systemd_tmpfiles_LDADD = \
libsystemd-label.la \
- libsystemd-shared.la
+ libsystemd-shared.la \
+ libsystemd-capability.la
# ------------------------------------------------------------------------------
systemd_machine_id_setup_SOURCES = \
* json: properly serialize multiple fields with the same name per entry
-* journalctl: make -l the default
-
* journald: add option to choose between "split up nothing", "split up login user journals", "split up all user journals"
-* journal live copy, bsaed on libneon (client) and libmicrohttpd
+* journal live copy, based on libneon (client) and libmicrohttpd
* document in wiki json serialization
* system.conf should have controls for cgroups
-* tmpfiles: skip mknod if CAP_MKNOD is missing
-
* bind mount read-only the cgroup tree higher than than nspawn
* currently system services appear not to generate core dumps...
#include <sys/param.h>
#include <glob.h>
#include <fnmatch.h>
+#include <sys/capability.h>
#include "log.h"
#include "util.h"
#include "label.h"
#include "set.h"
#include "conf-files.h"
+#include "capability.h"
/* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
* them in the file system. This is intended to be used to create
case CREATE_BLOCK_DEVICE:
case CREATE_CHAR_DEVICE: {
- mode_t file_type = (i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR);
+ mode_t file_type;
+
+ if (have_effective_cap(CAP_MKNOD) == 0) {
+ /* In a container we lack CAP_MKNOD. We
+ shouldnt attempt to create the device node in
+ that case to avoid noise, and we don't support
+ virtualized devices in containers anyway. */
+
+ log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i->path);
+ return 0;
+ }
+
+ file_type = (i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR);
u = umask(0);
label_context_set(i->path, file_type);
~ianmdlvl / elogind.git / commitdiff