From 0b60f25513c0c5854d1e9ef0ab1fcae149c3cf14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20V=C3=A4th?= Date: Sat, 22 Oct 2016 17:01:14 +0200 Subject: [PATCH] Work around systemd cap --- ChangeLog | 4 ++++ systemd/system/squashmount.service | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0996042..58220e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ # ChangeLog for squashmount +*squashmount-15.4.0_p1 + Martin Väth : + - Work around systemd cap https://github.com/vaeth/squashmount/issues/7 + *squashmount-15.4.0 Martin Väth : - Honour BLOCKSIZE for files in DIFF diff --git a/systemd/system/squashmount.service b/systemd/system/squashmount.service index 1552a2c..e81f399 100644 --- a/systemd/system/squashmount.service +++ b/systemd/system/squashmount.service @@ -7,10 +7,7 @@ After=local-fs.target systemd-tmpfiles-setup.service # long timeout in /etc/systemd/system/squashmount.service.d/timeout.conf TimeoutStopSec=1800 Type=oneshot -CapabilityBoundingSet= -CapabilityBoundingSet=CAP_SYS_ADMIN -CapabilityBoundingSet=CAP_CHOWN -CapabilityBoundingSet=CAP_SYS_MODULE +CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_SYS_ADMIN CAP_SYS_MODULE MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateNetwork=true