mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 10:13:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

nspawn: ignore failure in creating /dev/net/tun when --private-network is unspecified

Browse Source 
Follow-up for efedb6b0f3.
Closes #35116.

(cherry picked from commit 985ea98e7f)
Really rewritten from scratch.
This commit is contained in:
Yu Watanabe 2024-11-13 13:36:11 +09:00 committed by Zbigniew Jędrzejewski-Szmek
parent 56cc8acf45
commit 04ee5e25a1
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/nspawn/nspawn.c
View File

@ -2183,6 +2183,7 @@ static int copy_devnodes(const char *dest) {
NULSTR_FOREACH(d, devnodes) {
_cleanup_free_ char *from = NULL, *to = NULL;
struct stat st;
bool ignore_mknod_failure = streq(d, "net/tun");
from = path_join("/dev/", d);
if (!from)
@ -2207,16 +2208,31 @@ static int copy_devnodes(const char *dest) {
/* Explicitly warn the user when /dev is already populated. */
if (errno == EEXIST)
log_notice("%s/dev/ is pre-mounted and pre-populated. If a pre-mounted /dev/ is provided it needs to be an unpopulated file system.", dest);
if (!ERRNO_IS_PRIVILEGE(errno) || arg_uid_shift != 0)
if (!ERRNO_IS_PRIVILEGE(errno) || arg_uid_shift != 0) {
if (ignore_mknod_failure) {
log_debug_errno(r, "mknod(%s) failed, ignoring: %m", to);
return 0;
}
return log_error_errno(errno, "mknod(%s) failed: %m", to);
}
/* Some systems abusively restrict mknod but allow bind mounts. */
r = touch(to);
if (r < 0)
if (r < 0) {
if (ignore_mknod_failure) {
log_debug_errno(r, "touch (%s) failed, ignoring: %m", to);
return 0;
}
return log_error_errno(r, "touch (%s) failed: %m", to);
}
r = mount_nofollow_verbose(LOG_DEBUG, from, to, NULL, MS_BIND, NULL);
if (r < 0)
if (r < 0) {
if (ignore_mknod_failure) {
log_debug_errno(r, "Both mknod and bind mount (%s) failed, ignoring: %m", to);
return 0;
}
return log_error_errno(r, "Both mknod and bind mount (%s) failed: %m", to);
}
} else {
r = userns_lchown(to, 0, 0);
if (r < 0)