diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-12-18 16:45:20 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-12-18 18:21:27 +0100 |
commit | 74f9e0f20368116fe09f9bf0e5eb0aba08e6ee42 (patch) | |
tree | 9ef6a57705b5144fc0b6281726bd3edb7a4c83e1 /units | |
parent | 220ec97ad65150542bb9c8a1ba20b19ea0d49ff8 (diff) |
units: run systemd-networkd.service only if CAP_NET_ADMIN capability is around
This has the effect that systemd-networkd won't run in containers
without network namespacing wher CAP_NET_ADMIN is (usually) not
available. It will still run in containers with network namespacing on
(where CAP_NET_ADMIN is usually avilable).
We might remove this condition check again if networkd provides services
to apps that also are useful in containers lacking network namespacing,
however, as long as it doesn't it should be handled like udevd and be
excluded in such containers.
Diffstat (limited to 'units')
-rw-r--r-- | units/systemd-networkd.service.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 95205cdee9..c12f3983ea 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -11,6 +11,7 @@ Documentation=man:systemd-networkd.service(8) DefaultDependencies=no Before=network.target Wants=network.target +ConditionCapability=CAP_NET_ADMIN [Service] Type=notify |