Add SETPCAP and AUDIT_WRITE capabilities to default set
This is an on-going effort to make Fedora 15/16 systemd work inside an
OpenVZ container.
SETPCAP: Some services can't be started, because systemd can't set
securebits flags.
[ 3637.944447] <29>systemd[1]: systemd-logger.service: main process exited, code=exited, status=218
Starting with kernel 2.6.26, and with a kernel in which file capabilities
are enabled, Linux implements a set of per-thread securebits flags that
can be used to disable special handling of capabilities for UID 0 (root).
It allows to retain its capabilities when it switches all of its UIDs
to a non-zero value. You can get more info from man capabilities.
AUDIT_WRITE: needed for non-root apps that want to set audit messages.
SETVEID: this is and obsoleted flag not used by OpenVZ kernels anymore,
so we just remove it. Yes incidentally it was using the same number as
AUDIT_WRITE.
Somewhat related to http://bugzilla.openvz.org/1911
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
1 file changed