internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

infra/image/shdefaults: Add capability SYS_ADMIN for systemd 258

Browse Source 
Fedora 43 and 44 switched to systemd 258 rc4. The dbus-broker service
of systemd 258 does not start any more without enabling the capability
SYS_ADMIN.

The capabilities AUDIT_WRITE, SETUID and SETGID should be enough, but
they are not sufficient to be able to start the service.

With final systemd 258 it should be tested if the capability can be
removed again.
This commit is contained in:
Thomas Woerner
2025-09-16 11:12:37 +02:00
parent e24340447d
commit 0e748d372a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/image/shdefaults
View File

@@ -6,4 +6,6 @@
CAP_DEFAULTS=(
"+DAC_READ_SEARCH" # Required for SSSD
"+SYS_PTRACE" # Required for debugging
"+SYS_ADMIN" # Required to make dbus-brokder for systemd 258 work
# Should be "+AUDIT_WRITE", "+SETUID", "+SETGID"
)