From: Guillaume Douézan-Grard <gdouezangrard@gmail.com>
Date: Sun, 1 Mar 2020 20:43:24 +0000 (+0100)
Subject: units: disable ProtectKernelLogs for machined
X-Git-Tag: v245-rc2~10
X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=f4665664c4ff69a3666fabc220535fced1544fa8;p=systemd%2F.git

units: disable ProtectKernelLogs for machined

machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.

Closes #14559.
---

diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index fa344d487d..3db0281f81 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -24,7 +24,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectHostname=yes
-ProtectKernelLogs=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 RestrictRealtime=yes
 SystemCallArchitectures=native