On Tue, 27.01.15 21:38, Topi Miettinen ([email protected]) wrote: > >> CAP_SYS_RAWIO, yes. Only read access is needed otherwise: > >> DevicePolicy=closed > >> DeviceAllow=block-sd r > >> DeviceAllow=/dev/sda r > >> DeviceAllow=/dev/sdb r > >> works fine here. > > > > You should be able to reduce this to simply: > > > > DeviceAllow=block-sd r > > > > This should suffic since DevicePolicy=closed is implied if there's at > > least one DeviceAllow= specified. And "DeviceAllow=block-sd r" enables > > access to all /dev/sd* access, which includes /dev/sda and /dev/sdb, > > of course. > > In general yes, but I didn't want to allow SMART requests to /dev/sdc, > it's a DVD-ROM drive and there are useless errors if accessed with > SMART.
Well, don't you just get a different error then? That said, if this is really what you want, then you should really remove the "DeviceAllow=block-sd r" line, since that opens up access to /dev/sdc, too... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
