Lennart Poettering fa229d0928 units: conditionalize configfs and debugfs with CAP_SYS_RAWIO ...

We really don't want these in containers as they provide a too lowlevel
look on the system.

Conditionalize them with CAP_SYS_RAWIO since that's required to access
/proc/kcore, /dev/kmem and similar, which feel similar in style. Also,
npsawn containers lack that capability.

2014-07-04 03:24:42 +02:00

662 B

Raw Blame History

View Raw