mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
0e748d372a
Fedora 43 and 44 switched to systemd 258 rc4. The dbus-broker service of systemd 258 does not start any more without enabling the capability SYS_ADMIN. The capabilities AUDIT_WRITE, SETUID and SETGID should be enough, but they are not sufficient to be able to start the service. With final systemd 258 it should be tested if the capability can be removed again.
12 lines
455 B
Bash
12 lines
455 B
Bash
#!/bin/bash -eu
|
|
# This file is meant to be source'd by other scripts
|
|
|
|
# Set default capabilities options for freeipa containers.
|
|
# Use +CAP to add the capability and -CAP to drop the capability.
|
|
CAP_DEFAULTS=(
|
|
"+DAC_READ_SEARCH" # Required for SSSD
|
|
"+SYS_PTRACE" # Required for debugging
|
|
"+SYS_ADMIN" # Required to make dbus-brokder for systemd 258 work
|
|
# Should be "+AUDIT_WRITE", "+SETUID", "+SETGID"
|
|
)
|