recipes-extended/libvirt: remove ProtectKernelModules

libvirt need to access to the modules.alias file. The ProtectKernelModules block this access and prevent libvirt to start VMs. Remove the ProtectKernelModules option from the libvirtd.service file. The module loading is already protected by the seccomp profile. Signed-off-by: Mathieu Dupré <[email protected]>
seapath · Dec 4, 2024 · eaae465 · eaae465
1 parent 0f2503d
commit eaae465
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/recipes-extended/libvirt/files/libvirtd.service.fragment b/recipes-extended/libvirt/files/libvirtd.service.fragment
@@ -7,7 +7,6 @@ EnvironmentFile=/etc/sysconfig/libvirtd
 # Sandboxing
 PrivateTmp=yes
 NoNewPrivileges=true
-ProtectKernelModules=yes
 ProtectKernelTunables=no
 ProtectControlGroups=no
 RestrictSUIDSGID=true