mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
nspawn: don't make /proc/kmsg node too special
Similar to the previous commit, let's just use our regular calls for managing temporary nodes take care of this.
This commit is contained in:
parent
cdde6ba6b6
commit
9ec5a93c98
@ -1666,26 +1666,32 @@ static int setup_keyring(void) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int setup_kmsg(int kmsg_socket) {
|
static int setup_kmsg(int kmsg_socket) {
|
||||||
const char *from, *to;
|
_cleanup_(unlink_and_freep) char *from = NULL;
|
||||||
|
_cleanup_free_ char *fifo = NULL;
|
||||||
|
_cleanup_close_ int fd = -1;
|
||||||
_cleanup_umask_ mode_t u;
|
_cleanup_umask_ mode_t u;
|
||||||
int fd, r;
|
const char *to;
|
||||||
|
int r;
|
||||||
|
|
||||||
assert(kmsg_socket >= 0);
|
assert(kmsg_socket >= 0);
|
||||||
|
|
||||||
u = umask(0000);
|
u = umask(0000);
|
||||||
|
|
||||||
/* We create the kmsg FIFO as /run/kmsg, but immediately
|
/* We create the kmsg FIFO as as temporary file in /tmp, but immediately delete it after bind mounting it to
|
||||||
* delete it after bind mounting it to /proc/kmsg. While FIFOs
|
* /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves
|
||||||
* on the reading side behave very similar to /proc/kmsg,
|
* differently from /dev/kmsg in that writing blocks when nothing is reading. In order to avoid any problems
|
||||||
* their writing side behaves differently from /dev/kmsg in
|
* with containers deadlocking due to this we simply make /dev/kmsg unavailable to the container. */
|
||||||
* that writing blocks when nothing is reading. In order to
|
|
||||||
* avoid any problems with containers deadlocking due to this
|
r = tempfn_random_child(NULL, "proc-kmsg", &fifo);
|
||||||
* we simply make /dev/kmsg unavailable to the container. */
|
if (r < 0)
|
||||||
from = "/run/kmsg";
|
return log_error_errno(r, "Failed to generate kmsg path: %m");
|
||||||
|
|
||||||
|
if (mkfifo(fifo, 0600) < 0)
|
||||||
|
return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
|
||||||
|
|
||||||
|
from = TAKE_PTR(fifo);
|
||||||
to = "/proc/kmsg";
|
to = "/proc/kmsg";
|
||||||
|
|
||||||
if (mkfifo(from, 0600) < 0)
|
|
||||||
return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
|
|
||||||
r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL);
|
r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -1694,17 +1700,11 @@ static int setup_kmsg(int kmsg_socket) {
|
|||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return log_error_errno(errno, "Failed to open fifo: %m");
|
return log_error_errno(errno, "Failed to open fifo: %m");
|
||||||
|
|
||||||
/* Store away the fd in the socket, so that it stays open as
|
/* Store away the fd in the socket, so that it stays open as long as we run the child */
|
||||||
* long as we run the child */
|
|
||||||
r = send_one_fd(kmsg_socket, fd, 0);
|
r = send_one_fd(kmsg_socket, fd, 0);
|
||||||
safe_close(fd);
|
|
||||||
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to send FIFO fd: %m");
|
return log_error_errno(r, "Failed to send FIFO fd: %m");
|
||||||
|
|
||||||
/* And now make the FIFO unavailable as /run/kmsg... */
|
|
||||||
(void) unlink(from);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user