Updated haveged.service to allow chroot when included in initramfsv1.9.14

author: Jirka Hladky <jhladky@redhat.com> 2021-01-03 00:26:40 +0100
committer: Jirka Hladky <jhladky@redhat.com> 2021-01-03 00:26:40 +0100
commit: 4da3080ad4587860e5da73072d6ed54d0052938c (patch)
tree: b67952daab2d78e87c103ed10ece33ad6a9a2167 /contrib
parent: Fixed path to haveged in Fedora rpm spec files (diff)
download: haveged-4da3080ad4587860e5da73072d6ed54d0052938c.tar.xz
haveged-4da3080ad4587860e5da73072d6ed54d0052938c.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service
index 6217765..abb9cfc 100644
--- a/contrib/Fedora/haveged.service
+++ b/contrib/Fedora/haveged.service
@@ -11,11 +11,12 @@ Restart=always
 SuccessExitStatus=137 143
 
 SecureBits=noroot-locked
-CapabilityBoundingSet=CAP_SYS_ADMIN
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
 # We can *not* set PrivateTmp=true as it can cause an ordering cycle.
 PrivateTmp=false
 PrivateDevices=true
-PrivateNetwork=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
+#PrivateNetwork=true
 ProtectSystem=full
 ProtectHome=true
 ProtectHostname=true
author	Jirka Hladky <jhladky@redhat.com>	2021-01-03 00:26:40 +0100
committer	Jirka Hladky <jhladky@redhat.com>	2021-01-03 00:26:40 +0100
commit	4da3080ad4587860e5da73072d6ed54d0052938c (patch)
tree	b67952daab2d78e87c103ed10ece33ad6a9a2167 /contrib
parent	Fixed path to haveged in Fedora rpm spec files (diff)
download	haveged-4da3080ad4587860e5da73072d6ed54d0052938c.tar.xz haveged-4da3080ad4587860e5da73072d6ed54d0052938c.zip