systemd – 限制对已安装卷的访问？

在 Debian 系统升级后，我的一项服务（mpd - 音乐播放器守护程序）停止工作 - 说它无法访问包含音乐的文件夹。尝试排除故障时，我注意到两件事：

1. 仅当我将 mpd 作为 systemd 服务运行时才会出现此问题 - 直接运行时，它运行正常
2. 仅当音乐目录位于已安装卷（而不是根卷）上时才会出现此问题

因此，systemd 似乎以某种方式限制了对已安装设备的访问。我不知道为什么。

最小测试用例：

1）设置新卷

# dd if=/dev/zero of=/root/dummy.img bs=1M count=50
# mkfs.ext4 /root/dummy.img
# mkdir /mnt/dummy
# mount /root/dummy.img /mnt/dummy
# mkdir /mnt/dummy/music
# chmod a+rwx /mnt/dummy/ -R

2）修改/etc/mpd.conf

music_directory "/mnt/dummy/music"    

3）启动 mpd

# service mpd start
# service mpd status

然后在 mpd 日志中我得到：

Jan 18 20:20:27 seal mpd[7948]: Jan 18 20:20 : exception: Failed to access /mnt/dummy/music: No such file or directory

请注意，如果我直接运行 mpd：

# mpd --stdout --no-daemon --verbose

不存在这样的错误。

此外，如果我使用根卷上的任何文件夹，即使是 /root/music（只有 root 用户才能读取），它也能正常工作（出于故障排除目的，我以 root 身份运行 mpd）。

只有 systemd + mounted volume 的组合不起作用。

附加 Systemd 服务配置：

# systemctl show mpd
Type=notify
Restart=no
NotifyAccess=main
RestartUSec=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestamp=Thu 2018-01-18 20:24:40 CET
WatchdogTimestampMonotonic=19176253623
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=8154
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
UID=[not set]
GID=[not set]
NRestarts=0
ExecMainStartTimestamp=Thu 2018-01-18 20:24:39 CET
ExecMainStartTimestampMonotonic=19175700632
ExecMainExitTimestampMonotonic=0
ExecMainPID=8154
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/mpd ; argv[]=/usr/bin/mpd --no-daemon $MPDCONF ; ignore_errors=no ; start_time=[Thu 2018-01-18 20:24:39 CET] ; stop_time=[n/a] ; pid=8154 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/mpd.service
MemoryCurrent=[not set]
CPUUsageNSec=[not set]
TasksCurrent=5
IPIngressBytes=18446744073709551615
IPIngressPackets=18446744073709551615
IPEgressBytes=18446744073709551615
IPEgressPackets=18446744073709551615
Delegate=no
CPUAccounting=no
CPUWeight=[not set]
StartupCPUWeight=[not set]
CPUShares=[not set]
StartupCPUShares=[not set]
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=[not set]
StartupIOWeight=[not set]
BlockIOAccounting=no
BlockIOWeight=[not set]
StartupBlockIOWeight=[not set]
MemoryAccounting=no
MemoryLow=0
MemoryHigh=infinity
MemoryMax=infinity
MemorySwapMax=infinity
MemoryLimit=infinity
DevicePolicy=auto
TasksAccounting=yes
TasksMax=4915
IPAccounting=no
EnvironmentFile=/etc/default/mpd (ignore_errors=no)
UMask=0022
LimitCPU=infinity
LimitCPUSoft=infinity
LimitFSIZE=infinity
LimitFSIZESoft=infinity
LimitDATA=infinity
LimitDATASoft=infinity
LimitSTACK=infinity
LimitSTACKSoft=8388608
LimitCORE=infinity
LimitCORESoft=0
LimitRSS=infinity
LimitRSSSoft=infinity
LimitNOFILE=4096
LimitNOFILESoft=1024
LimitAS=infinity
LimitASSoft=infinity
LimitNPROC=15298
LimitNPROCSoft=15298
LimitMEMLOCK=16777216
LimitMEMLOCKSoft=16777216
LimitLOCKS=infinity
LimitLOCKSSoft=infinity
LimitSIGPENDING=15298
LimitSIGPENDINGSoft=15298
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=50
LimitRTPRIOSoft=50
LimitRTTIME=infinity
LimitRTTIMESoft=infinity
OOMScoreAdjust=0
Nice=0
IOSchedulingClass=0
IOSchedulingPriority=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardInputData=
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
LogLevelMax=-1
SecureBits=0
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend
AmbientCapabilities=
DynamicUser=no
RemoveIPC=no
MountFlags=
PrivateTmp=no
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
LockPersonality=no
RuntimeDirectoryPreserve=no
RuntimeDirectoryMode=0755
StateDirectoryMode=0755
CacheDirectoryMode=0755
LogsDirectoryMode=0755
ConfigurationDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespaces=no
MountAPIVFS=no
KeyringMode=private
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=mpd.service
Names=mpd.service
Requires=system.slice sysinit.target
WantedBy=multi-user.target
Conflicts=shutdown.target
Before=multi-user.target shutdown.target
After=sysinit.target basic.target sound.target mpd.socket network.target system.slice systemd-journald.socket
TriggeredBy=mpd.socket
Documentation=man:mpd(1) man:mpd.conf(5) file:///usr/share/doc/mpd/user-manual.html
Description=Music Player Daemon
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/lib/systemd/system/mpd.service
DropInPaths=/etc/systemd/system/mpd.service.d/override.conf
UnitFileState=enabled
UnitFilePreset=enabled
StateChangeTimestamp=Thu 2018-01-18 20:24:40 CET
StateChangeTimestampMonotonic=19176253627
InactiveExitTimestamp=Thu 2018-01-18 20:24:39 CET
InactiveExitTimestampMonotonic=19175700719
ActiveEnterTimestamp=Thu 2018-01-18 20:24:40 CET
ActiveEnterTimestampMonotonic=19176253627
ActiveExitTimestamp=Thu 2018-01-18 20:24:39 CET
ActiveExitTimestampMonotonic=19175684629
InactiveEnterTimestamp=Thu 2018-01-18 20:24:39 CET
InactiveEnterTimestampMonotonic=19175697364
CanStart=yes
CanStop=yes
CanReload=no
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobRunningTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Thu 2018-01-18 20:24:39 CET
ConditionTimestampMonotonic=19175699119
AssertTimestamp=Thu 2018-01-18 20:24:39 CET
AssertTimestampMonotonic=19175699120
Transient=no
Perpetual=no
StartLimitIntervalSec=10000000
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
SuccessAction=none
InvocationID=cb674c5c75a741dd8510acc8bbcc868b
CollectMode=inactive

我不知道该怎么做。如果能提供任何提示，我将非常高兴。