#include <sys/signalfd.h>
#include <grp.h>
#include <linux/fs.h>
+#include <sys/un.h>
+#include <sys/socket.h>
#include <systemd/sd-daemon.h>
u = umask(0000);
+ /* We create the kmsg FIFO as /dev/kmsg, but immediately
+ * delete it after bind mounting it to /proc/kmsg. While FIFOs
+ * on the reading side behave very similar to /proc/kmsg,
+ * their writing side behaves differently from /dev/kmsg in
+ * that writing blocks when nothing is reading. In order to
+ * avoid any problems with containers deadlocking due to this
+ * we simply make /dev/kmsg unavailable to the container. */
if (asprintf(&from, "%s/dev/kmsg", dest) < 0) {
log_error("Out of memory");
r = -ENOMEM;
goto finish;
}
+ /* And now make the FIFO unavailable as /dev/kmsg... */
+ unlink(from);
+
finish:
free(from);
free(to);
dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
goto child_fail;
- if (mount(arg_directory, "/", "bind", MS_BIND|MS_MOVE, NULL) < 0) {
+ if (mount(arg_directory, "/", "bind", MS_BIND, NULL) < 0) {
log_error("mount(MS_MOVE) failed: %m");
goto child_fail;
}