From: Jim Fehlig <jfehlig@suse.com> Switch to using systemd's native UMask= directive, instead of using umask directly in ExecStart=. Signed-off-by: Jim Fehlig <jfehlig@suse.com> --- src/secret/virt-secret-init-encryption.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/secret/virt-secret-init-encryption.service.in b/src/secret/virt-secret-init-encryption.service.in index 8fd54002a0..5cf4149188 100644 --- a/src/secret/virt-secret-init-encryption.service.in +++ b/src/secret/virt-secret-init-encryption.service.in @@ -5,4 +5,5 @@ ConditionPathExists=!@localstatedir@/lib/libvirt/secrets/secrets-encryption-key [Service] Type=oneshot -ExecStart=/usr/bin/sh -c 'umask 0077 && (dd if=/dev/random status=none bs=32 count=1 | systemd-creds encrypt --name=secrets-encryption-key - @localstatedir@/lib/libvirt/secrets/secrets-encryption-key)' +UMask=0077 +ExecStart=/usr/bin/sh -c 'dd if=/dev/random status=none bs=32 count=1 | systemd-creds encrypt --name=secrets-encryption-key - @localstatedir@/lib/libvirt/secrets/secrets-encryption-key' -- 2.51.0