nspawn: add log message to let users know that nspawn needs an empty /dev directory (#4226)

Fixes https://github.com/systemd/systemd/issues/3695 At the same time it adds a protection against userns chown of inodes of a shared mount point.
author: Djalal Harouni <tixxdz@opendz.org> 2016-10-05 06:57:02 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-10-05 06:57:02 +0200
commit: 41eb436265684080c601bff392ba6da1789639a2 (patch)
tree: 69eb755e073b55a4d8b2c05bcff85883b27905ba /src/nspawn
parent: d4c08299f2e2a97f23f619cd564e5ac8f1505e0e (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index a5d5180727..9a8274c8de 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1395,6 +1395,12 @@ static int copy_devnodes(const char *dest) {
 
                 } else {
                         if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+                                /*
+                                 * This is some sort of protection too against
+                                 * recursive userns chown on shared /dev/
+                                 */
+                                if (errno == EEXIST)
+                                        log_notice("%s/dev/ should be an empty directory", dest);
                                 if (errno != EPERM)
                                         return log_error_errno(errno, "mknod(%s) failed: %m", to);
author	Djalal Harouni <tixxdz@opendz.org>	2016-10-05 06:57:02 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-10-05 06:57:02 +0200
commit	41eb436265684080c601bff392ba6da1789639a2 (patch)
tree	69eb755e073b55a4d8b2c05bcff85883b27905ba /src/nspawn
parent	d4c08299f2e2a97f23f619cd564e5ac8f1505e0e (diff)