chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e41969e
)
nspawn: allow using kdbus from nspawn containers
author
Lennart Poettering
<lennart@poettering.net>
Tue, 11 Mar 2014 16:43:00 +0000
(17:43 +0100)
committer
Lennart Poettering
<lennart@poettering.net>
Tue, 11 Mar 2014 16:43:41 +0000
(17:43 +0100)
src/nspawn/nspawn.c
patch
|
blob
|
history
diff --git
a/src/nspawn/nspawn.c
b/src/nspawn/nspawn.c
index cd31bd42cc093a3362e33dce230452d85d58af24..1051b922c93fb8e691d08e0fa0326c9e18cecc5e 100644
(file)
--- a/
src/nspawn/nspawn.c
+++ b/
src/nspawn/nspawn.c
@@
-1258,7
+1258,7
@@
static int register_machine(pid_t pid) {
return r;
}
return r;
}
- r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)",
8
,
+ r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)",
10
,
/* Allow the container to
* access and create the API
* device nodes, so that
/* Allow the container to
* access and create the API
* device nodes, so that
@@
-1277,7
+1277,18
@@
static int register_machine(pid_t pid) {
* container to ever create
* these device nodes. */
"/dev/pts/ptmx", "rw",
* container to ever create
* these device nodes. */
"/dev/pts/ptmx", "rw",
- "char-pts", "rw");
+ "char-pts", "rw",
+ /* Allow the container
+ * access to all kdbus
+ * devices. Again, the
+ * container cannot create
+ * these nodes, only use
+ * them. We use a pretty
+ * open match here, so that
+ * the kernel API can still
+ * change. */
+ "char-kdbus", "rw",
+ "char-kdbus/*", "rw");
if (r < 0) {
log_error("Failed to add device whitelist: %s", strerror(-r));
return r;
if (r < 0) {
log_error("Failed to add device whitelist: %s", strerror(-r));
return r;