diff options
| author | Joachim Falk <joachim.falk@gmx.de> | 2022-12-05 15:52:53 -0500 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2022-12-05 15:59:13 -0500 |
| commit | ca5b0e7e4d41d93483427390d6d5e031b0b7c6af (patch) | |
| tree | e492f1d885f2900d7918bc412f73bf1624320236 | |
| parent | 9466df03394a48cc08aa4bcdcfda3fe6cd074468 (diff) | |
| download | nfs-utils-ca5b0e7e4d41d93483427390d6d5e031b0b7c6af.tar.gz | |
auth-rpcgss-module.service: Don't fail inside linux container.
Only try to load the auth_rpcgss kernel module if we are not executing
inside a Linux container. Otherwise, the auth-rpcgss-module service will
fail inside a Linux container as the loading of kernel modules is
forbidden for the container. Thus, the "/sbin/modprobe -q auth_rpcgss"
call will fail even if the auth_rpcgss kernel module is already loaded.
This situation occurs when the container host has already loaded the
auth_rpcgss kernel module to enable kerberized NFS service for its
containers. This behavior has been tested with kmod up to version
30+20220630-3 (current in bookworm as of 2022-09-20).
Bug-Debian: http://bugs.debian.org/985000
Discussion-Debian: https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/7
Signed-off-by: Joachim Falk <joachim.falk@gmx.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
| -rw-r--r-- | systemd/auth-rpcgss-module.service | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service index 4548283..25c9de8 100644 --- a/systemd/auth-rpcgss-module.service +++ b/systemd/auth-rpcgss-module.service @@ -10,6 +10,7 @@ DefaultDependencies=no Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service ConditionPathExists=/etc/krb5.keytab +ConditionVirtualization=!container [Service] Type=oneshot |