Hi,
I want to block the device through the systemd cgroup so I have created a below
unit file
[Unit]
Description=mydevblock
[Service]
DeviceAllow=/dev/zero
ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40
Restart=always
[Install]
WantedBy=multi-user.target
As per my
El Tue, 3 de Jun 2014 a las 11:18 PM, Mohit Agrawal
moagr...@redhat.com escribió:
Hi,
I want to block the device through the systemd cgroup so I have
created a below unit file
[Unit]
Description=mydevblock
[Service]
DeviceAllow=/dev/zero
ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1
First of all, according to docs, `DeviceAllow` syntax is somewhat different
from what you have.
Second, you might want to check `DevicePolicy`, as now your unit has access
not only to `/dev/zero`, but also to four other devices.
And hm, I thought, those directives control access to device nodes.
Hi Kirill,
Thanks for your valuable reply.As per man page DeviceAllow(Use to control
access to specific device nodes by the executed process,This also controls the
devices.allow and devices.deny both My query is how it is controls the
device.deny),I am assuming after update DevicePolicy to
Well, first of all, your `DeviceAllow` syntax is still wrong. “Takes two
space-separated strings: a device node path (such as /dev/null) followed by
a combination of r, w, m”.
But that's not the main issue here. The main issue here is that
devices.allow and devices.deny control access to
Here is a proof that this kind of limiting for devices actually works. This
service is trying to read the first byte of `/dev/sda1` but is allowed to
access `/dev/zero` only:
~~~
[Unit]
Description=test
[Service]
Type=oneshot
ExecStart=/bin/head /dev/sda1 -c 1
DeviceAllow=/dev/zero r
Hi,
Thanks to share the example of unit file,now query is resolved.
Regards
Mohit Agrawal
- Original Message -
From: Kirill Elagin kirela...@gmail.com
To: Mohit Agrawal moagr...@redhat.com
Cc: systemd Mailing List systemd-devel@lists.freedesktop.org
Sent: Wednesday, June 4, 2014
505f8da7325 left link-mac uninitialized, causing MACAddress based
[Match] sections to fail to match anything.
https://bugs.freedesktop.org/show_bug.cgi?id=79638
---
src/network/networkd-link.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git
On Wed, 04.06.14 13:48, Dave Reisner (dreis...@archlinux.org) wrote:
505f8da7325 left link-mac uninitialized, causing MACAddress based
[Match] sections to fail to match anything.
https://bugs.freedesktop.org/show_bug.cgi?id=79638
---
src/network/networkd-link.c | 12 +++-
1 file
On Wed, Jun 04, 2014 at 08:22:11PM +0200, Lennart Poettering wrote:
On Wed, 04.06.14 13:48, Dave Reisner (dreis...@archlinux.org) wrote:
505f8da7325 left link-mac uninitialized, causing MACAddress based
[Match] sections to fail to match anything.
On Wed, Jun 4, 2014 at 7:48 PM, Dave Reisner dreis...@archlinux.org wrote:
505f8da7325 left link-mac uninitialized, causing MACAddress based
[Match] sections to fail to match anything.
https://bugs.freedesktop.org/show_bug.cgi?id=79638
Thanks for the report and the patch.
I'd much prefer if
On Wed, Jun 04, 2014 at 09:33:12PM +0200, Tom Gundersen wrote:
On Wed, Jun 4, 2014 at 7:48 PM, Dave Reisner dreis...@archlinux.org wrote:
505f8da7325 left link-mac uninitialized, causing MACAddress based
[Match] sections to fail to match anything.
Systemd-backlight can not set keyboard backlight level to 0 due to
clamp_brightness.
I found report for this, https://bugs.freedesktop.org/show_bug.cgi?id=77092
, and it has patch attached. Josh Triplett j...@joshtriplett.org reviewed
that patch and said that it looks good, but he would rather
From: Thomas Hindoe Paaboel Andersen pho...@gmail.com
The return value from udev_enumerate_scan_devices was stored but
never used. I assume this was meant to be checked.
---
src/udev/udevd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index
Commit 235c6e628199221b7885f159367614b7105547cf
build-sys: accommodate gcc-4.9.0 link-time optimization (LTO) changes
systemd fails to build (symbols not found/resolved during cgls link
step)
under gcc-4.9.0 due to link-time optimization (lto) changes, in
particular
from
Should upstream packages and distributions use Restart=on-failure in
their default configuration unless there are package-specific reasons to
not do this?
--
ciao,
Marco
signature.asc
Description: Digital signature
___
systemd-devel mailing list
On Sun, Jun 01, 2014 at 08:15:47AM +0200, Lennart Poettering wrote:
On Fri, 30.05.14 01:29, Luis R. Rodriguez (mcg...@suse.com) wrote:
I'm cc'ing a few security folks as I'd appreciate review on the ideas here,
in particular that of a launcher idea on system to replace alternatives on
On Wed, Jun 4, 2014 at 5:31 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Sun, Jun 01, 2014 at 08:15:47AM +0200, Lennart Poettering wrote:
On Fri, 30.05.14 01:29, Luis R. Rodriguez (mcg...@suse.com) wrote:
I'm cc'ing a few security folks as I'd appreciate review on the ideas here,
in
18 matches
Mail list logo