summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-04-22 00:32:13 +0200
committerLennart Poettering <lennart@poettering.net>2012-04-22 00:32:53 +0200
commitf1e5dfe2c065670e0dac63c7bb2dd82fe820e2ab (patch)
tree235768b05dcc8445180e91fa321a1310bc421570
parent461282d52a980bc5800307a24070d275a66e3d07 (diff)
nspawn: make /dev/kmsg unavailable in the container, but allow access to /proc/kmsg
-rw-r--r--Makefile.am1
-rw-r--r--src/nspawn/nspawn.c10
2 files changed, 10 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am
index a2087820e7..22a04d4a1b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3123,7 +3123,6 @@ systemd-install-data-hook:
$(LN_S) ../system-services/org.freedesktop.systemd1.service org.freedesktop.systemd1.service )
if HAVE_PLYMOUTH
$(MKDIR_P) -m 0755 \
- $(DESTDIR)$(SYSTEM_SYSVINIT_PATH) \
$(DESTDIR)$(systemunitdir)/reboot.target.wants \
$(DESTDIR)$(systemunitdir)/kexec.target.wants \
$(DESTDIR)$(systemunitdir)/poweroff.target.wants \
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 90c8b94248..71cdd3f39f 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -394,6 +394,13 @@ static int setup_kmsg(const char *dest, int kmsg_socket) {
u = umask(0000);
+ /* We create the kmsg FIFO as /dev/kmsg, but immediately
+ * delete it after bind mounting it to /proc/kmsg. While FIFOs
+ * on the reading side behave very similar to /proc/kmsg,
+ * their writing side behaves differently from /dev/kmsg in
+ * that writing blocks when nothing is reading. In order to
+ * avoid any problems with containers deadlocking due to this
+ * we simply make /dev/kmsg unavailable to the container. */
if (asprintf(&from, "%s/dev/kmsg", dest) < 0) {
log_error("Out of memory");
r = -ENOMEM;
@@ -456,6 +463,9 @@ static int setup_kmsg(const char *dest, int kmsg_socket) {
goto finish;
}
+ /* And now make the FIFO unavailable as /dev/kmsg... */
+ unlink(from);
+
finish:
free(from);
free(to);