shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

nspawn: allow using kdbus from nspawn containers

Browse Source
This commit is contained in:
Lennart Poettering 2014-03-11 17:43:00 +01:00
parent e41969e3d1
commit a07f961e98
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/nspawn/nspawn.c
View File

@ -1258,7 +1258,7 @@ static int register_machine(pid_t pid) {
return r;
}
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 8,
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 10,
/* Allow the container to
* access and create the API
* device nodes, so that
@ -1277,7 +1277,18 @@ static int register_machine(pid_t pid) {
* container to ever create
* these device nodes. */
"/dev/pts/ptmx", "rw",
"char-pts", "rw");
"char-pts", "rw",
/* Allow the container
* access to all kdbus
* devices. Again, the
* container cannot create
* these nodes, only use
* them. We use a pretty
* open match here, so that
* the kernel API can still
* change. */
"char-kdbus", "rw",
"char-kdbus/*", "rw");
if (r < 0) {
log_error("Failed to add device whitelist: %s", strerror(-r));
return r;