#include <sys/un.h>
#include <sys/socket.h>
#include <linux/netlink.h>
+#include <sys/eventfd.h>
#include "sd-daemon.h"
#include "sd-bus.h"
#include "ptyfwd.h"
#include "bus-kernel.h"
#include "env-util.h"
-
-#ifndef TTY_GID
-#define TTY_GID 5
-#endif
+#include "def.h"
typedef enum LinkJournal {
LINK_NO,
(1ULL << CAP_SYS_RESOURCE) |
(1ULL << CAP_SYS_BOOT) |
(1ULL << CAP_AUDIT_WRITE) |
- (1ULL << CAP_AUDIT_CONTROL);
+ (1ULL << CAP_AUDIT_CONTROL) |
+ (1ULL << CAP_MKNOD);
static char **arg_bind = NULL;
static char **arg_bind_ro = NULL;
static char **arg_setenv = NULL;
u = umask(0000);
NULSTR_FOREACH(d, devnodes) {
- struct stat st;
_cleanup_free_ char *from = NULL, *to = NULL;
+ struct stat st;
- asprintf(&from, "/dev/%s", d);
- asprintf(&to, "%s/dev/%s", dest, d);
-
- if (!from || !to) {
- log_oom();
-
- if (r == 0)
- r = -ENOMEM;
-
- break;
- }
+ from = strappend("/dev/", d);
+ to = strjoin(dest, "/dev/", d, NULL);
+ if (!from || !to)
+ return log_oom();
if (stat(from, &st) < 0) {
if (errno != ENOENT) {
log_error("Failed to stat %s: %m", from);
- if (r == 0)
- r = -errno;
+ return -errno;
}
} else if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) {
log_error("%s is not a char or block device, cannot copy", from);
- if (r == 0)
- r = -EIO;
+ return -EIO;
} else if (mknod(to, st.st_mode, st.st_rdev) < 0) {
log_error("mknod(%s) failed: %m", dest);
- if (r == 0)
- r = -errno;
+ return -errno;
}
}
return capability_bounding_set_drop(~arg_retain, false);
}
-static int register_machine(void) {
+static int register_machine(pid_t pid) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_unref_ sd_bus *bus = NULL;
int r;
SD_BUS_MESSAGE_APPEND_ID128(arg_uuid),
"nspawn",
"container",
- (uint32_t) 0,
+ (uint32_t) pid,
strempty(arg_directory),
!isempty(arg_slice), "Slice", "s", arg_slice);
if (r < 0) {
int main(int argc, char *argv[]) {
pid_t pid = 0;
int r = EXIT_FAILURE, k;
- _cleanup_close_ int master = -1, kdbus_fd = -1;
+ _cleanup_close_ int master = -1, kdbus_fd = -1, sync_fd = -1;
int n_fd_passed;
const char *console = NULL;
sigset_t mask;
log_debug("Successfully created kdbus namespace as %s", kdbus_namespace);
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
- log_error("Failed to create kmsg socket pair.");
+ log_error("Failed to create kmsg socket pair: %m");
goto finish;
}
for (;;) {
siginfo_t status;
+ sync_fd = eventfd(0, EFD_CLOEXEC);
+ if (sync_fd < 0) {
+ log_error("Failed to create event fd: %m");
+ goto finish;
+ }
+
pid = syscall(__NR_clone, SIGCHLD|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWPID|CLONE_NEWUTS|(arg_private_network ? CLONE_NEWNET : 0), NULL);
if (pid < 0) {
if (errno == EINVAL)
NULL
};
char **env_use;
+ eventfd_t x;
envp[n_env] = strv_find_prefix(environ, "TERM=");
if (envp[n_env])
goto child_fail;
}
- r = register_machine();
- if (r < 0)
- goto finish;
-
/* Mark everything as slave, so that we still
* receive mounts from the real root, but don't
* propagate mounts to the real root. */
setup_hostname();
+ eventfd_read(sync_fd, &x);
+ close_nointr_nofail(sync_fd);
+ sync_fd = -1;
+
if (!strv_isempty(arg_setenv)) {
char **n;
fdset_free(fds);
fds = NULL;
+ r = register_machine(pid);
+ if (r < 0)
+ goto finish;
+
+ eventfd_write(sync_fd, 1);
+ close_nointr_nofail(sync_fd);
+ sync_fd = -1;
+
k = process_pty(master, &mask, arg_boot ? pid : 0, SIGRTMIN+3);
if (k < 0) {
r = EXIT_FAILURE;
~ianmdlvl / elogind.git / blobdiff