summaryrefslogtreecommitdiff
path: root/src/nspawn
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-11-30 16:36:46 +0100
committerLennart Poettering <lennart@poettering.net>2013-11-30 16:36:46 +0100
commit9bd37b40fac198fee2ff4eabc8793f1a7f2770fe (patch)
tree34a776ca63ad35e2dbf8d315a2d56c6f2bee6c52 /src/nspawn
parent3310dfd5bdba0e8218eca1eb6c1fa719adc45bb1 (diff)
nspawn: set up a kdbus namespace when starting a container
Diffstat (limited to 'src/nspawn')
-rw-r--r--src/nspawn/nspawn.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index cd757c497b..dd7337bc91 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -61,6 +61,7 @@
#include "bus-util.h"
#include "bus-error.h"
#include "ptyfwd.h"
+#include "bus-kernel.h"
#ifndef TTY_GID
#define TTY_GID 5
@@ -927,6 +928,26 @@ static int setup_journal(const char *directory) {
return 0;
}
+static int setup_kdbus(const char *dest, const char *path) {
+ const char *p;
+
+ if (!path)
+ return 0;
+
+ p = strappenda(dest, "/dev/kdbus");
+ if (mkdir(p, 0755) < 0) {
+ log_error("Failed to create kdbus path: %m");
+ return -errno;
+ }
+
+ if (mount(path, p, "bind", MS_BIND, NULL) < 0) {
+ log_error("Failed to mount kdbus namespace path: %m");
+ return -errno;
+ }
+
+ return 0;
+}
+
static int drop_capabilities(void) {
return capability_bounding_set_drop(~arg_retain, false);
}
@@ -1032,12 +1053,13 @@ static bool audit_enabled(void) {
int main(int argc, char *argv[]) {
pid_t pid = 0;
int r = EXIT_FAILURE, k;
- _cleanup_close_ int master = -1;
+ _cleanup_close_ int master = -1, kdbus_fd = -1;
int n_fd_passed;
const char *console = NULL;
sigset_t mask;
_cleanup_close_pipe_ int kmsg_socket_pair[2] = { -1, -1 };
_cleanup_fdset_free_ FDSet *fds = NULL;
+ _cleanup_free_ char *kdbus_namespace = NULL;
log_parse_environment();
log_open();
@@ -1138,6 +1160,12 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ kdbus_fd = bus_kernel_create_namespace(arg_machine, &kdbus_namespace);
+ if (r < 0)
+ log_debug("Failed to create kdbus namespace: %s", strerror(-r));
+ else
+ log_debug("Successfully created kdbus namespace as %s", kdbus_namespace);
+
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
log_error("Failed to create kmsg socket pair.");
goto finish;
@@ -1289,6 +1317,9 @@ int main(int argc, char *argv[]) {
if (mount_binds(arg_directory, arg_bind_ro, MS_RDONLY) < 0)
goto child_fail;
+ if (setup_kdbus(arg_directory, kdbus_namespace) < 0)
+ goto child_fail;
+
if (chdir(arg_directory) < 0) {
log_error("chdir(%s) failed: %m", arg_directory);
goto child_fail;