nspawn: fix --image= when nspawn is run as service

nspawn needs access to /dev/loop to implement --image=, hence grant that in the service file. Fixes #1446.
2015-10-03 11:23:52 +02:00 · 2015-10-03 11:23:52 +02:00 · 988a479642
parent 8580d1f73d
commit 988a479642
1 changed files with 5 additions and 0 deletions
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
 DeviceAllow=/dev/pts/ptmx rw
 DeviceAllow=char-pts rw

+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+
 [Install]
 WantedBy=machines.target