我创建了一个简单的systemd单元文件(sysupdate.service),其中包含以下内容以自动化系统更新,但却因复杂性而受挫。
/etc/systemd/system/sysupdate.service:
[Unit]
Description=update system preferably after dnfdragora finished checking update
After=syslog.target network.target network-online.target auditd.service
[Service]
StandardInput=null
ExecStart=/mnt/0/sysupdate.sh
[Install]
WantedBy=multi-user.target
sysupdate.sh:
#!/bin/sh
exec &>> /mnt/0/sysupdate.log
echo $(date)
sudo dnf upgrade -y
echo '$?':$?
sudo youtube-dl -U
echo '$?':$?
sudo systemctl stop bluetooth.service
sudo systemctl disable bluetooth.service
sudo systemctl status bluetooth.service
echo '$?':$?
echo $(date)
普通用户在/ mnt / 0 /中有写入权限 sysupdate.sh设置为“chmod uo + x”。
每当我在服务文件中注释掉“服务类型”,“后”或“用户”时,我总是这样做:
sudo systemctl daemon-reload
永远不会创建预期的日志文件“/mnt/0/sysupdate.log”。
为什么这么简单的自动化很难完成?!
最新状态: 甚至我以“journalctl -xe”:
的形式执行了2行代码SELinux is preventing (pdate.sh) from execute access on the file sysupdate.sh.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that (pdate.sh) should be allowed execute access on the sysupdate.sh file by defa
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(pdate.sh)' --raw | audit2allow -M my-pdatesh
# semodule -X 300 -i my-pdatesh.pp
期刊日志中仍有权限被拒绝错误。
我暂时通过设置SELinux permissive来实现它。