[systemd-devel] How to Restrict device in systemd?
Mohit Agrawal
moagrawa at redhat.com
Tue Jun 3 23:18:34 PDT 2014
Hi,
I want to block the device through the systemd cgroup so I have created a below unit file
[Unit]
Description=mydevblock
[Service]
DeviceAllow=/dev/zero
ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40
Restart=always
[Install]
WantedBy=multi-user.target
As per my understanding in this unit file I have allowed only /dev/zero device so dd command should not create the file_1 successfully it should give the error .
systemctl start mydevblock.service
Below is the status after start the service and file_1 is successfully created
[host-name ~]# systemctl status mydevblock.service
● mydev.service - mydevblock
Loaded: loaded (/etc/systemd/system/mydev.service; disabled)
Active: failed (Result: start-limit) since Wed 2014-06-04 11:32:24 IST; 831ms ago
Process: 27800 ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40 (code=exited, status=0/SUCCESS)
Main PID: 27800 (code=exited, status=0/SUCCESS)
Jun 04 11:32:24 <host-name> systemd[1]: mydev.service holdoff time over, scheduling restart.
Jun 04 11:32:24 <host-name> systemd[1]: Stopping mydevblock...
Jun 04 11:32:24 <host-name> systemd[1]: Starting mydevblock...
Jun 04 11:32:24 <host-name> sytemd[1]: mydev.service start request repeated too quickly, refusing to start.
Jun 04 11:32:24 <host-name> systemd[1]: Failed to start mydevblock.
Jun 04 11:32:24 <host-name> systemd[1]: Unit mydev.service entered failed state.
[host-name> ~]# ls -lrt
-rw-r--r--. 1 root root 41943040 Jun 4 11:32 file_1
Can someone reply why file_1 is created successfully?
Do anyone have idea how can i put the restriction on device?
Appreciate your inputs on this.
Regards
Mohit Agrawal
More information about the systemd-devel
mailing list