From 773ce3d89c25aa51b0fe9085bd0eb7ba5e50508b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 28 Apr 2015 20:46:03 +0200
Subject: nspawn: make sure we install the device policy if nspawn is run as
 unit as on the command line

---
 src/nspawn/nspawn.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/nspawn')

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index f43ffd97c5..29652e00e5 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2014,6 +2014,10 @@ static int register_machine(pid_t pid, int local_ifindex) {
                 if (r < 0)
                         return bus_log_create_error(r);
 
+                /* If you make changes here, also make sure to update
+                 * systemd-nspawn@.service, to keep the device
+                 * policies in sync regardless if we are run with or
+                 * without the --keep-unit switch. */
                 r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
                                           /* Allow the container to
                                            * access and create the API
-- 
cgit v1.2.3-54-g00ecf