diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-07-23 13:28:44 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-07-23 13:30:56 +0200 |
commit | 00d85bbb608a0a9b098b606dddb499e868c2dc1e (patch) | |
tree | cd67fea79700e99cd3c4b6f26513f6b21055b795 /man | |
parent | 11aa16bb359ded91d68ff5f48fecfafa2a15d3b0 (diff) | |
download | systemd-00d85bbb608a0a9b098b606dddb499e868c2dc1e.tar.gz |
man: document the modprobe hack for DeviceAllow=
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd.resource-control.xml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index e7b5dfbce6..1b5ac3e8e4 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -686,6 +686,18 @@ TTYs and all ALSA sound devices, respectively. <literal>char-cpu/*</literal> is a specifier matching all CPU related device groups.</para> + + <para>Note that whitelists defined this way should only reference device groups which are + resolvable at the time the unit is started. Any device groups not resolvable then are not added to + the device whitelist. In order to work around this limitation, consider extending service units + with an <command>ExecStartPre=/sbin/modprobe…</command> line that loads the necessary + kernel module implementing the device group if missing. Example: <programlisting>… +[Service] +ExecStartPre=-/sbin/modprobe -abq loop +DeviceAllow=block-loop +DeviceAllow=/dev/loop-control +…</programlisting></para> + </listitem> </varlistentry> |