diff --git a/README b/README index e54c5d6efb8..8807e5cfe49 100644 --- a/README +++ b/README @@ -69,11 +69,10 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork= and PrivateDevices= in service units: + Required for PrivateNetwork= in service units: CONFIG_NET_NS - CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use - PrivateNetwork and PrivateDevices so this is effectively required. + PrivateNetwork so this is effectively required. Required for PrivateUsers= in service units: CONFIG_USER_NS @@ -119,6 +118,9 @@ REQUIREMENTS: isn't. The next best thing is to make this change through a modprobe.d drop-in. This is shipped by default, see modprobe.d/systemd.conf. + Required for systemd-nspawn: + CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7 + Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make sure to either turn off auditing at diff --git a/src/core/namespace.c b/src/core/namespace.c index e1a9d7a92dc..e030a575973 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -525,7 +525,7 @@ static int clone_device_node(const char *d, const char *temporary_mount) { if (r < 0) return log_debug_errno(errno, "mknod failed for %s: %m", d); - return 0; + return 1; } static int mount_private_dev(MountEntry *m) { @@ -582,12 +582,12 @@ static int mount_private_dev(MountEntry *m) { } } else { r = clone_device_node("/dev/ptmx", temporary_mount); - if (r < 0) + if (r != 1) goto fail; } devshm = strjoina(temporary_mount, "/dev/shm"); - (void) mkdir(devshm, 01777); + (void) mkdir(devshm, 0755); r = mount("/dev/shm", devshm, NULL, MS_BIND, NULL); if (r < 0) { r = -errno;