Work around systemd cap

vaeth · Oct 22, 2016 · 0b60f25 · 0b60f25
1 parent 94ef175
commit 0b60f25
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,9 @@
 # ChangeLog for squashmount
 
+*squashmount-15.4.0_p1
+	Martin Väth <martin at mvath.de>:
+	- Work around systemd cap https://github.com/vaeth/squashmount/issues/7
+
 *squashmount-15.4.0
 	Martin Väth <martin at mvath.de>:
 	- Honour BLOCKSIZE for files in DIFF

diff --git a/systemd/system/squashmount.service b/systemd/system/squashmount.service
@@ -7,10 +7,7 @@ After=local-fs.target systemd-tmpfiles-setup.service
 # long timeout in /etc/systemd/system/squashmount.service.d/timeout.conf
 TimeoutStopSec=1800
 Type=oneshot
-CapabilityBoundingSet=
-CapabilityBoundingSet=CAP_SYS_ADMIN
-CapabilityBoundingSet=CAP_CHOWN
-CapabilityBoundingSet=CAP_SYS_MODULE
+CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_SYS_ADMIN CAP_SYS_MODULE
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateNetwork=true