Fedora's filesystem package ships /usr/bin (and other directories) which are not writable by its owner. machinectl pull-dkr (and possibly others) are not able to extract those:
14182 mkdirat(3, "usr", 0700) = 0 14182 mkdirat(3, "usr/bin", 0500) = 0 14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied) ... --- units/systemd-importd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index a540040..80d97c8 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -12,6 +12,6 @@ Documentation=man:systemd-importd.service(8) [Service] ExecStart=@rootlibexecdir@/systemd-importd BusName=org.freedesktop.import1 -CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE NoNewPrivileges=yes WatchdogSec=1min -- 2.1.0 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel