diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-07-25 11:34:37 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-25 11:34:37 +0200 |
| commit | 57cd822887e5fe7b3c3a55098ac16544195f3d21 (patch) | |
| tree | 6fcb2a88981c06bdd20299189146b6cb85db0d74 /man | |
| parent | network: drop redundant Link::kind check (diff) | |
| parent | man: document the modprobe hack for DeviceAllow= (diff) | |
| download | systemd-57cd822887e5fe7b3c3a55098ac16544195f3d21.tar.xz systemd-57cd822887e5fe7b3c3a55098ac16544195f3d21.zip | |
Merge pull request #13144 from poettering/nspawn-modprobe
nspawn modprobe fixes
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd.resource-control.xml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index e7b5dfbce6..1b5ac3e8e4 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -686,6 +686,18 @@ TTYs and all ALSA sound devices, respectively. <literal>char-cpu/*</literal> is a specifier matching all CPU related device groups.</para> + + <para>Note that whitelists defined this way should only reference device groups which are + resolvable at the time the unit is started. Any device groups not resolvable then are not added to + the device whitelist. In order to work around this limitation, consider extending service units + with an <command>ExecStartPre=/sbin/modprobe…</command> line that loads the necessary + kernel module implementing the device group if missing. Example: <programlisting>… +[Service] +ExecStartPre=-/sbin/modprobe -abq loop +DeviceAllow=block-loop +DeviceAllow=/dev/loop-control +…</programlisting></para> + </listitem> </varlistentry> |