shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 16:59:03 +03:00
Code

nspawn: don't make /proc/kmsg node too special

Browse Source 
Similar to the previous commit, let's just use our regular calls for
managing temporary nodes take care of this.
This commit is contained in:
Lennart Poettering 2018-04-30 21:22:41 +02:00
parent cdde6ba6b6
commit 9ec5a93c98
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/nspawn/nspawn.c
View File

@ -1666,26 +1666,32 @@ static int setup_keyring(void) {
} }
static int setup_kmsg(int kmsg_socket) { static int setup_kmsg(int kmsg_socket) {
const char *from, *to; _cleanup_(unlink_and_freep) char *from = NULL;
_cleanup_free_ char *fifo = NULL;
_cleanup_close_ int fd = -1;
_cleanup_umask_ mode_t u; _cleanup_umask_ mode_t u;
int fd, r; const char *to;
int r;
assert(kmsg_socket >= 0); assert(kmsg_socket >= 0);
u = umask(0000); u = umask(0000);
/* We create the kmsg FIFO as /run/kmsg, but immediately /* We create the kmsg FIFO as as temporary file in /tmp, but immediately delete it after bind mounting it to
* delete it after bind mounting it to /proc/kmsg. While FIFOs * /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves
* on the reading side behave very similar to /proc/kmsg, * differently from /dev/kmsg in that writing blocks when nothing is reading. In order to avoid any problems
* their writing side behaves differently from /dev/kmsg in * with containers deadlocking due to this we simply make /dev/kmsg unavailable to the container. */
* that writing blocks when nothing is reading. In order to
* avoid any problems with containers deadlocking due to this r = tempfn_random_child(NULL, "proc-kmsg", &fifo);
* we simply make /dev/kmsg unavailable to the container. */ if (r < 0)
from = "/run/kmsg"; return log_error_errno(r, "Failed to generate kmsg path: %m");
if (mkfifo(fifo, 0600) < 0)
return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
from = TAKE_PTR(fifo);
to = "/proc/kmsg"; to = "/proc/kmsg";
if (mkfifo(from, 0600) < 0)
return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL); r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL);
if (r < 0) if (r < 0)
return r; return r;
@ -1694,17 +1700,11 @@ static int setup_kmsg(int kmsg_socket) {
if (fd < 0) if (fd < 0)
return log_error_errno(errno, "Failed to open fifo: %m"); return log_error_errno(errno, "Failed to open fifo: %m");
/* Store away the fd in the socket, so that it stays open as /* Store away the fd in the socket, so that it stays open as long as we run the child */
* long as we run the child */
r = send_one_fd(kmsg_socket, fd, 0); r = send_one_fd(kmsg_socket, fd, 0);
safe_close(fd);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to send FIFO fd: %m"); return log_error_errno(r, "Failed to send FIFO fd: %m");
/* And now make the FIFO unavailable as /run/kmsg... */
(void) unlink(from);
return 0; return 0;
} }