From 4bb30aeaf8e756b20d66e13af2eac0c5a30b01fa Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Fri, 21 Oct 2016 23:00:38 -0400
Subject: units: disable /dev/hugepages in private user namespaces

The mount fails, even though CAP_SYS_ADMIN is granted.
---
 units/dev-hugepages.mount | 1 +
 1 file changed, 1 insertion(+)

(limited to 'units')

diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount
index 882adb4545..489cc777e4 100644
--- a/units/dev-hugepages.mount
+++ b/units/dev-hugepages.mount
@@ -13,6 +13,7 @@ DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/sys/kernel/mm/hugepages
 ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
 
 [Mount]
 What=hugetlbfs
-- 
cgit v1.2.3-54-g00ecf