nspawn: make sure we install the device policy if nspawn is run as unit as on the command line

author: Lennart Poettering <lennart@poettering.net> 2015-04-28 20:46:03 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-04-28 21:34:23 +0200
commit: 773ce3d89c25aa51b0fe9085bd0eb7ba5e50508b (patch)
tree: 8269eb32c9b9a9be39b72842224b9f20ed5eaa08 /src/nspawn
parent: a509f0e631b12cfec6aafe4d152532109082efc9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index f43ffd97c5..29652e00e5 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2014,6 +2014,10 @@ static int register_machine(pid_t pid, int local_ifindex) {
                 if (r < 0)
                         return bus_log_create_error(r);
 
+                /* If you make changes here, also make sure to update
+                 * systemd-nspawn@.service, to keep the device
+                 * policies in sync regardless if we are run with or
+                 * without the --keep-unit switch. */
                 r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
                                           /* Allow the container to
                                            * access and create the API
author	Lennart Poettering <lennart@poettering.net>	2015-04-28 20:46:03 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-04-28 21:34:23 +0200
commit	773ce3d89c25aa51b0fe9085bd0eb7ba5e50508b (patch)
tree	8269eb32c9b9a9be39b72842224b9f20ed5eaa08 /src/nspawn
parent	a509f0e631b12cfec6aafe4d152532109082efc9 (diff)