On Mon, 13.04.15 19:46, Lubomir Rintel (lkund...@v3.sk) wrote: > Fedora's filesystem package ships /usr/bin (and other directories) which are > not writable by its owner. machinectl pull-dkr (and possibly others) are not > able to extract those:
Thanks! Applied! > > 14182 mkdirat(3, "usr", 0700) = 0 > 14182 mkdirat(3, "usr/bin", 0500) = 0 > 14182 openat(3, "usr/bin/[", > O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES > (Permission denied) > ... > --- > units/systemd-importd.service.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/units/systemd-importd.service.in > b/units/systemd-importd.service.in > index a540040..80d97c8 100644 > --- a/units/systemd-importd.service.in > +++ b/units/systemd-importd.service.in > @@ -12,6 +12,6 @@ Documentation=man:systemd-importd.service(8) > [Service] > ExecStart=@rootlibexecdir@/systemd-importd > BusName=org.freedesktop.import1 > -CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP > CAP_SYS_ADMIN CAP_SETPCAP > +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP > CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE > NoNewPrivileges=yes > WatchdogSec=1min > -- > 2.1.0 > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
