nspawn: fix argv[0] for getent

[elogind.git] / src / nspawn / nspawn.c

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index cd31bd42cc093a3362e33dce230452d85d58af24..b2c974d97016b8334b31a9799468fa273daf041d 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1258,7 +1258,7 @@ static int register_machine(pid_t pid) {
                         return r;
                 }
 
-                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 8,
+                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 10,
                                           /* Allow the container to
                                            * access and create the API
                                            * device nodes, so that
@@ -1277,7 +1277,18 @@ static int register_machine(pid_t pid) {
                                            * container to ever create
                                            * these device nodes. */
                                           "/dev/pts/ptmx", "rw",
-                                          "char-pts", "rw");
+                                          "char-pts", "rw",
+                                          /* Allow the container
+                                           * access to all kdbus
+                                           * devices. Again, the
+                                           * container cannot create
+                                           * these nodes, only use
+                                           * them. We use a pretty
+                                           * open match here, so that
+                                           * the kernel API can still
+                                           * change. */
+                                          "char-kdbus", "rw",
+                                          "char-kdbus/*", "rw");
                 if (r < 0) {
                         log_error("Failed to add device whitelist: %s", strerror(-r));
                         return r;
@@ -2264,8 +2275,8 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
                 reset_all_signal_handlers();
                 close_all_fds(NULL, 0);
 
-                execle("/usr/bin/getent", "getenv", database, key, NULL, &empty_env);
-                execle("/bin/getent", "getenv", database, key, NULL, &empty_env);
+                execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
+                execle("/bin/getent", "getent", database, key, NULL, &empty_env);
                 _exit(EXIT_FAILURE);
         }