shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 09:56:51 +03:00
Code

core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx

Browse Source 
#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849

Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.

No specific justification was given for blocking mknod of /dev/ptmx.  Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.
This commit is contained in:
Alan Jenkins 2018-01-18 12:07:31 +00:00
parent 1aaadf859b
commit 5a7f87a9e0
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/core/cgroup.c
View File

@ -978,7 +978,7 @@ static void cgroup_context_apply(
"/dev/random\0" "rwm\0" "/dev/random\0" "rwm\0"
"/dev/urandom\0" "rwm\0" "/dev/urandom\0" "rwm\0"
"/dev/tty\0" "rwm\0" "/dev/tty\0" "rwm\0"
"/dev/pts/ptmx\0" "rw\0" /* /dev/pts/ptmx may not be duplicated, but accessed */ "/dev/ptmx\0" "rwm\0"
/* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */ /* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */
"-/run/systemd/inaccessible/chr\0" "rwm\0" "-/run/systemd/inaccessible/chr\0" "rwm\0"
"-/run/systemd/inaccessible/blk\0" "rwm\0"; "-/run/systemd/inaccessible/blk\0" "rwm\0";
@ -988,6 +988,7 @@ static void cgroup_context_apply(
NULSTR_FOREACH_PAIR(x, y, auto_devices) NULSTR_FOREACH_PAIR(x, y, auto_devices)
whitelist_device(path, x, y); whitelist_device(path, x, y);
/* PTS (/dev/pts) devices may not be duplicated, but accessed */
whitelist_major(path, "pts", 'c', "rw"); whitelist_major(path, "pts", 'c', "rw");
} }