Bug 1409586
Summary: | Cannot modify CapabilityBoundingSet in drop-in file | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Laurent Bigonville <bigon> |
Component: | systemd | Assignee: | Lukáš Nykrýn <lnykryn> |
Status: | CLOSED ERRATA | QA Contact: | Branislav Blaškovič <bblaskov> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | bblaskov, carroarmato0, fsumsal, mscherer, systemd-maint-list |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | systemd-219-31.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 09:12:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1383699, 1393867, 1400961 |
Description
Laurent Bigonville
2017-01-02 14:39:22 UTC
Looks like https://github.com/systemd/systemd/issues/1221 We should look to these upstream patches and backport them if necessary. cf677fe core/execute: add the magic character '!' to allow privileged execution (#3493) 661b37b core: fix capability bounding set parsing b9d345b core: fix CapabilityBoundingSet merging
> cf677fe core/execute: add the magic character '!' to allow privileged
> execution (#3493)
Probably not this one.
Same problem with: # /etc/systemd/system/collectd.service.d/capabilities.conf [Service] CapabilityBoundingSet= CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN *** Bug 1381057 has been marked as a duplicate of this bug. *** fix merged to upstream staging branch -> https://github.com/lnykryn/systemd-rhel/commit/13b70c13553c94c444f149bd086bd3e8d9cc39b6 https://github.com/lnykryn/systemd-rhel/commit/5c7d92d36bd1b608ccba0adc3fdc5446e6575623 -> post Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2297 |