[systemd-devel] How to Restrict device in systemd?
Cameron Norman
camerontnorman at gmail.com
Tue Jun 3 23:41:43 PDT 2014
El Tue, 3 de Jun 2014 a las 11:18 PM, Mohit Agrawal
<moagrawa at redhat.com> escribió:
> Hi,
>
> I want to block the device through the systemd cgroup so I have
> created a below unit file
>
> [Unit]
> Description=mydevblock
> [Service]
> DeviceAllow=/dev/zero
> ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40
> Restart=always
> [Install]
> WantedBy=multi-user.target
>
>
> As per my understanding in this unit file I have allowed only
> /dev/zero device so dd command should not create the file_1
> successfully it should give the error .
>
I was under the impression that files that were not devices could be
accessed just fine. If you had the output file as /dev/foo, then I
would expect the command to fail, but this seems valid.
Best regards,
--
Cameron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140604/ec348838/attachment.html>
More information about the systemd-devel
mailing list