On 07/25/2013 02:00 PM, Lennart Poettering wrote: > On Wed, 24.07.13 18:41, Gerardo Exequiel Pozzi ([email protected]) > wrote: > > We generally try to make conditions specific to a feature rather than an > execution environment. Containers should run without CAP_MKMNOD, and as > udev originally was in the business of creating device nodes we hence > bound it to this capability. >
OK > Now, since very recently udev doesn'#t create a single device node > anymore (it's all done by the kernel in devtmpfs/container manager and > tmpfiles now), so it probably would make sense to change the capability > check, but certainly not remove it. (I'd vote by replacing it by > ConditionPathIsReadWrite=/sys since sane container managers mount that > read-only.) > Exactly. > Anyway, I don't get what you are trying to achieve by your patch please > elaborate. My thought was simple: "Hey! what is doing CAP_MKNOD here since is not needed anymore for udev, remove them!". Ok course, I did not think in containers, my bad. Anyway, this should be changed to something more "obvious" thing for testing about running environment. Q: If udev should not run in container why not udevd itself check about this? Thanks for your feedback. > >> Signed-off-by: Gerardo Exequiel Pozzi <[email protected]> >> --- >> units/systemd-udev-settle.service.in | 1 - >> units/systemd-udev-trigger.service.in | 1 - >> units/systemd-udevd-control.socket | 1 - >> units/systemd-udevd-kernel.socket | 1 - >> 4 files changed, 4 deletions(-) >> >> diff --git a/units/systemd-udev-settle.service.in >> b/units/systemd-udev-settle.service.in >> index 037dd9a..148aa9d 100644 >> --- a/units/systemd-udev-settle.service.in >> +++ b/units/systemd-udev-settle.service.in >> @@ -16,7 +16,6 @@ DefaultDependencies=no >> Wants=systemd-udevd.service >> After=systemd-udev-trigger.service >> Before=sysinit.target >> -ConditionCapability=CAP_MKNOD >> >> [Service] >> Type=oneshot >> diff --git a/units/systemd-udev-trigger.service.in >> b/units/systemd-udev-trigger.service.in >> index 604c369..ea3cb62 100644 >> --- a/units/systemd-udev-trigger.service.in >> +++ b/units/systemd-udev-trigger.service.in >> @@ -12,7 +12,6 @@ DefaultDependencies=no >> Wants=systemd-udevd.service >> After=systemd-udevd-kernel.socket systemd-udevd-control.socket >> Before=sysinit.target >> -ConditionCapability=CAP_MKNOD >> >> [Service] >> Type=oneshot >> diff --git a/units/systemd-udevd-control.socket >> b/units/systemd-udevd-control.socket >> index ca17102..12a66d2 100644 >> --- a/units/systemd-udevd-control.socket >> +++ b/units/systemd-udevd-control.socket >> @@ -10,7 +10,6 @@ Description=udev Control Socket >> Documentation=man:systemd-udevd.service(8) man:udev(7) >> DefaultDependencies=no >> Before=sockets.target >> -ConditionCapability=CAP_MKNOD >> >> [Socket] >> Service=systemd-udevd.service >> diff --git a/units/systemd-udevd-kernel.socket >> b/units/systemd-udevd-kernel.socket >> index 4b8a5b0..64e6f63 100644 >> --- a/units/systemd-udevd-kernel.socket >> +++ b/units/systemd-udevd-kernel.socket >> @@ -10,7 +10,6 @@ Description=udev Kernel Socket >> Documentation=man:systemd-udevd.service(8) man:udev(7) >> DefaultDependencies=no >> Before=sockets.target >> -ConditionCapability=CAP_MKNOD >> >> [Socket] >> Service=systemd-udevd.service > > > Lennart > -- Gerardo Exequiel Pozzi \cos^2\alpha + \sin^2\alpha = 1
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
