I'd like to collect the my CPU power usage on some "plain" linux boxes (i.e. no fancy things like VMs or let alone K8s) via scaphandre or prometheus_node_exporter, running as systemd service and not as root.
The problem: The /sys/…/energy_uj exposed by the kernel module intel_rapl_common are by default owned by root and mode 0400.
My first approach was to
ExecStartPre=-+/usr/bin/modprobe intel_rapl_common
ExecStartPre=+/usr/bin/find /sys/devices/virtual/powercap -name energy_uj -exec chmod g+r -R {} + -exec chown root:powercap {} +
DynamicUser=yes
Group=powercap
While this does work (systemd apparently "creates" an ephemeral (primary) group just based on the existence of this service file, which is usable by chmod), I'd like a cleaner approach.
So, I created the necessary entries in /usr/lib/sysusers.d/, /usr/lib/modules-load.d/ to have a group powercap and load the kernel module automatically, and I also added an udev rule:
ENV{SUBSYSTEM}=="powercap", ACTION=="add|change", MODE="0440", OWNER="root", GROUP="powercap"
but this rule seems to have no effect, the permissions and owner of all related folders are as before. However, it seems that the rule is properly applied, because when I do:
ENV{SUBSYSTEM}=="powercap", ACTION=="add|change", OWNER="root", PROGRAM+="/usr/bin/find /sys$env{DEVPATH} -name energy_uj -exec chmod g+r -R {} + -exec chown root:powercap {} +"
that rule works. But it feels like I've regressed towards the original systemd/ExecStartPre based solution.
So, sorry, I'm asking two questions as one:
- Is there a way to make the "clean" udev rule without
PROGRAMchange permissions and ownership? - Or, alternatively, is there another similarly "clean" way to get read permissions?
