该systemd文档对于这是否有效有点模糊ProtectKernelTunables部分:
对于此设置,有关挂载传播和权限的相同限制适用于 ReadOnlyPaths= 和相关调用,请参见上文。
这让我觉得我可以设置ProtectKernelTunables=yes然后添加ReadWritePaths=/sys/class/leds。但是,当我尝试时,我在日志中看到以下内容:
Dec 03 03:33:55 radio00000 systemd[25829]: /run/systemd/unit-root/sys is duplicate.
Dec 03 03:33:55 radio00000 systemd[25829]: /run/systemd/unit-root/sys is duplicate.
...
Dec 03 03:33:55 radio00000 systemd[25829]: Successfully mounted /run/systemd/unit-root/proc/sys to /run/systemd/unit-root/proc/sys
...
Dec 03 03:33:56 radio00000 systemd[25829]: Applying namespace mount on /run/systemd/unit-root/sys/class/leds
Dec 03 03:33:56 radio00000 systemd[25829]: Successfully mounted /run/systemd/unit-root/sys/class/leds to /run/systemd/unit-root/sys/class/leds
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/proc/sys, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys/class/leds, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys/class/leds, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
...
Dec 03 03:33:56 radio00000 systemd[25829]: Remounted /run/systemd/unit-root/proc/sys read-only.
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys/class/leds, because blacklisted by /run/systemd/unit-root/sys/class/leds, called for /run/systemd/unit-root/sys
...
Dec 03 03:33:56 radio00000 systemd[25829]: Remounted /run/systemd/unit-root/sys read-only.
...
Dec 03 03:33:56 radio00000 systemd[25829]: Not remounting /run/systemd/unit-root/sys/class/leds, because blacklisted by /run/systemd/unit-root/sys/class/leds, called for /run/systemd/unit-root/sys
...
然后从我的守护进程:
Dec 03 03:33:56 radio00000 lightsd[25829]: Cannot open /sys/class/leds/led-msg/brightness: Read-only file system
事实上,如果我尝试
ReadOnlyPaths=/sys
ReadWritePaths=/sys/class/leds
我也有同样的问题。看来这些应该有效。这是 systemd239 中的已知错误吗?我是否在做一些不可能的事情,或者我是否错过了一些重要的事情?
我使用的是系统239,Linux 4.19