units: disable /dev/hugepages in private user namespaces

keszybz · keszybz · commit 4bb30aeaf8e7 · 2016-10-26T20:12:52.000-04:00
The mount fails, even though CAP_SYS_ADMIN is granted.
diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount
@@ -13,6 +13,7 @@ DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/sys/kernel/mm/hugepages
 ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
 
 [Mount]
 What=hugetlbfs
