch)
treef6629f32d7a488e7a545ccc10ffda513bf7ed0dd
parent1db0db4b7f9c53f03efef2037ef6b0b384bfb248 (diff)
importd: add CAP_DAC_OVERRIDE capability
Fedora's filesystem package ships /usr/bin (and other directories) which are not writable by its owner. machinectl pull-dkr (and possibly others) are not able to extract those: 14182 mkdirat(3, "usr", 0700) = 0 14182 mkdirat(3, "usr/bin", 0500) = 0 14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied) ...
-rw-r--r--units/systemd-importd.service.in2
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index a540040bfb..80d97c8d9d 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,6 +12,6 @@ Documentation=man:systemd-importd.service(8)
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
NoNewPrivileges=yes
WatchdogSec=1min