[systemd-devel] PrivateDevices with more than basic set of devices?
Topi Miettinen
toiwoton at gmail.com
Sat Jan 24 02:09:17 PST 2015
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*. It would be a bit complex to do this
without help of systemd, you would have to set up the private /dev
filesystem by hand before starting the daemon.
How about this: When PrivateDevices is enabled (perhaps with a new
extended mode like PrivateDevices=Auto?), any DeviceAllow directives
would automatically append the device in question to the list of devices
to be copied to the private /dev. The list of devices could be stated
with a new directive instead (CopyDevices=/dev/sda /dev/sdb).
Or perhaps tmpfiles.d should be extended instead, that would allow more
actions than just device setup? For example, unit files could point to a
tmpfiles.d directory or file that will be processed inside the unit
container before the unit is executed?
-Topi
More information about the systemd-devel
mailing list