nut: Set container_use_devices SELinux tunable

By default, the Fedora SELinux policy does not allow containers to access device nodes. This setting is independent of CGroup device rules.
2024-01-15 12:53:58 -06:00
parent 11f9957c11
commit 47278c01e5
1 changed files with 1 additions and 0 deletions
--- a/templates/nut/nut-server.container
+++ b/templates/nut/nut-server.container
@@ -20,6 +20,7 @@ Network=host
 PodmanArgs=--device-cgroup-rule 'c 189:* rw'

 [Service]
+ExecStartPre=/usr/sbin/setsebool container_use_devices=1
 ExecReload=podman exec systemd-%N upsd -c reload

 [Install]