1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

Merge pull request #34336 from yuwata/nspawn-fuse-follow-ups

nspawn: follow-ups for FUSE support
This commit is contained in:
Yu Watanabe 2024-09-10 14:32:09 +09:00 committed by GitHub
commit 214c2508f3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 2 additions and 5 deletions

View File

@ -43,7 +43,7 @@ static int append_machine_properties(
return bus_log_create_error(r); return bus_log_create_error(r);
if (enable_fuse) { if (enable_fuse) {
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1, r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
"/dev/fuse", "rw"); "/dev/fuse", "rwm");
if (r < 0) if (r < 0)
return bus_log_create_error(r); return bus_log_create_error(r);
} }

View File

@ -2208,7 +2208,7 @@ static bool should_enable_fuse(void) {
if (r < 0) { if (r < 0) {
if (ERRNO_IS_NEG_DEVICE_ABSENT(r)) if (ERRNO_IS_NEG_DEVICE_ABSENT(r))
log_debug_errno(r, "Disabling FUSE: FUSE appears to be disabled on the host: %m"); log_debug_errno(r, "Disabling FUSE: FUSE appears to be disabled on the host: %m");
else if (r == -ENOSYS) else if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
log_debug_errno(r, "Disabling FUSE: Kernel does not support the fsopen() family of syscalls: %m"); log_debug_errno(r, "Disabling FUSE: Kernel does not support the fsopen() family of syscalls: %m");
else else
log_warning_errno(r, "Disabling FUSE: Failed to determine FUSE version: %m"); log_warning_errno(r, "Disabling FUSE: Failed to determine FUSE version: %m");

View File

@ -36,9 +36,6 @@ TasksMax=16384
DevicePolicy=closed DevicePolicy=closed
DeviceAllow=/dev/net/tun rwm DeviceAllow=/dev/net/tun rwm
DeviceAllow=char-pts rw DeviceAllow=char-pts rw
{# /dev/fuse gets 'm' here even though it doesn't in nspawn-register.c, since
# efedb6b0f3 (nspawn: refuse to bind mount device node from host when
# --private-users= is specified, 2024-09-05) #}
DeviceAllow=/dev/fuse rwm DeviceAllow=/dev/fuse rwm
# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement # nspawn itself needs access to /dev/loop-control and /dev/loop, to implement