1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

nspawn: fix locating config files with --ephemeral

When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.

Fixes https://github.com/systemd/systemd/issues/13297

(cherry picked from commit 2362fdde1b)
This commit is contained in:
Luca Boccassi 2022-04-18 18:39:18 +02:00 committed by Zbigniew Jędrzejewski-Szmek
parent c202d402d9
commit 79b86adcbd
2 changed files with 34 additions and 3 deletions

View File

@ -4603,8 +4603,8 @@ static int merge_settings(Settings *settings, const char *path) {
static int load_settings(void) {
_cleanup_(settings_freep) Settings *settings = NULL;
_cleanup_fclose_ FILE *f = NULL;
_cleanup_free_ char *p = NULL;
const char *fn, *i;
_cleanup_free_ char *p = NULL, *fn = NULL;
const char *i;
int r;
if (arg_oci_bundle)
@ -4615,7 +4615,19 @@ static int load_settings(void) {
if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
return 0;
fn = strjoina(arg_machine, ".nspawn");
/* In ephemeral mode we append '-' and a random 16 characters string to the image name, so fixed
* config files are no longer matched. Ignore the random suffix for the purpose of finding files. */
if (arg_ephemeral) {
fn = strdup(arg_machine);
if (!fn)
return log_oom();
assert(strlen(fn) > 17); /* Should end with -XXXXXXXXXXXXXXXX */
strcpy(fn + strlen(fn) - 17, ".nspawn");
} else {
fn = strjoin(arg_machine, ".nspawn");
if (!fn)
return log_oom();
}
/* We first look in the admin's directories in /etc and /run */
FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {

View File

@ -120,6 +120,23 @@ function check_selinux {
systemd-nspawn "${SUSE_OPTS[@]}" --register=no -b -D /testsuite-13.nc-container --selinux-apifs-context=system_u:object_r:container_file_t:s0:c0,c1 --selinux-context=system_u:system_r:container_t:s0:c0,c1
}
function check_ephemeral_config {
# https://github.com/systemd/systemd/issues/13297
local _cmd='test -f /tmp/ephemeral-config'
mkdir -p /run/systemd/nspawn/
cat >/run/systemd/nspawn/testsuite-13.nc-container.nspawn <<EOF
[Files]
BindReadOnly=/tmp/ephemeral-config
EOF
touch /tmp/ephemeral-config
# /testsuite-13.nc-container is prepared by test.sh
systemd-nspawn --register=no -D /testsuite-13.nc-container --ephemeral /bin/sh -x -c "$_cmd"
rm -f /run/systemd/nspawn/testsuite-13.nc-container.nspawn
}
function run {
if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then
printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2
@ -206,4 +223,6 @@ check_machinectl_bind
check_selinux
check_ephemeral_config
touch /testok