Tente adicionar o recurso usando o systemd:
systemctl edit collectd
Em seguida, adicione a seguinte linha à seção "Serviço":
CapabilityBoundingSet=CAP_SYS_RAWIO
adicionando o utilitário de plug-in SMART à versão 5.8
receba um aviso sobre a falta de permissões para coletar dados de E / S:
Nov 9 13:27:40 db07 collectd[35127]: smart plugin: Running collectd as root,
but the CAP_SYS_RAWIO capability is missing. The plugin's read function will
probably fail. Is your init system dropping capabilities?
setcap para permitir esse recurso no collectd:
root@foo# setcap cap_sys_rawio=ep /usr/sbin/collectd
O systemd não consegue iniciar o processo depois que as permissões são adicionadas:
Nov 9 13:27:26 db07 systemd[34172]: Failed at step EXEC spawning /usr/sbin/collectd: Operation not permitted
Nov 9 13:27:26 db07 systemd[1]: collectd.service: main process exited, code=exited, status=203/EXEC
Nov 9 13:27:26 db07 systemd[1]: Unit collectd.service entered failed state.
Nov 9 13:27:26 db07 systemd[1]: collectd.service failed.
Nov 9 13:27:27 db07 systemd[1]: collectd.service holdoff time over, scheduling restart.
Nov 9 13:27:27 db07 systemd[34174]: Failed at step EXEC spawning /usr/sbin/collectd: Operation not permitted
O que impede que o systemd seja executado com este sinalizador adicionado?
EDIT: adicionando systemctl collectd.service config por sugestões:
[root@host ~]# systemctl cat collectd.service
# /usr/lib/systemd/system/collectd.service
[Unit]
Description=Collectd statistics daemon
Documentation=man:collectd(1) man:collectd.conf(5)
After=local-fs.target network-online.target
Requires=local-fs.target network-online.target
[Service]
ExecStart=/usr/sbin/collectd
EnvironmentFile=-/etc/sysconfig/collectd
EnvironmentFile=-/etc/default/collectd
ProtectSystem=full
ProtectHome=true
# A few plugins won't work without some privileges, which you'll have to
# specify using the CapabilityBoundingSet directive below.
#
# Here's a (incomplete) list of the plugins known capability requirements:
# ceph CAP_DAC_OVERRIDE
# dns CAP_NET_RAW
# exec CAP_SETUID CAP_SETGID
# intel_rdt CAP_SYS_RAWIO
# intel_pmu CAP_SYS_ADMIN
# iptables CAP_NET_ADMIN
# ping CAP_NET_RAW
# smart CAP_SYS_RAWIO
# turbostat CAP_SYS_RAWIO
#
# Example, if you use the iptables plugin alongside the dns or ping plugin:
#CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
#
# By default, drop all capabilities:
CapabilityBoundingSet=
# Tell systemd it will receive a notification from collectd over its control
# socket once the daemon is ready. See systemd.service(5) for more details.
Type=notify
# Restart the collectd daemon when it fails.
Restart=on-failure
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/collectd.service.d/override.conf
CapabilityBoundingSet=CAP_SYS_RAWIO
Tente adicionar o recurso usando o systemd:
systemctl edit collectd
Em seguida, adicione a seguinte linha à seção "Serviço":
CapabilityBoundingSet=CAP_SYS_RAWIO