X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=7e56cf2056c72c03ea0344e7129282d6ebfdfbae;hp=8833704ab79839cc675ba59941735251baf8aa6b;hb=a37e4fcf9969c36d59e2f9683079d9b08a3dcfb1;hpb=9a71b1122c6e49dd9227f82b2f53837c7ea13019 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 8833704ab..7e56cf205 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1007,7 +1007,7 @@ static int mount_binds(const char *dest, char **l, bool ro) { return log_error_errno(r, "Failed to create mount point %s: %m", where); } - if (mount(*x, where, "bind", MS_BIND, NULL) < 0) + if (mount(*x, where, NULL, MS_BIND, NULL) < 0) return log_error_errno(errno, "mount(%s) failed: %m", where); if (ro) { @@ -1323,7 +1323,7 @@ static int setup_volatile(const char *directory) { goto fail; } - if (mount(f, t, "bind", MS_BIND|MS_REC, NULL) < 0) { + if (mount(f, t, NULL, MS_BIND|MS_REC, NULL) < 0) { log_error_errno(errno, "Failed to create /usr bind mount: %m"); r = -errno; goto fail; @@ -1394,10 +1394,10 @@ static int setup_boot_id(const char *dest) { if (r < 0) return log_error_errno(r, "Failed to write boot id: %m"); - if (mount(from, to, "bind", MS_BIND, NULL) < 0) { + if (mount(from, to, NULL, MS_BIND, NULL) < 0) { log_error_errno(errno, "Failed to bind mount boot id: %m"); r = -errno; - } else if (mount(from, to, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL)) + } else if (mount(from, to, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL)) log_warning_errno(errno, "Failed to make boot id read-only: %m"); unlink(from); @@ -1449,8 +1449,18 @@ static int copy_devnodes(const char *dest) { return -r; } - if (mknod(to, st.st_mode, st.st_rdev) < 0) - return log_error_errno(errno, "mknod(%s) failed: %m", to); + if (mknod(to, st.st_mode, st.st_rdev) < 0) { + if (errno != EPERM) + return log_error_errno(errno, "mknod(%s) failed: %m", to); + + /* Some systems abusively restrict mknod but + * allow bind mounts. */ + r = touch(to); + if (r < 0) + return log_error_errno(r, "touch (%s) failed: %m", to); + if (mount(from, to, NULL, MS_BIND, NULL) < 0) + return log_error_errno(errno, "Both mknod and bind mount (%s) failed: %m", to); + } if (arg_userns && arg_uid_shift != UID_INVALID) if (lchown(to, arg_uid_shift, arg_uid_shift) < 0) @@ -1481,7 +1491,6 @@ static int setup_ptmx(const char *dest) { static int setup_dev_console(const char *dest, const char *console) { _cleanup_umask_ mode_t u; const char *to; - struct stat st; int r; assert(dest); @@ -1489,26 +1498,20 @@ static int setup_dev_console(const char *dest, const char *console) { u = umask(0000); - if (stat("/dev/null", &st) < 0) - return log_error_errno(errno, "Failed to stat /dev/null: %m"); - r = chmod_and_chown(console, 0600, 0, 0); if (r < 0) return log_error_errno(r, "Failed to correct access mode for TTY: %m"); /* We need to bind mount the right tty to /dev/console since * ptys can only exist on pts file systems. To have something - * to bind mount things on we create a device node first, and - * use /dev/null for that since we the cgroups device policy - * allows us to create that freely, while we cannot create - * /dev/console. (Note that the major minor doesn't actually - * matter here, since we mount it over anyway). */ + * to bind mount things on we create a empty regular file. */ to = strjoina(dest, "/dev/console"); - if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) - return log_error_errno(errno, "mknod() for /dev/console failed: %m"); + r = touch(to); + if (r < 0) + return log_error_errno(r, "touch() for /dev/console failed: %m"); - if (mount(console, to, "bind", MS_BIND, NULL) < 0) + if (mount(console, to, NULL, MS_BIND, NULL) < 0) return log_error_errno(errno, "Bind mount for /dev/console failed: %m"); return 0; @@ -1551,7 +1554,7 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { if (r < 0) return log_error_errno(r, "Failed to correct access mode for /dev/kmsg: %m"); - if (mount(from, to, "bind", MS_BIND, NULL) < 0) + if (mount(from, to, NULL, MS_BIND, NULL) < 0) return log_error_errno(errno, "Bind mount for /proc/kmsg failed: %m"); fd = open(from, O_RDWR|O_NDELAY|O_CLOEXEC); @@ -1926,7 +1929,7 @@ static int setup_journal(const char *directory) { return r; } - if (mount(p, q, "bind", MS_BIND, NULL) < 0) + if (mount(p, q, NULL, MS_BIND, NULL) < 0) return log_error_errno(errno, "Failed to bind mount journal from host into guest: %m"); return 0; @@ -2823,7 +2826,7 @@ static int dissect_image( return -errno; } - blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL); + (void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL); is_gpt = streq_ptr(pttype, "gpt"); is_mbr = streq_ptr(pttype, "dos"); @@ -3125,7 +3128,7 @@ static int dissect_image( return 0; #else log_error("--image= is not supported, compiled without blkid support."); - return -ENOTSUP; + return -EOPNOTSUPP; #endif } @@ -3180,7 +3183,7 @@ static int mount_device(const char *what, const char *where, const char *directo if (streq(fstype, "crypto_LUKS")) { log_error("nspawn currently does not support LUKS disk images."); - return -ENOTSUP; + return -EOPNOTSUPP; } if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0) @@ -3189,7 +3192,7 @@ static int mount_device(const char *what, const char *where, const char *directo return 0; #else log_error("--image= is not supported, compiled without blkid support."); - return -ENOTSUP; + return -EOPNOTSUPP; #endif } @@ -3707,12 +3710,6 @@ int main(int argc, char *argv[]) { goto finish; } - if (sd_booted() <= 0) { - log_error("Not running on a systemd system."); - r = -EINVAL; - goto finish; - } - log_close(); n_fd_passed = sd_listen_fds(false); if (n_fd_passed > 0) { @@ -3735,7 +3732,7 @@ int main(int argc, char *argv[]) { } if (arg_ephemeral) { - char *np; + _cleanup_free_ char *np = NULL; /* If the specified path is a mount point we * generate the new snapshot immediately @@ -3765,13 +3762,13 @@ int main(int argc, char *argv[]) { r = btrfs_subvol_snapshot(arg_directory, np, arg_read_only, true); if (r < 0) { - free(np); log_error_errno(r, "Failed to create snapshot %s from %s: %m", np, arg_directory); goto finish; } free(arg_directory); arg_directory = np; + np = NULL; remove_subvol = true; @@ -4034,7 +4031,7 @@ int main(int argc, char *argv[]) { _exit(EXIT_FAILURE); /* Turn directory into bind mount */ - if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) { + if (mount(arg_directory, arg_directory, NULL, MS_BIND|MS_REC, NULL) < 0) { log_error_errno(errno, "Failed to make bind mount: %m"); _exit(EXIT_FAILURE); }