On Tue, 09.12.14 18:26, Lennart Poettering (lenn...@poettering.net) wrote: Przemyslaw,
> > +++ b/units/u...@.service.m4.in > > @@ -0,0 +1,23 @@ > > +# This file is part of systemd. > > +# > > +# systemd is free software; you can redistribute it and/or modify it > > +# under the terms of the GNU Lesser General Public License as published by > > +# the Free Software Foundation; either version 2.1 of the License, or > > +# (at your option) any later version. > > + > > +[Unit] > > +Description=User Manager for UID %i > > +After=systemd-user-sessions.service > > + > > +[Service] > > +User=%i > > +PAMName=systemd-user > > +Type=notify > > +ExecStart=-@rootlibexecdir@/systemd --user > > +Slice=user-%i.slice > > +KillMode=mixed > > +Delegate=yes > > +m4_ifdef(`HAVE_SMACK', > > +Capabilities=cap_mac_admin=i > > +SecureBits=keep-caps > > +) I have reverted the last bit above again, since it broke bootups in nspawn machines. I figure the CAP_MAC_ADMIN capability is missing from the bounding set in an nspawn, and that breaks the caps logic here. We should find another solution for this. I wanted to get 218 out of the door, hence I reverted this bit for now, but we really should fine a longer term solution for this. I build systemd with SMACK on, but turned off in the kernel. Any suggestions what we can do here? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel