chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy.
[elogind.git] / src / core / cgroup.c
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index bf8bbf5801609d1760af9580c515fde3e4f8d042..3e01690c9a3ed052dfad2f56d057c93ecc83c359 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -745,7 +745,10 @@ static void cgroup_context_apply(Unit *u, CGroupMask mask, ManagerState state) {
                                 "/dev/random\0" "rwm\0"
                                 "/dev/urandom\0" "rwm\0"
                                 "/dev/tty\0" "rwm\0"
-                                "/dev/pts/ptmx\0" "rw\0"; /* /dev/pts/ptmx may not be duplicated, but accessed */
+                                "/dev/pts/ptmx\0" "rw\0" /* /dev/pts/ptmx may not be duplicated, but accessed */
+                                /* Allow /run/elogind/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */
+                                "/run/elogind/inaccessible/chr\0" "rwm\0"
+                                "/run/elogind/inaccessible/blk\0" "rwm\0";
 
                         const char *x, *y;
 
@@ -1081,7 +1084,7 @@ int unit_watch_cgroup(Unit *u) {
         /* Only applies to the unified hierarchy */
         r = cg_unified();
         if (r < 0)
-                return log_unit_error_errno(u, r, "Failed detect wether the unified hierarchy is used: %m");
+                return log_unit_error_errno(u, r, "Failed detect whether the unified hierarchy is used: %m");
         if (r == 0)
                 return 0;
 
@@ -1673,7 +1676,7 @@ int manager_setup_cgroup(Manager *m) {
 
                 /* also, move all other userspace processes remaining
                  * in the root cgroup into that scope. */
-                r = cg_migrate(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root, SYSTEMD_CGROUP_CONTROLLER, scope_path, false);
+                r = cg_migrate(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_root, SYSTEMD_CGROUP_CONTROLLER, scope_path, 0);
                 if (r < 0)
                         log_warning_errno(r, "Couldn't move remaining userspace processes, ignoring: %m");
 
Unnamed repository; edit this file 'description' to name the repository.