On 01/26/15 23:46, Lennart Poettering wrote:
But independently of the PrivateDevices thing, would you think
tmpfiles.d could be extended to be usable for unit specific cases
instead of just one global setup? I think there could be more uses, for
example, creating directories and links inside a
On 01/26/15 21:04, Lennart Poettering wrote:
On Mon, 26.01.15 17:07, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only
On 01/27/15 20:52, Lennart Poettering wrote:
On Tue, 27.01.15 18:51, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 21:04, Lennart Poettering wrote:
On Mon, 26.01.15 17:07, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi
On 01/27/15 21:40, Lennart Poettering wrote:
On Tue, 27.01.15 21:38, Topi Miettinen (toiwo...@gmail.com) wrote:
CAP_SYS_RAWIO, yes. Only read access is needed otherwise:
DevicePolicy=closed
DeviceAllow=block-sd r
DeviceAllow=/dev/sda r
DeviceAllow=/dev/sdb r
works fine here.
You should
On Tue, 27.01.15 19:04, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 23:46, Lennart Poettering wrote:
But independently of the PrivateDevices thing, would you think
tmpfiles.d could be extended to be usable for unit specific cases
instead of just one global setup? I think there
On 01/27/15 20:48, Lennart Poettering wrote:
On Tue, 27.01.15 19:04, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 23:46, Lennart Poettering wrote:
But independently of the PrivateDevices thing, would you think
tmpfiles.d could be extended to be usable for unit specific cases
On Tue, 27.01.15 21:38, Topi Miettinen (toiwo...@gmail.com) wrote:
CAP_SYS_RAWIO, yes. Only read access is needed otherwise:
DevicePolicy=closed
DeviceAllow=block-sd r
DeviceAllow=/dev/sda r
DeviceAllow=/dev/sdb r
works fine here.
You should be able to reduce this to simply:
On Tue, 27.01.15 18:51, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 21:04, Lennart Poettering wrote:
On Mon, 26.01.15 17:07, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only
On Tue, 27.01.15 21:32, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/27/15 20:48, Lennart Poettering wrote:
On Tue, 27.01.15 19:04, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 23:46, Lennart Poettering wrote:
But independently of the PrivateDevices thing, would you think
On 01/27/15 21:35, Lennart Poettering wrote:
On Tue, 27.01.15 21:32, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/27/15 20:48, Lennart Poettering wrote:
On Tue, 27.01.15 19:04, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 23:46, Lennart Poettering wrote:
But independently of
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary filesystem changes, defeating any possible configurable
security mechanism.
If you give it access to /dev/sd* but not to
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*. It would be a bit complex to do this
without
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary filesystem changes, defeating any possible configurable
security mechanism.
On 01/26/15 16:13, Lennart Poettering wrote:
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*.
On Mon, 26.01.15 17:07, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary
On Mon, 26.01.15 17:25, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 16:13, Lennart Poettering wrote:
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*. It would be a bit complex to do this
without help of systemd, you would have to set up the private /dev
filesystem by
17 matches
Mail list logo
