core: fall back to bind-mounts for PrivateDevices= execution environments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hey,
Currently any service that has PrivateDevices=true set will fail to start in unprivileged containers since mknod is not possible and in privileged containers that drop CAP_MKNOD. I pushed a patch to systemd upstream that solves this problem and makes PrivateDevices useable in both scenarios. It would be great if this could be backported to Ubuntu 16.04 and 18.04. We already have a lot of users that would like this feature enabled/don't want to edit each service file:
16498617443da94
af984e137e7f53c
Thanks!
Christian
We just had a short discussion on systemd and for systemd 229 on 16.04 we also need:
9e5f825280192be 429cc79153235d1 2778427fae : https:/ /github. com/systemd/ systemd/ commit/ 9e5f825280192be 429cc79153235d1 2778427fae