You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.5 KiB
33 lines
1.5 KiB
From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001 |
|
From: Thomas Haller <thaller@redhat.com> |
|
Date: Fri, 2 Sep 2016 15:58:42 +0200 |
|
Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201) |
|
|
|
systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet. |
|
https://github.com/systemd/systemd/issues/1221 |
|
Thus it is all in one line. |
|
--- |
|
data/NetworkManager.service.in | 6 +++--- |
|
1 file changed, 3 insertions(+), 3 deletions(-) |
|
|
|
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in |
|
index ff90456ff..680b5889a 100644 |
|
--- a/data/NetworkManager.service.in |
|
+++ b/data/NetworkManager.service.in |
|
@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon |
|
Restart=on-failure |
|
# NM doesn't want systemd to kill its children for it |
|
KillMode=process |
|
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
|
+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
|
|
|
-# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN |
|
-#CapabilityBoundingSet=CAP_SYS_ADMIN |
|
+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201) |
|
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN |
|
|
|
ProtectSystem=true |
|
ProtectHome=read-only |
|
-- |
|
2.17.1 |
|
|
|
|