Hello, It would be useful to be able to use PrivateDevices with additional devices to the basic set (null, zero, urandom etc). For example, smartd only needs access to /dev/sd*. It would be a bit complex to do this without help of systemd, you would have to set up the private /dev filesystem by hand before starting the daemon.
How about this: When PrivateDevices is enabled (perhaps with a new extended mode like PrivateDevices=Auto?), any DeviceAllow directives would automatically append the device in question to the list of devices to be copied to the private /dev. The list of devices could be stated with a new directive instead (CopyDevices=/dev/sda /dev/sdb). Or perhaps tmpfiles.d should be extended instead, that would allow more actions than just device setup? For example, unit files could point to a tmpfiles.d directory or file that will be processed inside the unit container before the unit is executed? -Topi _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
