我有一个 systemd 单元服务脚本,它启动 borgmatic 来执行备份过程。我想卸载 borgmatic 的潜在虚拟挂载档案,以避免错误。
我添加了一行
ExecStartPre=/usr/bin/umount /mnt/backup || true
到这个 borgmatic.service 单元脚本
[Unit]
Description=borgmatic backup
Wants=network-online.target
After=network-online.target
ConditionACPower=true
[Service]
Type=oneshot
LockPersonality=true
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
ProtectSystem=full
ReadWritePaths=/backup
#CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100
Restart=no
LogRateLimitIntervalSec=0
ExecStartPre=sleep 1m
ExecStartPre=sudo /usr/bin/umount /mnt/backup || true
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" borgmatic --syslog-verbosity 1
但是,当计时器启动时,我收到错误,提示应代表sudo用户运行 umount。我已将其添加sudo到命令中,因此现在:
ExecStartPre=sudo /usr/bin/umount /mnt/backup || sudo true
这并没有多大帮助:
Apr 27 06:07:01 myhostnamt.tld sudo[617036]: root : PWD=/ ; USER=root ; COMMAND=/usr/bin/umount /mnt/backup || sudo true
Apr 27 06:07:01 myhostnamt.tld sudo[617036]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
Apr 27 06:07:01 myhostnamt.tld sudo[617039]: umount: /mnt/backup: must be superuser to unmount.
Apr 27 06:07:01 myhostnamt.tld sudo[617039]: umount: ||: must be superuser to unmount.
Apr 27 06:07:01 myhostnamt.tld sudo[617039]: umount: sudo: must be superuser to unmount.
Apr 27 06:07:01 myhostnamt.tld sudo[617039]: umount: true: must be superuser to unmount.
可能出了什么问题?