X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=71cdd3f39f27e23ab248dc84058ccf437f2f7399;hp=90c8b94248b406c3baefca74fd272e2a6c609462;hb=f1e5dfe2c065670e0dac63c7bb2dd82fe820e2ab;hpb=4d46fec56db73e1d2d01076792f9b8f3231d5cb1

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 90c8b9424..71cdd3f39 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -394,6 +394,13 @@ static int setup_kmsg(const char *dest, int kmsg_socket) {
 
         u = umask(0000);
 
+        /* We create the kmsg FIFO as /dev/kmsg, but immediately
+         * delete it after bind mounting it to /proc/kmsg. While FIFOs
+         * on the reading side behave very similar to /proc/kmsg,
+         * their writing side behaves differently from /dev/kmsg in
+         * that writing blocks when nothing is reading. In order to
+         * avoid any problems with containers deadlocking due to this
+         * we simply make /dev/kmsg unavailable to the container. */
         if (asprintf(&from, "%s/dev/kmsg", dest) < 0) {
                 log_error("Out of memory");
                 r = -ENOMEM;
@@ -456,6 +463,9 @@ static int setup_kmsg(const char *dest, int kmsg_socket) {
                 goto finish;
         }
 
+        /* And now make the FIFO unavailable as /dev/kmsg... */
+        unlink(from);
+
 finish:
         free(from);
         free(to);