[systemd-devel] PrivateDevices= together with DevicePolicy=
Lennart Poettering
lennart at poettering.net
Mon Sep 10 19:57:27 UTC 2018
On Di, 21.08.18 09:57, Umut Tezduyar Lindskog (umut at tezduyar.com) wrote:
> Hi,
>
> I am turning on PrivateDevices and as a result getting a minimal /dev
> tree for my service. Then I would like to add some selected devices
> with DevicePolicy=auto & DeviceAllow=/dev/cam0. As a result, I don't
> see the device /dev/cam0 in the /dev tree and since the mount space is
> RO, I cannot create the device node either. However, the device cgroup
> has the right permissions.
>
> Could you please explain if this is the expected behaviour?
Yupp it is. Hmm, you should be able to make this work by using
BindPaths=/dev/cam0 however. IIRC we will apply this before making
/dev read-only, and thus should make the device available in your /dev
instance.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list