Hi, I want to block the device through the systemd cgroup so I have created a below unit file
[Unit] Description=mydevblock [Service] DeviceAllow=/dev/zero ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40 Restart=always [Install] WantedBy=multi-user.target As per my understanding in this unit file I have allowed only /dev/zero device so dd command should not create the file_1 successfully it should give the error . systemctl start mydevblock.service Below is the status after start the service and file_1 is successfully created [host-name ~]# systemctl status mydevblock.service ● mydev.service - mydevblock Loaded: loaded (/etc/systemd/system/mydev.service; disabled) Active: failed (Result: start-limit) since Wed 2014-06-04 11:32:24 IST; 831ms ago Process: 27800 ExecStart=/usr/bin/dd if=/dev/zero of=/root/file_1 bs=1M count=40 (code=exited, status=0/SUCCESS) Main PID: 27800 (code=exited, status=0/SUCCESS) Jun 04 11:32:24 <host-name> systemd[1]: mydev.service holdoff time over, scheduling restart. Jun 04 11:32:24 <host-name> systemd[1]: Stopping mydevblock... Jun 04 11:32:24 <host-name> systemd[1]: Starting mydevblock... Jun 04 11:32:24 <host-name> sytemd[1]: mydev.service start request repeated too quickly, refusing to start. Jun 04 11:32:24 <host-name> systemd[1]: Failed to start mydevblock. Jun 04 11:32:24 <host-name> systemd[1]: Unit mydev.service entered failed state. [host-name> ~]# ls -lrt -rw-r--r--. 1 root root 41943040 Jun 4 11:32 file_1 Can someone reply why file_1 is created successfully? Do anyone have idea how can i put the restriction on device? Appreciate your inputs on this. Regards Mohit Agrawal _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
