systemd/0007-units-conditionalize-static-device-node-logic-on-CAP.patch

From fce5e80589911d813dd13d1d0d64df96e0ab7939 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 4 Jul 2014 03:07:20 +0200
Subject: [PATCH] units: conditionalize static device node logic on
 CAP_SYS_MODULES instead of CAP_MKNOD

npsawn containers generally have CAP_MKNOD, since this is required
to make PrviateDevices= work. Thus, it's not useful anymore to
conditionalize the kmod static device node units.

Use CAP_SYS_MODULES instead which is not available for nspawn
containers. However, the static device node logic is only done for being
able to autoload modules with it, and if we can't do that there's no
point in doing it.

(cherry picked from commit e0c74691c41a204eba2fd5f39615049fc9ff1648)
---
 units/kmod-static-nodes.service.in          | 2 +-
 units/systemd-tmpfiles-setup-dev.service.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
index 368f980fd1..0934a8751f 100644
--- a/units/kmod-static-nodes.service.in
+++ b/units/kmod-static-nodes.service.in
@@ -9,7 +9,7 @@
 Description=Create list of required static device nodes for the current kernel
 DefaultDependencies=no
 Before=sysinit.target systemd-tmpfiles-setup-dev.service
-ConditionCapability=CAP_MKNOD
+ConditionCapability=CAP_SYS_MODULE
 ConditionPathExists=/lib/modules/%v/modules.devname
 
 [Service]
diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in
index b9cfc53bd1..06346d3b7c 100644
--- a/units/systemd-tmpfiles-setup-dev.service.in
+++ b/units/systemd-tmpfiles-setup-dev.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service
 Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target
-ConditionCapability=CAP_MKNOD
+ConditionCapability=CAP_SYS_MODULE
 
 [Service]
 Type=oneshot
Pull bugfixes and some small features from upstream 2014-07-19 18:38:18 +00:00			`From fce5e80589911d813dd13d1d0d64df96e0ab7939 Mon Sep 17 00:00:00 2001`
			`From: Lennart Poettering <lennart@poettering.net>`
			`Date: Fri, 4 Jul 2014 03:07:20 +0200`
			`Subject: [PATCH] units: conditionalize static device node logic on`
			`CAP_SYS_MODULES instead of CAP_MKNOD`

			`npsawn containers generally have CAP_MKNOD, since this is required`
			`to make PrviateDevices= work. Thus, it's not useful anymore to`
			`conditionalize the kmod static device node units.`

			`Use CAP_SYS_MODULES instead which is not available for nspawn`
			`containers. However, the static device node logic is only done for being`
			`able to autoload modules with it, and if we can't do that there's no`
			`point in doing it.`

			`(cherry picked from commit e0c74691c41a204eba2fd5f39615049fc9ff1648)`
			`---`
			`units/kmod-static-nodes.service.in \| 2 +-`
			`units/systemd-tmpfiles-setup-dev.service.in \| 2 +-`
			`2 files changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in`
			`index 368f980fd1..0934a8751f 100644`
			`--- a/units/kmod-static-nodes.service.in`
			`+++ b/units/kmod-static-nodes.service.in`
			`@@ -9,7 +9,7 @@`
			`Description=Create list of required static device nodes for the current kernel`
			`DefaultDependencies=no`
			`Before=sysinit.target systemd-tmpfiles-setup-dev.service`
			`-ConditionCapability=CAP_MKNOD`
			`+ConditionCapability=CAP_SYS_MODULE`
			`ConditionPathExists=/lib/modules/%v/modules.devname`

			`[Service]`
			`diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in`
			`index b9cfc53bd1..06346d3b7c 100644`
			`--- a/units/systemd-tmpfiles-setup-dev.service.in`
			`+++ b/units/systemd-tmpfiles-setup-dev.service.in`
			`@@ -12,7 +12,7 @@ DefaultDependencies=no`
			`Conflicts=shutdown.target`
			`After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-sysusers.service`
			`Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target`
			`-ConditionCapability=CAP_MKNOD`
			`+ConditionCapability=CAP_SYS_MODULE`

			`[Service]`
			`Type=oneshot`